Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Security Step #1 - Regularly Update EVERYTHING

   

All Software should be updated
Regularly including.  Create a regular...
Security Step #2 - Implement Password Security

 

° Avoid Default UN/ Passwords

° Implement Strong Passwords

> Goal:  H...
Security Step #3 - Implement Multi-factor Authentication

 
       

Problem
- Lost or stolen passwords
allow hackers to b...
Security Step #4 — Use a Web Application Firewall (WAF)

 

80“'96% of all websites have high risk vulnerabilities

13% of...
Security Step #4 - Use a Web Application Firewall (WAF)

 

0 WAFs provide similar protection as traditional network layer...
Security Step #5 Implement a DDoS mitigation Strategy

 

° DDoS attacks make your website completely inaccessible

C i
2 ...
Security Step #6 - Use a Secure Hosting Environment

 

Hacked Website Your Website

 

Problem

- If any site on a server...
Security Step #6 - Use a Secure Hosting Environment

 

Pick a Secure Hosting Provider that offers

- Segregated environme...
Prochain SlideShare
Chargement dans…5
×

Wordpress security webinar by Incapsula

Wordpress security webinar by Incapsula

  • Identifiez-vous pour voir les commentaires

  • Soyez le premier à aimer ceci

Wordpress security webinar by Incapsula

  1. 1. Security Step #1 - Regularly Update EVERYTHING All Software should be updated Regularly including. Create a regular schedule to update patches for: ° WordPress ' Plugins 0 Web servers ) lncapsula
  2. 2. Security Step #2 - Implement Password Security ° Avoid Default UN/ Passwords ° Implement Strong Passwords > Goal: Hard to Guess / Hard to brute Force attack > Include — Mixed CASe > Include - NuMB3rS : - Include — SP3C!4LCh@RS > Use a password phrase - BowTies 4r3 Cool! ° Use different passwords for different sites ° Change your password periodically > '”Ca. D_8.U, '.e
  3. 3. Security Step #3 - Implement Multi-factor Authentication Problem - Lost or stolen passwords allow hackers to bypass your security measure um I w you “cow” 0 USIIIJAHI l°'| 'IO'I-UVUD (cm 5°'“"°" . .,, ..°. ,, ‘assess - Secure Admin areas with D , .,, ,,, .,, .. — “W ‘ A’ multi-factor authentication Email ENTER VERIFICATION coo: V bufinuvoau-unnI%. euuv I SMS noun-venue-you-tuna: -at-ta » Google Authenticator "“"‘°°' ““" — - Other ? Cl fig > '“Ce. e:3vJe
  4. 4. Security Step #4 — Use a Web Application Firewall (WAF) 80“'96% of all websites have high risk vulnerabilities 13% of websites can be compromised automatically Most wide spread vulnerabilities are 0 Cross-site Scripting - SQL Injection - Information Leakage - HTTP Response Splitting in . no ova -cup-x -pu~. uu. ‘4uIsvan. Auua—i. vs~uQ. v$sn—n , lncapsula
  5. 5. Security Step #4 - Use a Web Application Firewall (WAF) 0 WAFs provide similar protection as traditional network layer firewall but for a web application - Using a WAF can protect website from application layer hacking attempts - WAFs should be used in conjunction with traditional firewalls Non HTl‘P"HH'f'SAt1xt Ijtun HTTPJMTYPS Mud Standard Firewall > lncapsule
  6. 6. Security Step #5 Implement a DDoS mitigation Strategy ° DDoS attacks make your website completely inaccessible C i 2 Your Intemet 1.7% I m C: — = . _: ) Connection I = —. - - VourI$P YourSlte DDoS Traffic Legitimate Traffic - lll ll 0 If website availability is important to you, then DDoS protection should be too 0 Any application without a DDoS mitigation strategy is at risk > '“Ce.0&w'e
  7. 7. Security Step #6 - Use a Secure Hosting Environment Hacked Website Your Website Problem - If any site on a server is hacked, there's a chance that any other site on that same server could be vulnerable. > '“Ce.0e we
  8. 8. Security Step #6 - Use a Secure Hosting Environment Pick a Secure Hosting Provider that offers - Segregated environment (physically or logically) ° Network layer firewalls ' Vulnerability scanning > Infrastructure : - Servers : - Databases 2 Applications ° Backup Services ° Security Certification 7' SAS 70 Type II r- SSAE 16 Type II > Incapsula

×