XOOPS Brasil


Table of Contents

Title Page




About the Authors



Overview of the Book and Technology

How This Book Is Organized

Who Should Read This Book

Tools You Will Need


Chapter 1: Introduction to CMS Security and Operations

Target Acquired

Operational Considerations

Looking at Your Site Through the Eyes of a Hacker

Steps to Gaining Access to Your Site

Examples of Threats

Reviewing Your Perimeter

How Will You Respond to an Incident?


Chapter 2: Choosing the Right Hosting Company

Types of Hosting Available

Selecting the Right Hosting Option

What to Look for in Web Host Security

Accepting Credit Cards on Your Website

Domain Name System Servers

Hosting Your Own Website Server


Chapter 3: Preventing Problems Before They Start

Choosing an Appropriate CMS for Your Needs

Building It Before You Build It

Performing CMS Installations

Advanced Security After Installation

Cleanup and Verification Before Going Live


Chapter 4: Baselining Your Existing Website

Starting Your Baseline

Identifying Areas of Trouble

Uncovering Hidden Dangers Through Vulnerability Scanning

Remediating Problems


Chapter 5: Hardening the Server Against Attack

Ensuring Secure Passwords

Securely Configuring the Linux Operating System

Securing an Apache Server

Securing SNMP

Configuring PHP for Secure Operation

Checking for Open Ports

Securing FTP Communications Ports

Securing SFTP Communications Ports

Ensuring Secure Logging

Using SSL

Miscellaneous Hardening Tasks

Physically Securing Equipment


Chapter 6: Establishing a Workable Disaster Recovery Plan

Understanding Site and Systems Disaster Planning

Identifying a Basic Backup Policy

Server-Side Backup and Restoration Methods

CMS Backup and Restoration Methods

Considerations for Setting Up Alternative Web Hosts

Additional Considerations


Chapter 7: Patching Process

Understanding the Patching Process

Understanding the Need for the Patching Process

Organizational Requirements

Security Metrics

Monitoring for New Vulnerabilities

Testing for Deployment

Documenting Your Patches

Patching after a Security Breach

Patching a CMS


Chapter 8: Log Review

Understanding the Need to Retain Logs

Planning for Your Logs

Using Standard Log Files

Using Tools to Assist in Log Analysis

Using Log Rotation


Chapter 9: Hack Recovery

Activating Your Disaster Recovery Plan

Tools for Successful Recovery

Collecting the Information

Procedures for Containment

Crisis Communication to the User Community

Reporting Attack(s) to the ISP of Origin


Chapter 10: Wireless Networks

Determining the Business Need for Wireless Networks

Understanding Threats to Your Wireless Security

Securing the Data in the Air

Employing Adequate Countermeasures

Bluetooth Security Considerations


Chapter 11: Information Security Policy and Awareness

Establishing an Information Security Policy

Social Engineering


Appendix A: Security Tools, Port Vulnerabilities, and Apache Tips

Security Tools

Backdoor Intruders

Apache Status Codes

.htaccess settings

Appendix B: Acronyms and Terminology


Security Guide