Bitrix Software Security. Powerful content management with advanced security features

Similar documents
Introduction: 1. Daily 360 Website Scanning for Malware

Passing PCI Compliance How to Address the Application Security Mandates

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Application Intrusion Detection

Cybersecurity Health Check At A Glance

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Internet threats: steps to security for your small business

ReadySpace Limited Unit J, 16/F Reason Group Tower, Castle PeakRoad, Kwai Chung, N.T.

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Reining in the Effects of Uncontrolled Change

Data Management Policies. Sage ERP Online

The Key to Secure Online Financial Transactions

IT Security Incident Management Policies and Practices

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Where every interaction matters.

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Cloud Security:Threats & Mitgations

Student Tech Security Training. ITS Security Office

Enterprise-Grade Security from the Cloud

ensuring security the way how we do it

Business Internet Banking / Cash Management Fraud Prevention Best Practices

The Cyber Threat Profiler


Better secure IT equipment and systems

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Clavister InSight TM. Protecting Values

IBM Protocol Analysis Module

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

The Real State of WiFi Security in the Connected Home August 25, 2015

PROACTIVE PROTECTION MADE EASY

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

End-user Security Analytics Strengthens Protection with ArcSight

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Ovation Security Center Data Sheet

Reducing Application Vulnerabilities by Security Engineering

Remote Deposit Quick Start Guide

WEB ATTACKS AND COUNTERMEASURES

Security Policy JUNE 1, SalesNOW. Security Policy v v

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Secure Web Access Solution

Managed Security Services

MONTHLY WEBSITE MAINTENANCE PACKAGES

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

Don t Fall Victim to Cybercrime:

A Case for Managed Security

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

ICTN Enterprise Database Security Issues and Solutions

Fifty Critical Alerts for Monitoring Windows Servers Best practices

Business ebanking Fraud Prevention Best Practices

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security: Beginners Guide to Firewalls

Contents. McAfee Internet Security 3

Computer Security Maintenance Information and Self-Check Activities

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Kaspersky Security 9.0 for Microsoft SharePoint Server Administrator's Guide

Firewall and UTM Solutions Guide

Application Security Testing. Generic Test Strategy

LogRhythm and NERC CIP Compliance

Computer Viruses: How to Avoid Infection

NATIONAL CYBER SECURITY AWARENESS MONTH

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Information Security for Modern Enterprises

Symantec Protection Suite Small Business Edition A simple, effective and affordable solution designed for small businesses

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Automation Suite for. 201 CMR Compliance

Table of Contents. Page 2/13

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

10 Smart Ideas for. Keeping Data Safe. From Hackers

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Advantages of Managed Security Services

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Transcription:

Bitrix Software Security Powerful content management with advanced security features

Internet Security 2009 Quick Facts* 210,000 websites are attacked every month on the Internet $234,244 is your approx. loss count if your website is shut down by hacks The number of hacker attack attempts sky-rocketed 671% in 2009 41% of companies are not satisfied with their web security *According to Dasient, White paper Drive-by-Downloads,Web Malware Threats, and Protecting YourWebsite and Your Users, https://wam.dasient.com/wam/info?prod=18 Slide 2 of 19

Is Your Company Vulnerable to Hacker Attacks? Every day your website or corporate portal could be attacked many times, damaging the integrity of your web project. Data leaks, phishing and unauthorized access to your website pose a real threat to your company, making up-to-date security mechanisms mandatory. Here s a look at the industry vulnerability chart: Industry Vulnerability Chart Percentage of websites susceptible to security threats, by industry. Source: White Hat Security, "Website Security Statistics" by Trey Ford. Slide 3 of 19

Main Reasons for Data Leak / Data Loss: Data leak due to Inappropriate access permission distribution Unauthorized user account registration Weak or inflexible moderation policy Phishing attempts from within Weak protection from external threats Lack of internal dataflow monitoring techniques Delay in virus and web threat security updates Data loss and data damage due to Weak login/password protection Inflexible authorization policy Non-adjustable session lifetime Easy access to the website root Harmful web-code implants Inappropriate notification system Incoherence of web-code elements Slide 4 of 19

