Record:   Prev Next
Author Canavan, Tom
Title CMS Security Handbook : The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone
Imprint Hoboken : John Wiley & Sons, Incorporated, 2011
©2011
book jacket
Edition 1st ed
Descript 1 online resource (456 pages)
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Note Intro -- CMS Security Handbook -- Contents -- Introduction -- Chapter 1 Introduction to CMS Security and Operations -- Target Acquired -- Operational Considerations -- Educating Your Employees and End Users -- Raising Security Awareness -- Training on Information Security Policies -- Providing a Standard Protocol for Threat Reporting -- Ensuring E-mail Security -- Applying Patches and Updates -- Being Aware and Staying Safe -- Looking at Your Site Through the Eyes of a Hacker -- Steps to Gaining Access to Your Site -- Researching -- Googling Away -- Using Google Hacking Tools (Dorks) -- Footprinting -- Using NMAP for Nefarious Means -- Using Traceroute -- Finding Subdomains -- Enumeration -- Attacking and Owning the Site -- Wiping Out Their Tracks -- Examples of Threats -- Social Engineering -- Calling into Your Office -- Sending in a Trusted Friend -- Using USB Keys -- Indiscriminate Browsing or Instant Messaging -- External Media -- Vendors or External Clients/Customers as the Threat -- Reviewing Your Perimeter -- Using Virus Protection -- Banning Passwords on Desks -- Enforcing a Password Complexity and Change Policy -- Policing Open Wireless -- Tools for Wireless Detection -- How Will You Respond to an Incident? -- Does Your Plan Exist? -- Is the Plan Up to Date? -- Where Are Your Backup Tapes, Disks, and USBs? -- Summary -- Chapter 2 Choosing the Right Hosting Company -- Types of Hosting Available -- Shared Hosting -- Virtual Private Server (VPS) -- Dedicated Server -- Cloud Hosting -- Security of Data in a Cloud -- Selecting the Right Hosting Option -- Budget Considerations -- Determining the Appropriate Server Size -- Case 1: Light Website Traffic (Shared Hosting) -- Case 2: Medium Website Traffic (VPS) -- Case 3: Heavy Website Traffic -- Using Backups -- What to Look for in Web Host Security -- Physical Security -- Glass Windows
Flooding -- Signs -- People -- Dumpster Diving and Social Engineering -- Breach Response -- Terrorists -- Access to Equipment -- Water Detection -- Fire Suppression -- Emergency Procedures -- Disaster Recovery and Business Continuity -- Cyber Security -- Firewalls and Intrusion Detection -- Log File Auditing -- Spam, Virus Scanning, and Prevention -- Patching for Weaknesses -- VoIP -- Web Servers -- Environmental Support -- Network Redundancy -- Electrical Service -- Technical Support -- Emergency Planning for the Host -- Location of the Host's Data Center -- Processes -- Backups -- Offsite Procedures -- Accepting Credit Cards on Your Website -- Understanding PCI -- PCI Terminology -- Becoming PCI Certified -- Installing an SSL Certificate -- Testing by ASV -- Choosing a Shopping Cart -- Storing Data Securely -- PCI Vulnerability Management Plan -- Avoiding Common ASV Testing Pitfalls -- After Certification -- Domain Name System Servers -- Understanding DNS -- Threats to DNS -- DNS (Name Server) Failure -- Zone Transfers -- Lack of Patching DNS Servers -- DNS Poisoning -- Hosting Your Own Website Server -- Getting Ready -- Making Your Shopping List -- Choosing an Operating System -- Ensuring Security -- Patching -- Summary -- Chapter 3 Preventing Problems Before They Start -- Choosing an Appropriate CMS for Your Needs -- Making the Right Business Decisions -- Joomla! -- Drupal -- WordPress -- Plone -- Which CMS Offers the Best Security? -- Four Factors to Consider from a Business Point of View -- Considering Development Costs -- Considering Support -- Building It Before You Build It -- Developing on a Server -- Developing on a Desktop -- Performing CMS Installations -- Installing Joomla! 1.5 -- Installing Joomla! 1.6 -- Installing Drupal -- Post Install -- Permissions -- Drupal 7 -- Installing Plone -- Basic Zope Installation -- Other Resources
Installing WordPress -- Optional Security Plug-in for WordPress -- Shared Hosting -- Advanced Security After Installation -- Cleanup and Verification Before Going Live -- Summary -- Chapter 4 Baselining Your Existing Website -- Starting Your Baseline -- Taking Inventory -- Documentation -- CMS -- Network -- Server -- Desktops -- Knowing When to Run Your Baseline -- Identifying Areas of Trouble -- Checking the Operating System and Add-ons -- Checking Third-Party Add-ons for Your CMS -- Joomla! -- Drupal -- Plone -- WordPress -- Understanding Hardware Vulnerabilities -- Network Gear -- Printers -- Uncovering Hidden Dangers Through Vulnerability Scanning -- Using the Nmap Tool -- Installing Nmap -- Using Nmap -- Using the Nessus Tool -- Setting Up and Running Nessus -- Interpreting the Results -- Using Virus Scanning Tools -- Remediating Problems -- Categorizing and Prioritizing Issues -- Patching Security Holes -- Reporting Problems to the Hosting Company -- Summary -- Chapter 5 Hardening the Server Against Attack -- Ensuring Secure Passwords -- Shadow Password File -- Expiring Passwords -- Spotting Default Passwords -- Securely Configuring the Linux Operating System -- Changing the Login Banner -- Using yum -- Basic yum Commands -- Updating the Server Using yum -- The Debian Distribution -- Setting File Permissions -- Permissions Represented as Octal Numbers -- Critical Password Files -- World-Writeable -- Unauthorized SUID/SGID System Executable Files -- Orphan Files -- Reviewing Disk Access -- Disabling Unneeded Services -- Securing an Apache Server -- Configuring Apache for Secure Operation -- Disabling or Setting Up Proper Services -- ModSecurity -- Securing SNMP -- Configuration -- Disabling -- Configuring PHP for Secure Operation -- suPHP -- phpinfo -- PhpSecInfo -- php.ini -- Checking for Open Ports -- Securing FTP Communications Ports
