SlideShare a Scribd company logo

Alfresco Security Best Practices 2014

Toni de la Fuente
Toni de la Fuente

The document discusses Alfresco security best practices. It covers topics such as hardening the network and operating system, implementing firewall rules, assessing vulnerabilities, and compliance with standards. Best practices for the Alfresco implementation include staying current with patches, enforcing strong permissions, and deleting content when it is removed. The document provides an overview of security considerations for the Alfresco architecture, mobile access, and other deployment aspects.

Technology
1 of 36
Download to read offline
Alfresco Security Best Practices Toni de la Fuente! Principal Solutions Engineer toni.delafuente@alfresco.com @ToniBlyx – blyx.com #AlfrescoSecurity
“Some&mes, you have to demo a threat to spark a solu&on” Barnaby Jack, 1977-­‐2013
How to solve all your problems: @ToniBlyx #AlfrescoSecurity UPGRADE!!
That’s all folks! THANKS @ToniBlyx #AlfrescoSecurity
Agenda • Demo • Alfresco Security Policy • Elements • External Threats • Vulnerabilities Assessment • Network and Operating System • Implementation Best Practices • Architecture • Mobile • Compliance and Standards
The Guide • Alfresco Security Best Practices Guide! • https://my.alfresco.com/ share/s/ 85CnNsR0ROaSV0Bwm KWncg @ToniBlyx #AlfrescoSecurity
User Adoption Security!Open, Modern @ToniBlyx #AlfrescoSecurity Architecture! SIMPLE/CONNECTED Integral support for mobile workers and external partners, interface built with the end user in mind vs. IT, seamlessly integrated with today’s most common productivity tools CONTROLLED Enterprise-grade security, easy compliance policy definition and enforcement, fully compliant SIMPLE/SMART/CONNECTED Enterprise-grade, hybrid, open-source, flexible architecture that meets today’s IT demands Open integration interface, ease of administration, allow IT org to integrate with other LOB applications, support for open standards Alfresco Value Pillars Content Encryption Records Mgmt. MDM Certification
Alfresco Security Policy • Issues Discovery! • Security Notifications! • Severity Levels! • High • Medium • Low • Reporting a Security Issue to us! • support@alfresco.com @ToniBlyx #AlfrescoSecurity
Alfresco Security Components: Deployment • People! • Process! • Alfresco application:! • Patches, HF, Upgrades, Features • JVM! • Operating System! • Firewall! @ToniBlyx #AlfrescoSecurity • Network configuration! • Virtualization infrastructure! • Network infrastructure! • Physical infrastructure! • Physical security! • Facilities!
AWS Shared Security Model, A Good Reference @ToniBlyx #AlfrescoSecurity
Multiple External Threats 1 Discovery, gathering information and information leaks:! • Search tools • Google, Bing, Shodan • Gathering info • FOCA, metagoofil, theharvester, maltego • Manual discovery • Nmap, others @ToniBlyx #AlfrescoSecurity Protection:! • IDS • Banner • Filter access to resources • Clean metadata
Multiple External Threats 2 Brute force user and password or dictionary attacks:! • Online tools • Hydra • Metasploit @ToniBlyx #AlfrescoSecurity Protection:! • IDS • Password rotation • Password strength policy • Error login threshold • Prevent DoS
Multiple External Threats 3 Man In the Middle Attacks: and DDoS/DoS:! • Multiple ways • Complex to protect @ToniBlyx #AlfrescoSecurity Protection:! • Architecture design • Encryption • Certificate strenght • Firewalls (network, host and application level) • IDS/IPS • AlfViral • Corporate-Network solutions – ATP • Monitoring Viruses:! • Content • All tiers
Source of Vulnerabilities Public Sources! • CVE-2014-0050: Apache Commons FileUpload • CVE-2014-0125: Moodle • Bugtraq ID 37578: Joomla @ToniBlyx #AlfrescoSecurity Internal Sources! • *MNT-11793: SSRF, port scanning • CVE-2014-2939: XSS • MNT-10540: Share remote execution • *MNT-10539: Xerces / POI
Hardening Network and Operating System @ToniBlyx #AlfrescoSecurity
Network and Operating System • Network! • Firewalls, IDS, IPS, APT, Web Application Firewalls, Antiviruses, DDoS/DoS protection devices. • OS! • RedHat, Ubuntu, Suse • Solaris • Windows Server @ToniBlyx #AlfrescoSecurity • File permissions! • alfresco-global. properties • dir_root/contentstore • dir_root/solr • dir_root/lucene-indexes • Minimum privileges! • Port redirect!
Firewall: Inbound ports Protocol/Service, Port, TCP/UDP, IN/OUT, Active, Comments, HTTP, 8080# TCP# IN# Yes# WebDav#included# FTP, 21# TCP# IN# Yes# Passive#mode# SMTP, 25# TCP# IN# No# # CIFS, 137,138# UDP# IN# Yes# # CIFS, 139,445# TCP# IN# Yes# # IMAP, 143# or# @ToniBlyx #AlfrescoSecurity 993# TCP# IN# No# # SharePoint,,Protocol, 7070# TCP# IN# Yes# # Tomcat,Admin, 8005# TCP# IN# Yes# Unless#is#necessary,#do#not#open#this#port#at#the# firewall# Tomcat,AJP, 8009# TCP# IN# Yes# Unless#is#necessary,#do#not#open#this#port#at#the# firewall# SOLR,Admin, 8443# TCP# IN# Yes# If#used#to#admin#Solr,#cert#has#to#be#installed#in# browser.#Otherwise#take#it#in#to#account#in#case# of# using# a# dedicated# Index# Server,# Alfresco# repository#server#must#have#access#to#this#port# IN#and#OUT# NFS, 111,2049# TCP/UDP# IN# No# This#is#the#repository#service#NFS#as#VFS# RMI, 50500S 50507# TCP# IN# Yes# Used#for#JMX#management.#Unless#is#necessary,# do#not#open#this#port#at#the#firewall# Hazelcast, 5701# TCP# IN# No# Used# by# hazelcast# to# exchange# information# between#cluster#nodes#from#4.2## JGroups, 7800# TCP# IN# No# Cluster#discovery#between#nodes#before#4.2# JGroups, 7801S 7802# TCP# IN# No# Traffic# Ehcache# RMI# between# cluster# nodes# before#4.2.# OpenOffice/JODconverter, 8100# TCP# IN# Yes# It# works# in# localhost,# do# not# open# it# at# the# firewall# #
