Skip to content

Web Site Security Involves More Than Secure Scripts

Web site security is always a hot topic on the forums for any web content management system, including on the Mambo and Joomla! forums. Yesterday, Deborah Hale posted a diary entry on the SANS Internet Storm Center site, titled, "Securing A Network - Lessons Learned". Among the things she said, this really stands out:

Customer computer’s without anti-virus and/or firewall protection are a big target, not just for them but for their ISP as well. It absolutely amazed me how quickly a computer can go from compromised to abused and used. Over the July 4th weekend while reviewing my logs I noticed that one of our IP addresses, a residential customer’s home computer was sending over 200,000 emails a day. I quickly blocked the IP and determined who the customer was. In my conversation with the customer I asked them if they had an anti-virus program. They said that they did, when I asked them how long ago they had purchased the license, they couldn’t remember. It came with their computer and they bought their computer a few years ago. They said that they updated it everyday. I explained to them that it has to be renewed every year. They had no idea. It amazes me that people have no idea what it takes to protect their computer and perhaps their identity as well.

This made me think of all the work that goes in to teaching people about how to keep their CMSsites secure, and how all this can be undone if someone with administrator privileges logs into a CMS backend from a compromised computer.

Keeping web applications up-to-date is extremely important, but how many of you take as much care with your own personal computers? Are your firewalls and anti-virus software kept updated? Do you even use these (if not, you really should)?

Secunia offer a great online tool for evaluating your exposure to risk. Try it, you may be surprised by the results! http://secunia.com/software_inspector/. The downloadable Personal Software Inspector gives a more thorough analysis of your software and is a good tool to get into the habit of using.

Another online service with free tools is Audit My PC. This provides a good test of your firewall settings and shows you areas where your computer may be exposed.

When you are logged in to your web application, so is your computer. For your site to be secure, you really need to make sure your computer is too.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Posted by Lynne Pope on 4 August, 2008

Topic: Site Management
Tagged as: anti-virus software, content management system, Deborah Hale, firewall, ISP, Joomla, Mambo, online service, online tool, SANS Internet Storm Center, Secunia, web applications, web content management system, Web site security

Share on FriendFeed

{ 0 comments… be the first to comment }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Any comments that look like spam will be treated as spam - this includes SEO titles and use of spurious keywords.

By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution.

Calling All Users of Mambo - Nominate Mambo Today
How to Tell if an Email message is Fraudulent