Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hardening Plone, a military-strength CMS

3,330 views

Published on

Talk given by Kim Chee Leong and Kees Hink at the 2009 Plone Conference in Budapest (PloneConf2009)

Published in: Technology
  • Be the first to comment

Hardening Plone, a military-strength CMS

  1. 1. Hardening Plone A Military-Strength CMS
  2. 2. Hardening Plone Hardening the Plone stack A Military-Strength CMS A Military-Strength CMS and its infrastructure 2
  3. 3. Class rules ● Feel free to ask questions 3
  4. 4. About us ● Kees Hink ● Plone developer since January 2008 ● Kim Chee Leong ● Plone developer since May 2007 4
  5. 5. Introduction ● This talk is about: ● Making the Plone stack even more secure ● Not much about Plone itself ● How to get others to acknowledge that it's secure ● For who? ● New to Plone ● Marketing ● Developers 5
  6. 6. Overview of sections ● Why security? ● Our use case ● Plone ● Infrastructure ● Audits (and feedback) 6
  7. 7. The internet is evil ● Have to protect against: ● Cross site scripting ● Unencrypted connections ● Spoofing ● Password cracking ● Mail interception ● Server hacking ● SQL injection 7
  8. 8. SQL Injection Comic by XKCD: http://xkcd.com/327/ 8
  9. 9. Our use case ● Two portals: ● Plone as a DMS for online collaboration – Largely standard Plone – Alternative to Sharepoint – Sensitive data ● Plone as a user friendly file upload system – Document upload by suppliers – User friendly upload 9
  10. 10. Security of default Plone ● Plone (Zope) is pretty secure by default ● Quantitative comparison: – Track number of hits on Google – See nr. of vulnerabilities in the National Vulnerability Database ● Qualititative comparison: – See article “security overview of plone” on plone.org 10
  11. 11. Small Plone modifications ● Disable self- registration ● Workflow + permissions ● Additional Products – Aagje (activity log) – LoginLockout 11
  12. 12. How to protect? ● Let's start with a secure location 12
  13. 13. Infrastructure ● Secure hosting ● Trusted hosting partner ● Secure hosting ● Dedicated servers ● Operating system ● Security updates ● Company procedures ● Who has access? 13
  14. 14. ● Only HTTPS port is opened to the internet ● VPN-only access for all except HTTPS 14
  15. 15. Infrastructure: OS ● Modifications on Debian Linux to enhance security – Different system user for each Zope instance – Regular security update – Tighten filesystem permissions 15
  16. 16. Infrastructure: Web server ● Apache – HTTPS – Get an SSL certificate (Thawte, VeriSign) – No rewrite rule for Zope root – Keep log files 16
  17. 17. SSL certificate 17
  18. 18. Just to keep your attention 18 http://xkcd.com
  19. 19. Audits ● Document your procedures ● We are using parts of ITIL ● Get audits ● Technical audit ● Process audit 19
  20. 20. Technical security audit ● Done by 3rd party ● They have a checklist ● They report back in a structured way ● Black box audit ● From outside, on Plone portal ● Crystal box audit ● On server, with root access ● Check user permissions, etc. 20
  21. 21. Recommendations for Plone ● Plone itself is pretty secure ● Modifications: ● Quota (file upload limit) ● Cookie settings (HTTPOnly, Secure), fixed with Apache ● And, of course: ● disable self-registration, check workflow, permissions, use LoginLockout 21
  22. 22. Recommendations outside Plone ● Modifications: ● Use HTTPS only (no redirects from HTTP) ● Paranoid user permission restrictions ● Caching header control ● And, of course: ● secure hosting, VPN, security updates, etc. 22
  23. 23. Technical audit final result ● We implemented these recommendations for the next audit, which was tested again and approved: 23
  24. 24. Process security audit ● Done by our client's accountants ● Check processes: ● Talk about our server management documents (esp. security-related) ● Talk about certification of hosting partner ● Talk to technical auditing party ● Talk to us, again... 24
  25. 25. Recommendations for Plone ● Confidentiality and user agreement 25
  26. 26. Process audit final result ● We passed! 26 Image by Getty images
  27. 27. Wrapping up ● Done: ● Think about how to secure our existing setup even more ● Have specialists check our setup + procedures ● Implement their recommendations ● Result: Plone is officially 100% secure. 27
  28. 28. Remaining questions? 28

×