Hazards of FTP -- Firewalls -- Remote Command Execution -- Bounce Attack -- Privacy -- Protecting Usernames -- Common FTP Mistakes -- Anonymous FTP -- Weak Passwords -- Misconception of Security -- Exploring Alternative Versions of FTP -- Using VSFTP -- Using Pure-FTPd -- Securing SFTP Communications Ports -- Ensuring Secure Logging -- VSFTP Logging -- Syslog -- Access Logs -- Security Logs -- Using cPanel -- Using logrotate -- Security of the Log Files -- Using SSL -- Understanding How SSL Works -- Understanding When to Use SSL -- Obtaining a Certificate -- Creating Self-Sign Certificates -- Installing a Certificate -- Working with Your Hosting Company -- Installing an SSL Certificate Yourself -- Miscellaneous Hardening Tasks -- Packet Sniffing -- Securing SMTP -- Zone Transfers -- Physically Securing Equipment -- Summary -- Chapter 6 Establishing a Workable Disaster Recovery Plan -- Understanding Site and Systems Disaster Planning -- Defining a Disaster -- Time Considerations -- Cost Considerations -- Formulating Your Contingency Plan -- Determining Responsibilities -- Mapping Your IT Assets -- Assessing Risks -- Establishing Plan Objectives -- Determining Data Value -- Drafting the Initial Plan -- Involving the Team -- Defining Team Roles -- Testing Your Plan -- Performing a Desktop Test -- Using a Phased Approach -- Conducting a Live Test -- Performing a Post-Test Review -- Anticipating the Unexpected -- Identifying a Basic Backup Policy -- Server-Side Backup and Restoration Methods -- Using cPanel -- Using the Command Line Method -- Backing Up the Database -- Restoring the Database -- Compressing the Files -- Restoring the Files -- CMS Backup and Restoration Methods -- Joomla! Backup and Restoration -- Requirements -- Configuration -- Backups -- Cloud Storage -- Restoration -- WordPress Backup and Restoration -- Requirements -- Configuration
Backups -- Restoration -- Plone Backup and Restoration -- Requirements -- Configuration -- Backups -- Restoration -- Drupal Backup and Restoration -- Requirements -- Configuration -- Backups -- Restoration -- Snapshots in Drupal -- Considerations for Setting Up Alternative Web Hosts -- Additional Considerations -- E-mail System -- Where Does Your DNS Live? -- Planning for Lost, Damaged, or Dated Equipment -- Local Equipment -- Summary -- Chapter 7 Patching Process -- Understanding the Patching Process -- Understanding the Need for the Patching Process -- Organizational Requirements -- Medium to Large Organization -- Creating a Team -- Creating Patching Standards -- Assessing Threats -- Using a Threat Matrix -- Single-Person Business -- Security Metrics -- Determining What to Measure -- Susceptibility to Attack -- Response Time -- Costs Associated with Each Patch -- Eliminating Known Vulnerabilities from the Start -- Monitoring for New Vulnerabilities -- Sources of Information Regarding Patches -- Commercial Services -- Testing for Deployment -- Obtaining Safe Patches -- Deploying a Patch or Fix -- Distributing a Patch to Your Administrators -- Documenting Your Patches -- Patching after a Security Breach -- Issues and Concerns -- Rootkits -- Viruses -- Code Tampering -- Monitoring for Unauthorized Changes -- Patching a CMS -- Joomla! -- Minor Version Patches -- Full Update Files -- Conducting the Update -- Updating Extensions -- WordPress and Its Plug-ins -- Drupal -- Updating the Drupal Core -- Updating the Core with Drupal 7 -- Updating Drupal Modules -- Plone -- Before You Start -- Updating the Core and Add-Ons -- Add-On Updates -- Summary -- Chapter 8 Log Review -- Understanding the Need to Retain Logs -- Planning for Your Logs -- Developing a Retention Policy -- Who Does What and When? -- Determining Where to Store Logs
Responding to an Incident
Learn to secure Web sites built on open source CMSs Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you're responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You'll learn a strong, foundational approach to CMS operations and security from an expert in the field. More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS
Description based on publisher supplied metadata and other sources
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries
Link Print version: Canavan, Tom CMS Security Handbook : The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone Hoboken : John Wiley & Sons, Incorporated,c2011 9780470916216
Subject Computer networks -- Security measures.;Data protection.;Web sites -- Security measures
Electronic books
Record:   Prev Next