Firewall: Outbound ports @ToniBlyx #AlfrescoSecurity Protocol/Service, Port, TCP/UDP, IN/OUT, Active, Comments, SMTP, 25# TCP# OUT# No# If# you# want# Alfresco# to# send# notifications,# invitations,#tasks,#etc.#Open#this#port#from#Alfresco# to#your#corporate#MTA# DB,–,PostgreSQL, 5432# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,MySQL, 3306# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,MS,SQL,Server, 1433# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,Oracle, 1521# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,DB2, 50000# TCP# OUT# Yes*# It#depends#on#the#DB# LDAP,or,AD, 396# TCP# OUT# No# If#needed#for#authentication#and#synchronization# LDAPS,or,AD, 636# TCP# OUT# No# If#needed#for#authentication#and#synchronization# docs.google.com, 443# TCP# OUT# No# # JGroups, 7800P 7802# TCP# OUT# No# If#clustered#before#4.2,#only#between#nodes.# Hazelcast, 5701# TCP# IN# No# Used# by# hazelcast# to# exchange# information# between# cluster# nodes# from# 4.2,# only# between# nodes.# Remote,storage,NFS,, 111,2049# TCP/UDP# OUT# No# If#a#remote#NFS#drive#is#used#as#contentstore# Remote,storage,CIFS, 137,138# 139,145# UDP# TCP# OUT# No# If#a#remote#CIFS#drive#is#used#as#contentstore# Amazon,S3, 443# TCP# OUT# No# In#case#Alfresco#is#deployed#in#AWS#and#Amazon#S3# is#used#as#contentstore## Alfresco,Transformation, Server, 80,443# or# 8080,844 3# TCP# OUT# No# In#case#a#remote#Alfresco#Transformation#Server#is# used# Alfresco,FSTR, 8080# TCP# OUT# No# In# case# of# using# a# remote# Alfresco# File# System# Transfer#Receiver# Alfresco,Remote,Server, 8080# or# 8443# TCP# OUT# No# In# case# of# using# Alfresco# Replication# Service# between#Alfresco#servers# Kerberos, 88# TCP/UDP# OUT# No# In#case#Kerberos#SSO#is#required# Third,Party,SSO, 443# TCP# OUT# No# Third#party#SSO#services# DNS, 53# UDP# OUT# Yes# Name#resolution#service# Facebook,,Twitter,, LinkedIn,,Slideshare,, Youtube,,Flickr,,Wordpress, or,Typepad, 80#or#443# TCP# OUT# No# In# case# of# using#Alfresco# Publishing# Framework# or# Site#blog#publishing# #
Alfresco Implementation Best Practices @ToniBlyx #AlfrescoSecurity
Best Practices 1 • Stay current! • Service Packs, HF • Never run as root! • Switch to SSL! • HTTPS (Share, Webdav, API, etc.) • App Server, Web Server, Appliance • SharePoint Protocol • IMAPS • SMTP Inbound TLS • SMTP Outbound TLS @ToniBlyx #AlfrescoSecurity • FTPs • LDAPS connection • Consider Hazelcast or Jgroups / DB Connection • Permissions inheritance ! • Custom roles! • Review your logs! • Change JMX default credentials!
Best Practices 2 • Audit! • Enable it if needed • Easy to query audit records with curl • Easier in RM • Alfresco Support Tools! • Get to know connected users besides other tools @ToniBlyx #AlfrescoSecurity • Get to know how to reset admin password! • Control ticket session duration! • Disable unneeded services! • Disable guest user!
Best Practices: content deletion • Node deletion lifecycle! • Why is important? @ToniBlyx #AlfrescoSecurity
More about node deletion • Delete content when it is deleted! • Trashcan cleaner! • Records Management! • Wipe content! @ToniBlyx #AlfrescoSecurity
Alfresco Share Security • Cross-Site Request Fogery (CSRF) filters! • Clickjacking mitigation! • Iframes and phising attack mitigation! • Share HTML processing black/ white list! • Site creation control! @ToniBlyx #AlfrescoSecurity • Filter document actions by user or role! • Filter workflow by user or role! • Change default Share session timeout!
Architecture Best Practices 1 • Frontends! • Protect URLs • Apache, Nginx, HAProxy • /alfresco/service • /share/service • /alfresco/proxy • /alfresco/cmisbrowser @ToniBlyx #AlfrescoSecurity
Architecture Best Practices 2 @ToniBlyx #AlfrescoSecurity
Architecture Best Practices 3 @ToniBlyx #AlfrescoSecurity
@ToniBlyx #AlfrescoSecurity AWS sample
Backup and Disaster Recovery • White Paper! • http://slidesha.re/ 1o1HUY9 @ToniBlyx #AlfrescoSecurity
Mobile Security • File Protection! • Encryption when locked • HTTPS! • Certificate Authentication! • MDM! • Alfresco for Good (iOS) • MobileIron (Android) @ToniBlyx #AlfrescoSecurity • MDM next version! • Symantec Sealed (Android) • Citrix Worx • MobileIron (iOS)
Security Compliance & Standards • DoD5015.2! • OWASP! • Top 10 • HIPPA! • FISMA! • FedREMP! • ISO 27001! • PCI-DSS! @ToniBlyx #AlfrescoSecurity
Finally, a review: @ToniBlyx #AlfrescoSecurity
Alfresco Security Checklist @ToniBlyx #AlfrescoSecurity
List of Alfresco third party components @ToniBlyx #AlfrescoSecurity
Now… Yes! That’s all folks! Questions? Suggestions? Complaints? Beers? @ToniBlyx #AlfrescoSecurity
Thanks @ToniBlyx #AlfrescoSecurity Toni de la Fuente! Principal Solutions Engineer toni.delafuente@alfresco.com @ToniBlyx – blyx.com

