CMS Security round-up: Avoid being a target


This internet security round-up will ensure you have the resources and knowledge to apply best practice to your CMS.

In recent times we have seen some large companies suffering high-profile security breaches such as Yahoo, AdultFriendFinder and TalkTalk. In reviewing the TalkTalk situation, we highlighted what types of threats that you may face in - 'As TalkTalk are fined what website security threats do we face'.

This sent us on a campaign to inform of the pitfalls that are out there and produce a few high-level steps that you can follow to make sure your site is more secure.

Securing CMS Platforms 

For each of the following CMS platforms, we have produced a handy 10 point plan as the first port of call to ensure you are not 'leaving the key in the door' so to speak.

Kentico
How to secure your Kentico CMS Platform

Sitefinity
How to secure your Sitefinity CMS platform

Sitecore
How to secure your Sitecore CMS platform

Umbraco 
How to secure your Umbraco CMS platform 

Development Best Practice

For a more overarching view of best practice, the following resources offer guidance for implementation partners to be aware of. These will help in stopping and minimising any possible areas of concern:

A good/bad example (depending on which way you look at it) is that of Yahoo. Unfortunately, they exposed the personal data of 1 billion users. The reason, because they were using a depreciated algorithm(MD5) to store data.

Jonathan Care, research director at analysts Gartner, explains: 

“MD5 hashing is vulnerable to an attack type called ‘collision attacks’ which means that an attacker can find a string of characters that will resolve to the same hash as a hashed password. MD5 has strongly depreciated and this points to troubling software development security practices in Yahoo or its suppliers.” 
 
If this isn’t bad enough, the cost implications are going to be massive for Yahoo, John Madelin, CEO at RelianceACSN and a former vice president responsible for the Verizon Data Breach Investigations Report explains:

“If Verizon were seeking a billion-dollar discount from the agreed $4.8bn takeover [as a result of the last breach], then logically a breach twice the size should shave off a further $2bn.”

If you are interested to know more on the hacking terminology, this is another great read.

Keep up-to-date with security news

There are a few sites which I regularly read to keep myself in the loop on what's happening within the industry. The ones I recommend that you bookmark are:

Think your CMS password is secure enough?

Ever wondered how strong your password is and how long it would take to for a hacker to crack. Well, now you can! 
Selecting an obscure and complex password and changing it frequently can spell the difference between keeping your website/data secure and having your website compromised. The general rule of thumb, the longer the password, the safer the password will be. 
A real world example would be the iCloud leak of celebrity photos where hackers could have taken advantage of a security issue in the iCloud API. This allowed them to make unlimited attempts at guessing victims' passwords. While yes a flaw in the iCloud system, many of these passwords were compromised more easily due to these accounts having a weak password.

Check if your website is secure?

There are a few tools out-on-the market which run to see if you are at risk from a technical point of view. Simply, the aim is to see if there are any red flags or identify any areas of concern with the website and/or the server. 

In summary

We would recommend that you take the following steps to ease any security concerns you have:

  • Review your current site to illustrate your strengths and weaknesses
  • Provide recommendations that will increase security
  • Action the amendments and/or perform any upgrades/hotfixes.

Still at a loss? Quba can review your current site and provide recommendations that will increase security and ensure best practice is adhered to, and if required, physically perform the upgrades and execute delivery. 

Call: 0114 279 7779 or Email: hello@quba.co.uk to speak to a Quban.

16 Feb

2017
Chris Bainbridge
Listed in: 
Estimated read time:
 words,  minutes

Signup to receive these articles straight to your inbox.

You may also likeā€¦