TYPO3 Security Basics

490 views
434 views

Published on

Basics for your TYPO3 Installation for configuration, access restriction and monitoring: Examples for your TYPO3 localconf.php file, Examples for monitoring in TYPO3. A List of recommended TYPO3 Extensions and possible external Tools for monitoring.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
490
On SlideShare
0
From Embeds
0
Number of Embeds
20
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TYPO3 Security Basics

  1. 1. Marketing Factory Consulting GmbH – Alle Rechte vorbehalten – © 2013 Secure your TYPO3 Installations Ingo Schmitt Marketing Factory Consulting GmbH 2
  2. 2. TYPO3 Sail 2014 Ingo Schmitt CTO, BCC TYPO3 Association lifetime photoshop ban @ischmitt blog.marketing-factory.de
  3. 3. Photo by Micah Taylor, Creative Commons
  4. 4. Is your Installation secure?
  5. 5. Have you been hacked?
  6. 6. Have you been hacked? Sure?
  7. 7. Security Basics configure proper restrict access monitor system
  8. 8. #TYPO3 Basics configure proper Use salted passwords ! Use own names for accounts!
  9. 9. #TYPO3 Basics configure proper $TYPO3_CONF_VARS['SYS']['devIPmask'] = ''; $TYPO3_CONF_VARS['SYS']['sqlDebug'] = '0'; $TYPO3_CONF_VARS['SYS']['enableDeprecationLog'] = '0'; $TYPO3_CONF_VARS['SYS']['displayErrors'] = '0'; $TYPO3_CONF_VARS['SYS']['enable_errorDLOG'] = '0'; $TYPO3_CONF_VARS['SYS']['enable_exceptionDLOG'] = '0'; $TYPO3_CONF_VARS['FE']['debug'] = '0';
  10. 10. #TYPO3 Basics restrict access limit „admin“ Accounts to real Admins configure user accounts proper
  11. 11. #TYPO3 Basics monitor system $TYPO3_CONF_VARS['BE']['warning_email_addr'] = 'warning@marketing-factory.de';
  12. 12. #TYPO3 Basics monitor system $TYPO3_CONF_VARS['BE']['warning_email_addr'] = 'warning@marketing-factory.de';
  13. 13. #TYPO3 Extensions configure proper be_secure_pw
  14. 14. #TYPO3 Extensions restrict access beuser_iprange
  15. 15. #TYPO3 Extensions monitor system caretaker -> password check
  16. 16. #TYPO3 Extensions Prevent DOS: mfc_belogin_captcha
  17. 17. #TYPO3 Extensions Prevent DOS: mfc_belogin_captcha
  18. 18. External monitor system fail2ban graylog http://www.illutzminator.de/typo3- fail2ban.html?&L=1 http://forge.typo3.org/issues/51803
  19. 19. Your Ideas?
  20. 20. 26 Contact Marketing Factory Consulting GmbH Marienstraße 14 40212 Düsseldorf Tel +49 (0)211 / 36 11 76 - 0 Tel +49 (0)211 / 36 11 76 - 99 is@marketing-factory.de www.marketing-factory.de
  21. 21. 10.04.2013Marketing Factory Consulting GmbH – Alle Rechte vorbehalten – © 2013 Disclaimer Disclaimer Alle im vorliegenden Konzept präsentierten Ansätze und Ideen sind ausschließlich für den Auftraggeber bestimmt. Das Konzept und das Recht zur Nutzung bleibt Eigentum von Marketing Factory Consulting. Die Verwertung, Vervielfältigung, Nachbildung und Verbreitung der Konzeption ist nur mit Zustimmung zulässig. Werden die Ideen nicht verwertet, dann ist Marketing Factory Consulting berechtigt, die Inhalte ganz oder teilweise für andere Zwecke einzusetzen. © Marketing Factory Consulting GmbH 2013

×