Recommended

Alfresco Share - Recycle Bin Ideas
Alfresco Share - Recycle Bin IdeasAlfresco Share - Recycle Bin Ideas
Alfresco Share - Recycle Bin IdeasAlfrescoUE
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0
Angel Borroy López
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
Angel Borroy López
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Francesco Corti
 
Architectural changes in the repo in 6.1 and beyond
Architectural changes in the repo in 6.1 and beyondArchitectural changes in the repo in 6.1 and beyond
Architectural changes in the repo in 6.1 and beyond
Stefan Kopf
 
Alfresco node lifecyle, services and zones
Alfresco node lifecyle, services and zonesAlfresco node lifecyle, services and zones
Alfresco node lifecyle, services and zones
Sanket Mehta
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
Luis Cabaceira
 
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterpriseHow to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
Angel Borroy López
 

Recommended

Alfresco Share - Recycle Bin Ideas
Alfresco Share - Recycle Bin IdeasAlfresco Share - Recycle Bin Ideas
Alfresco Share - Recycle Bin IdeasAlfrescoUE
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0
Angel Borroy López
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
Angel Borroy López
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Francesco Corti
 
Architectural changes in the repo in 6.1 and beyond
Architectural changes in the repo in 6.1 and beyondArchitectural changes in the repo in 6.1 and beyond
Architectural changes in the repo in 6.1 and beyond
Stefan Kopf
 
