Hardening Plone, a military-strength CMS

3,215 views

Published on

Talk given by Kim Chee Leong and Kees Hink at the 2009 Plone Conference in Budapest (PloneConf2009)

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,215
On SlideShare
0
From Embeds
0
Number of Embeds
788
Actions
Shares
0
Downloads
30
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Hardening Plone, a military-strength CMS

  1. 1. Hardening Plone A Military-Strength CMS
  2. 2. Hardening Plone Hardening the Plone stack A Military-Strength CMS A Military-Strength CMS and its infrastructure 2
  3. 3. Class rules ● Feel free to ask questions 3
  4. 4. About us ● Kees Hink ● Plone developer since January 2008 ● Kim Chee Leong ● Plone developer since May 2007 4
  5. 5. Introduction ● This talk is about: ● Making the Plone stack even more secure ● Not much about Plone itself ● How to get others to acknowledge that it's secure ● For who? ● New to Plone ● Marketing ● Developers 5
  6. 6. Overview of sections ● Why security? ● Our use case ● Plone ● Infrastructure ● Audits (and feedback) 6
  7. 7. The internet is evil ● Have to protect against: ● Cross site scripting ● Unencrypted connections ● Spoofing ● Password cracking ● Mail interception ● Server hacking ● SQL injection 7
  8. 8. SQL Injection Comic by XKCD: http://xkcd.com/327/ 8
  9. 9. Our use case ● Two portals: ● Plone as a DMS for online collaboration – Largely standard Plone – Alternative to Sharepoint – Sensitive data ● Plone as a user friendly file upload system – Document upload by suppliers – User friendly upload 9
  10. 10. Security of default Plone ● Plone (Zope) is pretty secure by default ● Quantitative comparison: – Track number of hits on Google – See nr. of vulnerabilities in the National Vulnerability Database ● Qualititative comparison: – See article “security overview of plone” on plone.org 10
  11. 11. Small Plone modifications ● Disable self- registration ● Workflow + permissions ● Additional Products – Aagje (activity log) – LoginLockout 11
  12. 12. How to protect? ● Let's start with a secure location 12
  13. 13. Infrastructure ● Secure hosting ● Trusted hosting partner ● Secure hosting ● Dedicated servers ● Operating system ● Security updates ● Company procedures ● Who has access? 13
  14. 14. ● Only HTTPS port is opened to the internet ● VPN-only access for all except HTTPS 14
  15. 15. Infrastructure: OS ● Modifications on Debian Linux to enhance security – Different system user for each Zope instance – Regular security update – Tighten filesystem permissions 15
  16. 16. Infrastructure: Web server ● Apache – HTTPS – Get an SSL certificate (Thawte, VeriSign) – No rewrite rule for Zope root – Keep log files 16
  17. 17. SSL certificate 17
  18. 18. Just to keep your attention 18 http://xkcd.com
  19. 19. Audits ● Document your procedures ● We are using parts of ITIL ● Get audits ● Technical audit ● Process audit 19
  20. 20. Technical security audit ● Done by 3rd party ● They have a checklist ● They report back in a structured way ● Black box audit ● From outside, on Plone portal ● Crystal box audit ● On server, with root access ● Check user permissions, etc. 20
  21. 21. Recommendations for Plone ● Plone itself is pretty secure ● Modifications: ● Quota (file upload limit) ● Cookie settings (HTTPOnly, Secure), fixed with Apache ● And, of course: ● disable self-registration, check workflow, permissions, use LoginLockout 21
  22. 22. Recommendations outside Plone ● Modifications: ● Use HTTPS only (no redirects from HTTP) ● Paranoid user permission restrictions ● Caching header control ● And, of course: ● secure hosting, VPN, security updates, etc. 22
  23. 23. Technical audit final result ● We implemented these recommendations for the next audit, which was tested again and approved: 23
  24. 24. Process security audit ● Done by our client's accountants ● Check processes: ● Talk about our server management documents (esp. security-related) ● Talk about certification of hosting partner ● Talk to technical auditing party ● Talk to us, again... 24
  25. 25. Recommendations for Plone ● Confidentiality and user agreement 25
  26. 26. Process audit final result ● We passed! 26 Image by Getty images
  27. 27. Wrapping up ● Done: ● Think about how to secure our existing setup even more ● Have specialists check our setup + procedures ● Implement their recommendations ● Result: Plone is officially 100% secure. 27
  28. 28. Remaining questions? 28

×