Slide 1

Slide 1 text

Security Best Practices for Agencies

Slide 2

Slide 2 text

@VicDrover Panama Papers

Slide 3

Slide 3 text

@VicDrover Joomla implicated in data loss

Slide 4

Slide 4 text

@VicDrover Threats keep coming

Slide 5

Slide 5 text

@VicDrover JED Server Security Incident

Slide 6

Slide 6 text

@VicDrover Levels of website security

Slide 7

Slide 7 text

@VicDrover Levels of website security

Slide 8

Slide 8 text

@VicDrover Levels of website security

Slide 9

Slide 9 text

Client Passwords

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

@VicDrover Agency Passwords

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

@VicDrover Trust extends to your team

Slide 14

Slide 14 text

@VicDrover Email security

Slide 15

Slide 15 text

@VicDrover Staff

Slide 16

Slide 16 text


Slide 17

Slide 17 text

@VicDrover Disaster Response Plan

Slide 18

Slide 18 text

@VicDrover Initial response Who, What, When Emergency contact info Service provider info 1-time use passwords

Slide 19

Slide 19 text

Agency 7

Slide 20

Slide 20 text

Agency 7

Slide 21

Slide 21 text

@VicDrover Security policy Email usage Resource access Password strength Password duration Account sharing Team composition Disaster planning Continuing Education

Slide 22

Slide 22 text

@VicDrover Levels of website security Local Remote

Slide 23

Slide 23 text

@VicDrover Website: one piece of the puzzle

Slide 24

Slide 24 text

@VicDrover PHP Usage

Slide 25

Slide 25 text

@VicDrover Webserver security

Slide 26

Slide 26 text

@VicDrover Heartbleed

Slide 27

Slide 27 text

@VicDrover SSL Report:

Slide 28

Slide 28 text

@VicDrover Let’s Encrypt

Slide 29

Slide 29 text

@VicDrover Other local issues SSH on non-default port, encryption keys Disable FTP Strong database password Enable logging Disable magic_quotes Disable register_globals

Slide 30

Slide 30 text

@VicDrover Levels of website security Local Remote

Slide 31

Slide 31 text

@VicDrover Remote services - email

Slide 32

Slide 32 text

@VicDrover Remote services - DNS

Slide 33

Slide 33 text

@VicDrover Remote services - reverse proxy

Slide 34

Slide 34 text

@VicDrover Remote services - reverse proxy

Slide 35

Slide 35 text

@VicDrover Levels of website security

Slide 36

Slide 36 text

@VicDrover Well-known Joomla best-practices Unique administrator account Disable guest registration Remove Joomla installation directory No FTP password storage Disable Error Reporting

Slide 37

Slide 37 text

@VicDrover YourSites MySites Best Practice Scanners

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

No content

Slide 40

Slide 40 text

@VicDrover Enforce strong passwords

Slide 41

Slide 41 text

@VicDrover Password control

Slide 42

Slide 42 text

@VicDrover Password expiry

Slide 43

Slide 43 text

After activation you may login to your website using the following username and password:

Slide 44

Slide 44 text

No content

Slide 45

Slide 45 text

@VicDrover Other site tips Prevention Software firewall (Admin Tools, RS Firewall) Protect admin areas with a password/token Don’t store credit card data locally Don’t share user accounts!!! Log User Activity

Slide 46

Slide 46 text

No content

Slide 47

Slide 47 text

@VicDrover Apply update early & often

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

No content