Alfresco node lifecyle, services and zones
Alfresco node lifecyle, services and zonesAlfresco node lifecyle, services and zones
Alfresco node lifecyle, services and zones
Sanket Mehta
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
Luis Cabaceira
 
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterpriseHow to migrate from Alfresco Search Services to Alfresco SearchEnterprise
How to migrate from Alfresco Search Services to Alfresco SearchEnterprise
Angel Borroy López
 
Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
Angel Borroy López
 
Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
Luis Colorado
 
Alfresco tuning part2
Alfresco tuning part2Alfresco tuning part2
Alfresco tuning part2
Luis Cabaceira
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
Toni de la Fuente
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
Luis Cabaceira
 
Moving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco RepositoryMoving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco Repository
Jeff Potts
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
Angel Borroy López
 
Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138
Jose Portillo
 
A Practical Introduction to Apache Solr
A Practical Introduction to Apache SolrA Practical Introduction to Apache Solr
A Practical Introduction to Apache Solr
Angel Borroy López
 
Guide to alfresco monitoring
Guide to alfresco monitoringGuide to alfresco monitoring
Guide to alfresco monitoring
Miguel Rodriguez
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1
Angel Borroy López
 
Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...
konok
 
Upgrading to Alfresco 6
Upgrading to Alfresco 6Upgrading to Alfresco 6
Upgrading to Alfresco 6
Angel Borroy López
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
 
Storage and Alfresco
Storage and AlfrescoStorage and Alfresco
Storage and Alfresco
Toni de la Fuente
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
Toni de la Fuente
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 
Bulk Export Tool for Alfresco
Bulk Export Tool for AlfrescoBulk Export Tool for Alfresco
Bulk Export Tool for Alfresco
Richard McKnight
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
Luis Cabaceira
 
Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012
Toni de la Fuente
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 

More Related Content

What's hot

Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
Angel Borroy López
 
Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
Luis Colorado
 
Alfresco tuning part2
Alfresco tuning part2Alfresco tuning part2
Alfresco tuning part2
Luis Cabaceira
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
Toni de la Fuente
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
Luis Cabaceira
 
Moving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco RepositoryMoving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco Repository
Jeff Potts
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
Angel Borroy López
 
Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138
Jose Portillo
 
A Practical Introduction to Apache Solr
A Practical Introduction to Apache SolrA Practical Introduction to Apache Solr
A Practical Introduction to Apache Solr
Angel Borroy López
 
Guide to alfresco monitoring
Guide to alfresco monitoringGuide to alfresco monitoring
Guide to alfresco monitoring
Miguel Rodriguez
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1
Angel Borroy López
 
Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...
konok
 
Upgrading to Alfresco 6
Upgrading to Alfresco 6Upgrading to Alfresco 6
Upgrading to Alfresco 6
Angel Borroy López
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
 
Storage and Alfresco
Storage and AlfrescoStorage and Alfresco
Storage and Alfresco
Toni de la Fuente
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
Toni de la Fuente
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
Toni de la Fuente
 
Bulk Export Tool for Alfresco
Bulk Export Tool for AlfrescoBulk Export Tool for Alfresco
Bulk Export Tool for Alfresco
Richard McKnight
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
Luis Cabaceira
 

What's hot (20)

Alfresco search services: Now and Then
Alfresco search services: Now and ThenAlfresco search services: Now and Then
Alfresco search services: Now and Then
 
Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
 
Alfresco tuning part2
Alfresco tuning part2Alfresco tuning part2
Alfresco tuning part2
 
Alfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White PaperAlfresco Backup and Disaster Recovery White Paper
Alfresco Backup and Disaster Recovery White Paper
 
Alfresco tuning part1
Alfresco tuning part1Alfresco tuning part1
Alfresco tuning part1
 
Moving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco RepositoryMoving Gigantic Files Into and Out of the Alfresco Repository
Moving Gigantic Files Into and Out of the Alfresco Repository
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
 
Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138Jose portillo dev con presentation 1138
Jose portillo dev con presentation 1138
 
A Practical Introduction to Apache Solr
A Practical Introduction to Apache SolrA Practical Introduction to Apache Solr
A Practical Introduction to Apache Solr
 
Guide to alfresco monitoring
Guide to alfresco monitoringGuide to alfresco monitoring
Guide to alfresco monitoring
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1
 
Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...Alfresco devcon 2019: How to track user activities without using the audit fu...
Alfresco devcon 2019: How to track user activities without using the audit fu...
 
