- GATE Village Technical Overview Presentation
- Some helpful advice
- What Is GATE Village?
- Why Drupal was chosen
- Drupal Provided GATE Village
- Drupal: The Good
- Drupal: The Bad
- Drupal: The Ugly
- GATE Trust System
- MLM and E-commerce
- The Six-Month Evolution
- Beauty
- Brains
- Form
- Function
- Custom Coding
- Custom Content Types
- The Complexity -- (don't try this at home)
- The Complexity (cont)
- Hosting
- Security
- Druapl Security -- An Introduction
Submitted by Dave Kinchlea on Fri, 2009/12/11 - 12:35
- Rootkit writers - true knowledge is typically very high but undisciplined; these are dangerous folk but they aren't attacking your site directly (but that doesn't matter)
- They have their own to attack, it is far easier and less noticeable
- You have nothing they want (gun for hire must be hired)
- They do it for the glory or the thrill of victory
- Can and do find new bugs in old code that often show the way to make previously secure code insecure
- They have their own to attack, it is far easier and less noticeable
- Scriptkiddies
- true knowledge is typically minimal and easy to defend against; these
people take advantage of lax security practices and are not themselves
a threat (unless ignored)
- But there are a lot of them and they have a lot of time
- They include spam artists, and others looking for financial gain
- They use the rootkits and stay current with them
- Shared infrastructure (administrators from other sites) - backdoor (server) as well as frontdoor (service) is important;
- backdoor attacks are often silent
- administrators are human and not inherently trustworthy
- and often faced with temptation
- mistakes happen (it may be your providers mistake)
- backdoor attacks are often silent
- Site administrators - your trusted help may not be that trustworthy
- Curiosity can get the better of people
- Access control may be broader than desired
- Shared resources - access to a service may open up your service (Facebook API as an example)
- sometimes there is no enforcement of a contractual
- sometimes there is no enforcement of a contractual
- Look in the mirror - a LOT of problems stem from not reading the documentation and missing crucial steps Particularly true for Open Software Check for:
- Default passwords (or no passwords at all)
- File permissions (use least privilege model)
- Access permissions (Drupal is your friend, sort of)
- Third-party integration and authentication
- Bad coders - new, naive, ignorant, and even rarely willfully negligent (it doesn't matter why, of course)
- Same mistakes
- Same mistakes
- Malicous coders - Trojan horse, spyware, malware
- Most dangerous yet perhaps least likely threat for most Drupal site owners
- Most dangerous yet perhaps least likely threat for most Drupal site owners
Sad truth is we are all dishonest under the right circumstance and perceived anonymity is often enough; it is a dangerous world out there
Post new comment