Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Security Step #1 - Regularly Update EVERYTHING

   

All Software should be updated
Regularly including.  Create a regular...
Security Step #2 - Implement Password Security

 

° Avoid Default UN/ Passwords

° Implement Strong Passwords

> Goal:  H...
Security Step #3 - Implement Multi-factor Authentication

 
       

Problem
- Lost or stolen passwords
allow hackers to b...
Security Step #4 — Use a Web Application Firewall (WAF)

 

80“'96% of all websites have high risk vulnerabilities

13% of...
Security Step #4 - Use a Web Application Firewall (WAF)

 

0 WAFs provide similar protection as traditional network layer...
Security Step #5 Implement a DDoS mitigation Strategy

 

° DDoS attacks make your website completely inaccessible

C i
2 ...
Security Step #6 - Use a Secure Hosting Environment

 

Hacked Website Your Website

 

Problem

- If any site on a server...
Security Step #6 - Use a Secure Hosting Environment

 

Pick a Secure Hosting Provider that offers

- Segregated environme...
Nächste SlideShare
Wird geladen in …5
×

Wordpress security webinar by Incapsula

Wordpress security webinar by Incapsula

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Wordpress security webinar by Incapsula

  1. 1. Security Step #1 - Regularly Update EVERYTHING All Software should be updated Regularly including. Create a regular schedule to update patches for: ° WordPress ' Plugins 0 Web servers ) lncapsula
  2. 2. Security Step #2 - Implement Password Security ° Avoid Default UN/ Passwords ° Implement Strong Passwords > Goal: Hard to Guess / Hard to brute Force attack > Include — Mixed CASe > Include - NuMB3rS : - Include — SP3C!4LCh@RS > Use a password phrase - BowTies 4r3 Cool! ° Use different passwords for different sites ° Change your password periodically > '”Ca. D_8.U, '.e
  3. 3. Security Step #3 - Implement Multi-factor Authentication Problem - Lost or stolen passwords allow hackers to bypass your security measure um I w you “cow” 0 USIIIJAHI l°'| 'IO'I-UVUD (cm 5°'“"°" . .,, ..°. ,, ‘assess - Secure Admin areas with D , .,, ,,, .,, .. — “W ‘ A’ multi-factor authentication Email ENTER VERIFICATION coo: V bufinuvoau-unnI%. euuv I SMS noun-venue-you-tuna: -at-ta » Google Authenticator "“"‘°°' ““" — - Other ? Cl fig > '“Ce. e:3vJe
  4. 4. Security Step #4 — Use a Web Application Firewall (WAF) 80“'96% of all websites have high risk vulnerabilities 13% of websites can be compromised automatically Most wide spread vulnerabilities are 0 Cross-site Scripting - SQL Injection - Information Leakage - HTTP Response Splitting in . no ova -cup-x -pu~. uu. ‘4uIsvan. Auua—i. vs~uQ. v$sn—n , lncapsula
  5. 5. Security Step #4 - Use a Web Application Firewall (WAF) 0 WAFs provide similar protection as traditional network layer firewall but for a web application - Using a WAF can protect website from application layer hacking attempts - WAFs should be used in conjunction with traditional firewalls Non HTl‘P"HH'f'SAt1xt Ijtun HTTPJMTYPS Mud Standard Firewall > lncapsule
  6. 6. Security Step #5 Implement a DDoS mitigation Strategy ° DDoS attacks make your website completely inaccessible C i 2 Your Intemet 1.7% I m C: — = . _: ) Connection I = —. - - VourI$P YourSlte DDoS Traffic Legitimate Traffic - lll ll 0 If website availability is important to you, then DDoS protection should be too 0 Any application without a DDoS mitigation strategy is at risk > '“Ce.0&w'e
  7. 7. Security Step #6 - Use a Secure Hosting Environment Hacked Website Your Website Problem - If any site on a server is hacked, there's a chance that any other site on that same server could be vulnerable. > '“Ce.0e we
  8. 8. Security Step #6 - Use a Secure Hosting Environment Pick a Secure Hosting Provider that offers - Segregated environment (physically or logically) ° Network layer firewalls ' Vulnerability scanning > Infrastructure : - Servers : - Databases 2 Applications ° Backup Services ° Security Certification 7' SAS 70 Type II r- SSAE 16 Type II > Incapsula

×