Upgrading to Alfresco 6
Upgrading to Alfresco 6Upgrading to Alfresco 6
Upgrading to Alfresco 6
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
 
Storage and Alfresco
Storage and AlfrescoStorage and Alfresco
Storage and Alfresco
 
Alfresco Security Best Practices Guide
Alfresco Security Best Practices GuideAlfresco Security Best Practices Guide
Alfresco Security Best Practices Guide
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Bulk Export Tool for Alfresco
Bulk Export Tool for AlfrescoBulk Export Tool for Alfresco
Bulk Export Tool for Alfresco
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
 

Similar to Alfresco Security Best Practices 2014

Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012
Toni de la Fuente
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
Lorenzo Miniero
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020
Timothy Spann
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
Cisco DevNet
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017
Toni de la Fuente
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019
Lorenzo Miniero
 
Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106
Angel Borroy López
 
How fluentd fits into the modern software landscape
How fluentd fits into the modern software landscapeHow fluentd fits into the modern software landscape
How fluentd fits into the modern software landscape
Phil Wilkins
 
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
Balazs Bucsay
 
Scanning & Penetration Testing
Scanning & Penetration Testing Scanning & Penetration Testing
Scanning & Penetration Testing
Deris Stiawan
 
Faraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 ArsenalFaraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 Arsenal
Francisco Müller Amato
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
Alec Muffett
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
Justin Black
 

Similar to Alfresco Security Best Practices 2014 (20)

Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012Alfresco Security Best Practices 2012
Alfresco Security Best Practices 2012
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020Learning the basics of Apache NiFi for iot OSS Europe 2020
Learning the basics of Apache NiFi for iot OSS Europe 2020
 
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
DevNet @TAG - Spark & Tropo APIs - Milan/Rome May 2016
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017TTL Alfresco Product Security and Best Practices 2017
TTL Alfresco Product Security and Best Practices 2017
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019
 
Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106Alfresco Tech Talk Live 106
Alfresco Tech Talk Live 106
 
How fluentd fits into the modern software landscape
How fluentd fits into the modern software landscapeHow fluentd fits into the modern software landscape
How fluentd fits into the modern software landscape
 
voip_en
voip_envoip_en
voip_en
 
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
XFLTReaT: A New Dimension In Tunnelling (DeepSec 2017)
 
Scanning & Penetration Testing
Scanning & Penetration Testing Scanning & Penetration Testing
Scanning & Penetration Testing
 
Faraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 ArsenalFaraday Blackhat 2011 Arsenal
Faraday Blackhat 2011 Arsenal
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Top 10 secure boot mistakes
Top 10 secure boot mistakesTop 10 secure boot mistakes
Top 10 secure boot mistakes
 

More from Toni de la Fuente

SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a Service
Toni de la Fuente
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a Service
Toni de la Fuente
 
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up AlfrescoAlfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Toni de la Fuente
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Toni de la Fuente
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018
Toni de la Fuente
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfresco
Toni de la Fuente
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
Toni de la Fuente
 
Seguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicosSeguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicos
Toni de la Fuente
 
Alfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYAlfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLY
Toni de la Fuente
 
Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014
Toni de la Fuente
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Toni de la Fuente
 
Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community
Toni de la Fuente
 
Monitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaMonitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaToni de la Fuente
 
Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0
Toni de la Fuente
 
Consejos de seguridad con Alfresco
Consejos de seguridad con AlfrescoConsejos de seguridad con Alfresco
Consejos de seguridad con Alfresco
Toni de la Fuente
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en español
Toni de la Fuente
 
Alfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityAlfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityToni de la Fuente
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiToni de la Fuente
 
Alfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSAlfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSToni de la Fuente
 
Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Toni de la Fuente
 

More from Toni de la Fuente (20)

SANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a ServiceSANS Cloud Security Summit 2018: Forensics as a Service
SANS Cloud Security Summit 2018: Forensics as a Service
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a Service
 
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up AlfrescoAlfresco DevCon 2018: From Zero to Hero Backing up Alfresco
Alfresco DevCon 2018: From Zero to Hero Backing up Alfresco
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018Prowler: BlackHat Europe Arsenal 2018
Prowler: BlackHat Europe Arsenal 2018
 
From zero to hero Backing up alfresco
From zero to hero Backing up alfrescoFrom zero to hero Backing up alfresco
From zero to hero Backing up alfresco
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Seguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicosSeguridad en Internet para todos los públicos
Seguridad en Internet para todos los públicos
 
Alfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLYAlfresco security best practices CHECK LIST ONLY
Alfresco security best practices CHECK LIST ONLY
 
Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014Alfresco One (Enterprise) vs Alfresco Community 2014
Alfresco One (Enterprise) vs Alfresco Community 2014
 
