As one of the front-runners in data security & computer encryption  software we always try to focus on aspects with which users can ensure optimum protection of their critical data and related assets.

Taking a forward step in this direction, we observe and analyse the security state of open-source world specifically pertaining to Content management systems like Joomla and Drupal etc. Today some of the world’s best websites are being developed on open-source CMS for their improved architecture, work-flow mechanism and end-user stability. But with it, we are witness numerous security issues & vulnerability threats as well. In-fact, this is one of the key reasons why businesses are still hesitant when it comes to adopting & implementing these systems.

There has been constant debate about the above issue, and we think John Veiga’s article pretty much sums-up the current state in his article, “Open Source Security: Still a Myth”

“For most applications it does seem reasonable to expect that proprietary software will generally have fewer eyeballs trained on the source code. However, can the average developer who looks at open source software do a good job of finding security vulnerabilities? While I do believe the answer to this could someday be yes, the answer is not at all clear-cut right now.”

Quick security tips

Here are some quick tips to ensure that the website which is running on modern open-source CMS stays secure and free from hack attacks:

1. Password security: Perhaps the most common and the basic security measure is to use a strong password which isn’t your date of birth or mother maiden name. Ideally it should be a combination of upper-case & lower-case characters and if your system permits, you should always use special characters.
2. Follow CMS security guideline: Always read the security guidelines provided by your open-source CMS system vendor. It is like a security rule-book, never ignore them.
3. Deployment of updates: Always make sure that the latest version of your CMS is updated, the right computer protection software is used on the deployment server.
4. Secure root user-name in MySQL database: Normally, all the database driven CMSes have a common user name and password. Typically the user-name is root and password is blank. Always keep in mind that you should change the user-name & password.
5. Secure login URLs: A lot of CMSes can be accessed by their common URLs. For e.g. in Drupal’s case it is http://drupal.org/user and in Joomla it is http://joomla.org/administrator
   
6. Un-secure plug-ins: Most of the content management systems, provide a list of vulnerable un-secure plugins. In addition, you can always run the Cron jobs to see if there’s any plugins/module or component that is incompatible with the architecture of your current system.
7. File permissions: If you are running a website which has got global read/write permissions for the external world, then you are in for a big problem. Make sure that file permissions are set appropriately and only the administrator have the permissions to make the desired changes.
8. Iframe injection prevention: Hidden iframe attacks are one of the most popular vulnerabilities which create an impact on your site. To remove injection plug-ins you need to install Exploit scanner through which you can scan your site files.  It helps you to fill illegal iframes and remove new iframe codes which are not created by the site-owners and akismet.
9. Don’t use the common table prefixes in CMS: Content management systems use standard prefixes for CMS tables for example ‘jos_’  for Joomla.

• Previous Entry: Breaking into BitLocker
• Next Entry: RockYou’s Sour Rhapsody