XOOPS Brasil

 

Table of Contents

Title Page

Copyright

Dedication

Credits

About the Authors

Acknowledgments

Introduction

Overview of the Book and Technology

How This Book Is Organized

Who Should Read This Book

Tools You Will Need

Summary

Chapter 1: Introduction to CMS Security and Operations

Target Acquired

Operational Considerations

Looking at Your Site Through the Eyes of a Hacker

Steps to Gaining Access to Your Site

Examples of Threats

Reviewing Your Perimeter

How Will You Respond to an Incident?

Summary

Chapter 2: Choosing the Right Hosting Company

Types of Hosting Available

Selecting the Right Hosting Option

What to Look for in Web Host Security

Accepting Credit Cards on Your Website

Domain Name System Servers

Hosting Your Own Website Server

Summary

Chapter 3: Preventing Problems Before They Start

Choosing an Appropriate CMS for Your Needs

Building It Before You Build It

Performing CMS Installations

Advanced Security After Installation

Cleanup and Verification Before Going Live

Summary

Chapter 4: Baselining Your Existing Website

Starting Your Baseline

Identifying Areas of Trouble

Uncovering Hidden Dangers Through Vulnerability Scanning

Remediating Problems

Summary

Chapter 5: Hardening the Server Against Attack

Ensuring Secure Passwords

Securely Configuring the Linux Operating System

Securing an Apache Server

Securing SNMP

Configuring PHP for Secure Operation

Checking for Open Ports

Securing FTP Communications Ports

Securing SFTP Communications Ports

Ensuring Secure Logging

Using SSL

Miscellaneous Hardening Tasks

Physically Securing Equipment

Summary

Chapter 6: Establishing a Workable Disaster Recovery Plan

Understanding Site and Systems Disaster Planning

Identifying a Basic Backup Policy

Server-Side Backup and Restoration Methods

CMS Backup and Restoration Methods

Considerations for Setting Up Alternative Web Hosts

Additional Considerations

Summary

Chapter 7: Patching Process

Understanding the Patching Process

Understanding the Need for the Patching Process

Organizational Requirements

Security Metrics

Monitoring for New Vulnerabilities

Testing for Deployment

Documenting Your Patches

Patching after a Security Breach

Patching a CMS

Summary

Chapter 8: Log Review

Understanding the Need to Retain Logs

Planning for Your Logs

Using Standard Log Files

Using Tools to Assist in Log Analysis

Using Log Rotation

Summary

Chapter 9: Hack Recovery

Activating Your Disaster Recovery Plan

Tools for Successful Recovery

Collecting the Information

Procedures for Containment

Crisis Communication to the User Community

Reporting Attack(s) to the ISP of Origin

Summary

Chapter 10: Wireless Networks

Determining the Business Need for Wireless Networks

Understanding Threats to Your Wireless Security

Securing the Data in the Air

Employing Adequate Countermeasures

Bluetooth Security Considerations

Summary

Chapter 11: Information Security Policy and Awareness

Establishing an Information Security Policy

Social Engineering

Summary

Appendix A: Security Tools, Port Vulnerabilities, and Apache Tips

Security Tools

Backdoor Intruders

Apache Status Codes

.htaccess settings

Appendix B: Acronyms and Terminology

Index



Security Guide