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for AlfrescoAlfresco Backup and Recovery Tool: a real world backup solution for Alfresco
Alfresco Backup and Recovery Tool: a real world backup solution for Alfresco
 
Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community Comparativa entre Alfresco Enterprise vs Community
Comparativa entre Alfresco Enterprise vs Community
 
Monitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/IcingaMonitoring Alfresco with Nagios/Icinga
Monitoring Alfresco with Nagios/Icinga
 
Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0Nuevo Alfresco Records Management 2.0
Nuevo Alfresco Records Management 2.0
 
Consejos de seguridad con Alfresco
Consejos de seguridad con AlfrescoConsejos de seguridad con Alfresco
Consejos de seguridad con Alfresco
 
Alfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en españolAlfresco y SOLR, presentación en español
Alfresco y SOLR, presentación en español
 
Alfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - CommunityAlfresco Day Madrid - Jeff Potts - Community
Alfresco Day Madrid - Jeff Potts - Community
 
Alfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - ActivitiAlfresco Day Madrid - Jeff Potts - Activiti
Alfresco Day Madrid - Jeff Potts - Activiti
 
Alfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASSAlfresco Day Madrid - Partner - VASS
Alfresco Day Madrid - Partner - VASS
 
Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2Alfresco Day Madrid - Partner - IN2
Alfresco Day Madrid - Partner - IN2
 

Recently uploaded

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 

Recently uploaded (20)

