- GATE Village Technical Overview Presentation
- Some helpful advice
- What Is GATE Village?
- Why Drupal was chosen
- Drupal Provided GATE Village
- Drupal: The Good
- Drupal: The Bad
- Drupal: The Ugly
- GATE Trust System
- MLM and E-commerce
- The Six-Month Evolution
- Beauty
- Brains
- Form
- Function
- Custom Coding
- Custom Content Types
- The Complexity -- (don't try this at home)
- The Complexity (cont)
- Hosting
- Security
- Druapl Security -- An Introduction
Submitted by Dave Kinchlea on Mon, 2009/12/14 - 14:47
ABSOLUTELY we can defend ourselves!
Ignorance is not Bliss, but Knowledge is Power!
- It is not necessary to be an expert
- But know who the experts are and listen to them!
- Stay diligent in your monitoring
- But don't let it take over your life; your CONTENT should drive your actions
- Weekly checks should suffice for most people
- Security is not by any means static, what's safe today may be tomorrow's biggest nightmare
- Certainly true for most interesting technologies
Check your logs!
- admin/reports/updates -- security updates should be set up to notify daily (admin/reports/updates/settings)
- Database Logging (admin/reports/dblog), part of core; keep logs for as long as you can (unless you have a good backup/recovery system)
- Syslog (admin/settings/logging/syslog), contrib module (necessary for big / multi-sites, overkill and probably useless for most low-cost web sites); life saver for me
- Web Server logs -- Drupal is probably not the application they are attacking
Check your configuration!
- Remember that quick and dirty change you made to quickly workaround a problem; did you clean up?
- Did you remove or put back files?
- Do you know what applications are available?
- Remeber, Apache and most other web servers allow for multiple webroots
- Did you remove or put back files?
- Turn off anything you don't explicitly need on; this includes modules as well applications; more complex than necessary is more danger than necessary
- Check, double-check, and even triple-check your .htaccess configuration -- it is VITAL it works correctly for Drupal security to work
Be a part of the solution!
- Change your password often (every 3-6 months)
- Don't ever use the same password for admin and personal
- Don't share accounts, particularly for admin, you need to know who did what and when (not just for security)
- Don't run email servers unless you are SURE you know what you are doing
- Sending email is fairly safe but receiving can be tricky
- Good advice for running any service really
- Don't assume you are safe because you are small; you are not ever anonymous
- GATE
Village was attacked the very first day the IP address was on the air
- GATE
- Consider using Tripwire or some other data integrity checker (then you can check configuration automatically and daily)
Post new comment