CMS Security - Ruth Cheesley - CMS Africa 2014
•Als ODP, PDF herunterladen•
0 gefällt mir•1,512 views
This talk was delivered at the first CMS Africa summit in Nairobi, Kenya which was held between 7-8 March 2014. The talk explores basic security precautions to take when considering using a Content Management System.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (14)
Ähnlich wie CMS Security - Ruth Cheesley - CMS Africa 2014
Ähnlich wie CMS Security - Ruth Cheesley - CMS Africa 2014 (20)
Mehr von Ruth Cheesley
Mehr von Ruth Cheesley (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
CMS Security - Ruth Cheesley - CMS Africa 2014
- 1. CMS Security Ruth Cheesley - @RCheesley
- 4. Understand permissions World (The world, the universe, and everything) Group (A set of users) Owner (owns the file)
- 5. Understand permissions Read (r) Write (w) Can view the file Chmod +r / -r Numerical value = 4 Can make changes or modify the file Chmod +w / -w Numerical value = 2 Execute (x) Can run the file (generally applicable at command line) Chmod +x / -x Numerical value = 1 NOTE: Folders cannot be listed and files within can't be accessed if the folder does not have execute permissions
- 6. Joomla! permissions Owner Group World 7 (Read + Write + Execute) rwx 5 (Read + Execute) r-x 5 (Read + Execute) r-x 6 (Read + Write) rw- 4 (Read) (r--) 4 (Read) (r--)
- 7. Your weakest link © James Steidl - Fotolia.com
- 8. Keep up to date © iQoncept - Fotolia.com
- 9. Sell ethically to your clients © puckillustrations - Fotolia.com
- 10. Modern security practices © James Steidl - Fotolia.com
- 11. Implement 2 Factor Authentication
- 15. To find more information magazine.joomla.org docs.joomla.org Ruth Cheesley - @RCheesley
Hinweis der Redaktion
- Good afternoon, and thank you for inviting me to speak at CMS Africa Joomla! Community Leadership Team for just over a year User Group team, Marketing Working Group experiences within Open Source communities, and particularly around the topic of getting more women involved in technology. Passionate about promoting Science Tech Eng Maths as an exciting and interesting career choice for women.
- Security starts before you even get to installing the CMS, it starts when you select a hosting provider - Hosting - experience with CMS's - Linux based (personal preference) - Security practices - Trust - Working with contractors - Extensions – refer to joomla docs/JCM for more detail - Resources.joomla.org
- It's important to understand how file & folder permissions work. Use the best practices for your CMS, don't compromise on this because your hosting environment isn't set up properly.
- - Passwords - Updates - Vulnerable extensions - Viruses/compromise
- It's your job to stay up to date with security updates Make sure that you sign up for updates from extensions and template providers Keep up to date with CMS core updates, apply them. This is your responsibility as web developer. If you use a CMS, you take the responsibility for keeping it secure.
- Sell the CMS with the understanding that clients need to update Opportunity – sell them training Opportunity – sell a support contract Be clear. Be responsible. If they aren't willing to do updates themselves, or pay you to do it, walk away.
- Keep up to date with new developments Md5 Salting Bcrypt Things are changing all the time, you have to keep up to date with these changes by keeping your CMS up to date (and/or getting involved with bringing these new features to your CMS through getting involved in OS projects).
- How many people have 2 factor authentication enabled? Use YubiKeys or mobile phone app (Google authenticator). Easy to implement, easy to explain, something you know (Password) and something you have (unique one time password).
- Problems with spam? Admin tools for Joomla Project Honeypot Stop forum spam Black/whitelist Look out for malicious activity and block before it gets to your site Hide admin panel
- Sooner or later, with all the best security, you will have a disaster happen. Client deletes site, server gets compromised, site gets compromised.