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 

Alfresco Security Best Practices 2014

  • 1. Alfresco Security Best Practices Toni de la Fuente! Principal Solutions Engineer toni.delafuente@alfresco.com @ToniBlyx – blyx.com #AlfrescoSecurity
  • 2. “Some&mes, you have to demo a threat to spark a solu&on” Barnaby Jack, 1977-­‐2013
  • 3. How to solve all your problems: @ToniBlyx #AlfrescoSecurity UPGRADE!!
  • 4. That’s all folks! THANKS @ToniBlyx #AlfrescoSecurity
  • 5. Agenda • Demo • Alfresco Security Policy • Elements • External Threats • Vulnerabilities Assessment • Network and Operating System • Implementation Best Practices • Architecture • Mobile • Compliance and Standards
  • 6. The Guide • Alfresco Security Best Practices Guide! • https://my.alfresco.com/ share/s/ 85CnNsR0ROaSV0Bwm KWncg @ToniBlyx #AlfrescoSecurity
  • 7. User Adoption Security!Open, Modern @ToniBlyx #AlfrescoSecurity Architecture! SIMPLE/CONNECTED Integral support for mobile workers and external partners, interface built with the end user in mind vs. IT, seamlessly integrated with today’s most common productivity tools CONTROLLED Enterprise-grade security, easy compliance policy definition and enforcement, fully compliant SIMPLE/SMART/CONNECTED Enterprise-grade, hybrid, open-source, flexible architecture that meets today’s IT demands Open integration interface, ease of administration, allow IT org to integrate with other LOB applications, support for open standards Alfresco Value Pillars Content Encryption Records Mgmt. MDM Certification
  • 8. Alfresco Security Policy • Issues Discovery! • Security Notifications! • Severity Levels! • High • Medium • Low • Reporting a Security Issue to us! • support@alfresco.com @ToniBlyx #AlfrescoSecurity
  • 9. Alfresco Security Components: Deployment • People! • Process! • Alfresco application:! • Patches, HF, Upgrades, Features • JVM! • Operating System! • Firewall! @ToniBlyx #AlfrescoSecurity • Network configuration! • Virtualization infrastructure! • Network infrastructure! • Physical infrastructure! • Physical security! • Facilities!
  • 10. AWS Shared Security Model, A Good Reference @ToniBlyx #AlfrescoSecurity
  • 11. Multiple External Threats 1 Discovery, gathering information and information leaks:! • Search tools • Google, Bing, Shodan • Gathering info • FOCA, metagoofil, theharvester, maltego • Manual discovery • Nmap, others @ToniBlyx #AlfrescoSecurity Protection:! • IDS • Banner • Filter access to resources • Clean metadata
  • 12. Multiple External Threats 2 Brute force user and password or dictionary attacks:! • Online tools • Hydra • Metasploit @ToniBlyx #AlfrescoSecurity Protection:! • IDS • Password rotation • Password strength policy • Error login threshold • Prevent DoS
  • 13. Multiple External Threats 3 Man In the Middle Attacks: and DDoS/DoS:! • Multiple ways • Complex to protect @ToniBlyx #AlfrescoSecurity Protection:! • Architecture design • Encryption • Certificate strenght • Firewalls (network, host and application level) • IDS/IPS • AlfViral • Corporate-Network solutions – ATP • Monitoring Viruses:! • Content • All tiers
  • 14. Source of Vulnerabilities Public Sources! • CVE-2014-0050: Apache Commons FileUpload • CVE-2014-0125: Moodle • Bugtraq ID 37578: Joomla @ToniBlyx #AlfrescoSecurity Internal Sources! • *MNT-11793: SSRF, port scanning • CVE-2014-2939: XSS • MNT-10540: Share remote execution • *MNT-10539: Xerces / POI
  • 15. Hardening Network and Operating System @ToniBlyx #AlfrescoSecurity
  • 16. Network and Operating System • Network! • Firewalls, IDS, IPS, APT, Web Application Firewalls, Antiviruses, DDoS/DoS protection devices. • OS! • RedHat, Ubuntu, Suse • Solaris • Windows Server @ToniBlyx #AlfrescoSecurity • File permissions! • alfresco-global. properties • dir_root/contentstore • dir_root/solr • dir_root/lucene-indexes • Minimum privileges! • Port redirect!
  • 17. Firewall: Inbound ports Protocol/Service, Port, TCP/UDP, IN/OUT, Active, Comments, HTTP, 8080# TCP# IN# Yes# WebDav#included# FTP, 21# TCP# IN# Yes# Passive#mode# SMTP, 25# TCP# IN# No# # CIFS, 137,138# UDP# IN# Yes# # CIFS, 139,445# TCP# IN# Yes# # IMAP, 143# or# @ToniBlyx #AlfrescoSecurity 993# TCP# IN# No# # SharePoint,,Protocol, 7070# TCP# IN# Yes# # Tomcat,Admin, 8005# TCP# IN# Yes# Unless#is#necessary,#do#not#open#this#port#at#the# firewall# Tomcat,AJP, 8009# TCP# IN# Yes# Unless#is#necessary,#do#not#open#this#port#at#the# firewall# SOLR,Admin, 8443# TCP# IN# Yes# If#used#to#admin#Solr,#cert#has#to#be#installed#in# browser.#Otherwise#take#it#in#to#account#in#case# of# using# a# dedicated# Index# Server,# Alfresco# repository#server#must#have#access#to#this#port# IN#and#OUT# NFS, 111,2049# TCP/UDP# IN# No# This#is#the#repository#service#NFS#as#VFS# RMI, 50500S 50507# TCP# IN# Yes# Used#for#JMX#management.#Unless#is#necessary,# do#not#open#this#port#at#the#firewall# Hazelcast, 5701# TCP# IN# No# Used# by# hazelcast# to# exchange# information# between#cluster#nodes#from#4.2## JGroups, 7800# TCP# IN# No# Cluster#discovery#between#nodes#before#4.2# JGroups, 7801S 7802# TCP# IN# No# Traffic# Ehcache# RMI# between# cluster# nodes# before#4.2.# OpenOffice/JODconverter, 8100# TCP# IN# Yes# It# works# in# localhost,# do# not# open# it# at# the# firewall# #
