Secure your site
-
Upload
matthew-farina -
Category
Technology
-
view
4.310 -
download
0
Transcript of Secure your site
![Page 1: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/1.jpg)
Secure Your SiteMatt FarinaLead EngineerHP Cloud
![Page 2: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/2.jpg)
http://bit.ly/SecureYourSiteYou can get the slides at...
![Page 3: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/3.jpg)
• @mattfarina on twitter
• Drupal.org UID 25701 (Over 8 Years)
• Co-Author of Drupal 7 Module Development
• Lead Engineer at HP Cloud
![Page 4: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/4.jpg)
http://techcrunch.com/2013/10/03/adobe-gets-hacked-product-source-code-and-data-for-2-9m-customers-likely-accessed/
Did you hear, Adobe was hacked
![Page 5: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/5.jpg)
http://motherboard.vice.com/blog/this-is-most-detailed-picture-internet-ever
A Picture Of The Internet
![Page 6: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/6.jpg)
http://motherboard.vice.com/blog/this-is-most-detailed-picture-internet-ever
420,000 Hacked Linux Based Systems
![Page 7: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/7.jpg)
http://www.forbes.com/sites/cherylsnappconner/2013/09/14/are-you-prepared-71-of-cyber-attacks-hit-small-business/
71% attacked sites of orgs with less than 100 People
![Page 8: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/8.jpg)
http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html
Scan port 22 (ssh) for the Internet in a day
![Page 9: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/9.jpg)
I’ve Watched Attacks Happen
![Page 10: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/10.jpg)
I’ve Found Hacked Servers
![Page 11: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/11.jpg)
For the sake of your users, secure your site.
![Page 12: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/12.jpg)
https://help.ubuntu.com/12.04/serverguide/security.html
Harden Your Servers
![Page 13: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/13.jpg)
https://help.ubuntu.com/community/AutoWeeklyUpdateHowTo
Keep packages up to date for security releases
![Page 14: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/14.jpg)
Lock Down Access
Web Server DB Server
![Page 16: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/16.jpg)
http://stackoverflow.com/questions/2661799/removing-x-powered-by
Removing X-Powered-By Header
; In your php.ini file setexpose_php = off
> curl -i -X HEAD https://drupal.org...X-Powered-By: PHP/5.3.27...
![Page 17: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/17.jpg)
On to Drupal
![Page 18: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/18.jpg)
Use HTTPS/SSL/TLS
![Page 19: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/19.jpg)
![Page 20: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/20.jpg)
You can redirect to https via .htaccess
# Redirect when the request comes to httpRewriteCond %{HTTPS} offRewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
![Page 21: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/21.jpg)
https://drupal.org/project/securepages
Secure Pages Module
![Page 22: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/22.jpg)
https://drupal.org/node/947312
Secure UID 1
![Page 23: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/23.jpg)
https://drupal.org/project/password
If you’re on Drupal 6 use real password hashing
![Page 25: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/25.jpg)
https://github.com/ircmaxell/password_compat
PHP Password API Backward Compatability
![Page 26: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/26.jpg)
Change Admin passwords regularly and
make them strong.
![Page 27: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/27.jpg)
Remove the clues it’s Drupal
• Remove the text files (e.g., CHANGELOG.txt)
• Remove install.php
• web.config or .htaccess if not in use
![Page 28: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/28.jpg)
Remove Generator Meta Tag
/** * Implements hook_html_head_alter(). */function custom_html_head_alter(&$head_elements) { if (isset($head_elements['system_meta_generator'])) { unset($head_elements['system_meta_generator']); }}
<meta name="generator" content="Drupal 7 (http://drupal.org)" />
![Page 29: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/29.jpg)
Remove X-Generator Header
// Override the header.drupal_add_http_header(‘X-Generator’, ‘’)
> curl -i -X HEAD https://2013.drupalcampmi.org...X-Generator: Drupal 7 (http://drupal.org)...
https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_add_http_header/7
![Page 30: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/30.jpg)
Add X-Frame-Options Header
drupal_add_http_header('X-Frame-Options', 'SAMEORIGIN');
> curl -i -X HEAD https://marketplace.hpcloud.com...X-Frame-Options: SAMEORIGIN...
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
![Page 31: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/31.jpg)
http://www.lullabot.com/blog/article/keeping-drupals-files-safe
Secure The Filesystem
![Page 32: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/32.jpg)
Web server user should not have write permission to Drupal
![Page 33: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/33.jpg)
http://www.hpcloud.com/products-services/object-storage
Backup to offsite location
![Page 34: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/34.jpg)
https://drupal.org/project/backup_migrate
Backup and Migrate Module
![Page 35: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/35.jpg)
https://drupal.org/project/aes
Encrypt Backups
![Page 36: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/36.jpg)
Backup Creds Not On Production Server
Web Server DB Server
Backup Server Storage
![Page 37: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/37.jpg)
I shouldn’t have to tell you but...
![Page 38: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/38.jpg)
https://drupal.org/project/usage/drupal
Keep Drupal Up To Date
![Page 39: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/39.jpg)
https://drupal.org/documentation/modules/update
Update Manager Module
![Page 40: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/40.jpg)
Sign-up For Security Announcements
![Page 41: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/41.jpg)
Encrypt Sensitive Information
![Page 42: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/42.jpg)
https://drupal.org/project/aes
AES Encryption Module
![Page 43: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/43.jpg)
http://phpseclib.sourceforge.net/
PHP Secure Communications Library
![Page 44: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/44.jpg)
Encrypted Field Modules
• Encrypted Settings Fieldhttps://drupal.org/project/encset
• Field Encryptionhttps://drupal.org/project/field_encrypt
• Encrypted Texthttps://drupal.org/project/encrypted_text
![Page 45: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/45.jpg)
Or, Store Them In A Secure Service
![Page 46: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/46.jpg)
drupal_http_request() does not check SSL
certificates.
![Page 48: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/48.jpg)
Using Guzzle
// A little more complicated$client = new \Guzzle\Http\Client('http://guzzlephp.org');$request = $client->get('/');$response = $request->send();
// A simple exampleGuzzle\Http\StaticClient::mount();$response = Guzzle::get('http://guzzlephp.org');
![Page 49: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/49.jpg)
Inject Cert To drupal_http_request()
$opts = array(‘ssl’ => array(‘verify_host’ => TRUE,‘verify_peer’ => TRUE,‘allow_self_signed’ => FALSE,‘cafile’ => ‘path/to/cert.pem’,
),);$context = stream_create_context($opts);$ops = array( ‘context’ => $context,);$res = drupal_http_request(‘http://example.com’, $ops);
![Page 50: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/50.jpg)
Review Your Logs Regularly
![Page 53: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/53.jpg)
http://www.loggly.com/docs/alerts-overview/
Automated Alerts
![Page 54: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/54.jpg)
This is just the beginning...
![Page 55: Secure your site](https://reader031.fdocuments.in/reader031/viewer/2022020314/5873457d1a28abf21b8b7f0b/html5/thumbnails/55.jpg)
Questions?Slides are at...
http://bit.ly/SecureYourSite