  • 18. Firewall: Outbound ports @ToniBlyx #AlfrescoSecurity Protocol/Service, Port, TCP/UDP, IN/OUT, Active, Comments, SMTP, 25# TCP# OUT# No# If# you# want# Alfresco# to# send# notifications,# invitations,#tasks,#etc.#Open#this#port#from#Alfresco# to#your#corporate#MTA# DB,–,PostgreSQL, 5432# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,MySQL, 3306# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,MS,SQL,Server, 1433# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,Oracle, 1521# TCP# OUT# Yes*# It#depends#on#the#DB# DB,–,DB2, 50000# TCP# OUT# Yes*# It#depends#on#the#DB# LDAP,or,AD, 396# TCP# OUT# No# If#needed#for#authentication#and#synchronization# LDAPS,or,AD, 636# TCP# OUT# No# If#needed#for#authentication#and#synchronization# docs.google.com, 443# TCP# OUT# No# # JGroups, 7800P 7802# TCP# OUT# No# If#clustered#before#4.2,#only#between#nodes.# Hazelcast, 5701# TCP# IN# No# Used# by# hazelcast# to# exchange# information# between# cluster# nodes# from# 4.2,# only# between# nodes.# Remote,storage,NFS,, 111,2049# TCP/UDP# OUT# No# If#a#remote#NFS#drive#is#used#as#contentstore# Remote,storage,CIFS, 137,138# 139,145# UDP# TCP# OUT# No# If#a#remote#CIFS#drive#is#used#as#contentstore# Amazon,S3, 443# TCP# OUT# No# In#case#Alfresco#is#deployed#in#AWS#and#Amazon#S3# is#used#as#contentstore## Alfresco,Transformation, Server, 80,443# or# 8080,844 3# TCP# OUT# No# In#case#a#remote#Alfresco#Transformation#Server#is# used# Alfresco,FSTR, 8080# TCP# OUT# No# In# case# of# using# a# remote# Alfresco# File# System# Transfer#Receiver# Alfresco,Remote,Server, 8080# or# 8443# TCP# OUT# No# In# case# of# using# Alfresco# Replication# Service# between#Alfresco#servers# Kerberos, 88# TCP/UDP# OUT# No# In#case#Kerberos#SSO#is#required# Third,Party,SSO, 443# TCP# OUT# No# Third#party#SSO#services# DNS, 53# UDP# OUT# Yes# Name#resolution#service# Facebook,,Twitter,, LinkedIn,,Slideshare,, Youtube,,Flickr,,Wordpress, or,Typepad, 80#or#443# TCP# OUT# No# In# case# of# using#Alfresco# Publishing# Framework# or# Site#blog#publishing# #
  • 19. Alfresco Implementation Best Practices @ToniBlyx #AlfrescoSecurity
  • 20. Best Practices 1 • Stay current! • Service Packs, HF • Never run as root! • Switch to SSL! • HTTPS (Share, Webdav, API, etc.) • App Server, Web Server, Appliance • SharePoint Protocol • IMAPS • SMTP Inbound TLS • SMTP Outbound TLS @ToniBlyx #AlfrescoSecurity • FTPs • LDAPS connection • Consider Hazelcast or Jgroups / DB Connection • Permissions inheritance ! • Custom roles! • Review your logs! • Change JMX default credentials!
  • 21. Best Practices 2 • Audit! • Enable it if needed • Easy to query audit records with curl • Easier in RM • Alfresco Support Tools! • Get to know connected users besides other tools @ToniBlyx #AlfrescoSecurity • Get to know how to reset admin password! • Control ticket session duration! • Disable unneeded services! • Disable guest user!
  • 22. Best Practices: content deletion • Node deletion lifecycle! • Why is important? @ToniBlyx #AlfrescoSecurity
  • 23. More about node deletion • Delete content when it is deleted! • Trashcan cleaner! • Records Management! • Wipe content! @ToniBlyx #AlfrescoSecurity
  • 24. Alfresco Share Security • Cross-Site Request Fogery (CSRF) filters! • Clickjacking mitigation! • Iframes and phising attack mitigation! • Share HTML processing black/ white list! • Site creation control! @ToniBlyx #AlfrescoSecurity • Filter document actions by user or role! • Filter workflow by user or role! • Change default Share session timeout!
  • 25. Architecture Best Practices 1 • Frontends! • Protect URLs • Apache, Nginx, HAProxy • /alfresco/service • /share/service • /alfresco/proxy • /alfresco/cmisbrowser @ToniBlyx #AlfrescoSecurity
  • 26. Architecture Best Practices 2 @ToniBlyx #AlfrescoSecurity
  • 27. Architecture Best Practices 3 @ToniBlyx #AlfrescoSecurity
  • 29. Backup and Disaster Recovery • White Paper! • http://slidesha.re/ 1o1HUY9 @ToniBlyx #AlfrescoSecurity
  • 30. Mobile Security • File Protection! • Encryption when locked • HTTPS! • Certificate Authentication! • MDM! • Alfresco for Good (iOS) • MobileIron (Android) @ToniBlyx #AlfrescoSecurity • MDM next version! • Symantec Sealed (Android) • Citrix Worx • MobileIron (iOS)
  • 31. Security Compliance & Standards • DoD5015.2! • OWASP! • Top 10 • HIPPA! • FISMA! • FedREMP! • ISO 27001! • PCI-DSS! @ToniBlyx #AlfrescoSecurity
  • 32. Finally, a review: @ToniBlyx #AlfrescoSecurity
  • 33. Alfresco Security Checklist @ToniBlyx #AlfrescoSecurity
  • 34. List of Alfresco third party components @ToniBlyx #AlfrescoSecurity
  • 35. Now… Yes! That’s all folks! Questions? Suggestions? Complaints? Beers? @ToniBlyx #AlfrescoSecurity
  • 36. Thanks @ToniBlyx #AlfrescoSecurity Toni de la Fuente! Principal Solutions Engineer toni.delafuente@alfresco.com @ToniBlyx – blyx.com