How Can Bitrix Products Protect My Web Presence? Bitrix Site Manager and Bitrix Intranet Portal include the PRO+PRO Security Framework that provides maximum protection from thousands of threats that can be encountered on the Internet or originate locally because of inappropriate web project security policies. Slide 5 of 19

PRO+PRO Framework Highlights: The PRO+PRO framework incorporates a number of technically advanced security technologies. It uses multiple security levels, allowing you detect and combat almost all known hacking techniques. The PRO+PRO module features: Security Dashboard Proactive Filter / FireWall Web Application One Time Password technology support Protection of authorized sessions Activity Control and Intrusion Log IP-based Protection Mechanism Script Integrity Control Stop Lists and Security Logs Slide 6 of 19

PRO+PRO Offers Preconfigured Protection Levels: assigned to all web projects running without the Proactive Protection module; only basic security features are provided. customized for projects conforming to higher security requirements (standard level + kernel module event logging, storing sessions in the database, etc.) uses most common proactive protection features (everything offered by the basic level + proactive web filter, intrusion log, activity control, CAPTCHA, error log, etc.) assigned to all projects requiring maximum protection from internal/external threats (all high level security features + OTP support, control script integrity verification, etc.) Slide 7 of 19

Web Application Firewall The firewall filters incoming website requests for malicious code, hacker attacks and suspicious activity like buffer overflow. Protects against XSS, CSRF, SQL injection and File Include attacks. Slide 8 of 19

Web Anti-Virus An elaborate web antivirus system Shields websites against harmful HTML-implants Detects 90% of potential infection threats Notifies administrator upon location of dangerous code Detects and reports incoherent code elements Includes a "white list" to reduce false positive alerts Slide 9 of 19

One-Time Passwords (OTP) A hardware token generates a series of digits which the user adds to his password at each log in. This means that the password will be different with every new session. Even if a third-party illegally acquires your password, it will not be possible to use to authorize on your website. Slide 10 of 19

File Integrity Log This feature allows you to detect any changes that could have been made to the system files. Administrators can verify the integrity of the system kernel, system files or public files anytime. The File Integrity Log helps you identify unauthorized changes, thus preventing intrusion attempts. Slide 11 of 19

Script Integrity Monitor File integrity control Verification of the file integrity control script Tracks file system changes Verifies kernel integrity Verifies system area integrity Verifies public files integrity Verifies the file integrity control script for changes Protects the script using the keyword and password pair Slide 12 of 17

Intelligent System Backup This backup feature protects the website from a range of risks from server hardware failure to malware infection. When a website gets infected, it is nearly impossible to eliminate all the bits of malicious code. They are usually spread over all the site content and manual eradication would require too much time. With a backup in place, you can simply restore the original non-infected version. Slide 13 of 19

Anti-Phishing Protection Phishing an illegal attempt to acquire private information (usernames, passwords, credit card details, etc.) that is made through a routine activity performed on a website that is thought to be trustworthy. The PRO+PRO module allows you to stop redirection to potentially dangerous websites, offering your website visitors even more safety. Slide 14 of 19

Flexible Access Management PRO+PRO Security Framework leverages the power of a variety of mechanisms for protection from the external threats and an advanced user permission management system. These features combine to allow customized access permission to sections, pages and even page objects in a most flexible manner. Slide 15 of 19

Automatic Updates Bitrix products offer click-away security updates with real-time notifications about new patches and bug- fixes available. All updates affect only the system core and will not cause any data change in the public view part (front-end) of your web project. Slide 16 of 19

PRO+PRO Crash Test 2009 More than six hundred Russian hackers tried to invade the brand-new Bitrix PRO+PRO security framework as part of the "Bitrix Real-Time Hack Competition". The test was organized during the "Chaos Constructions CC9 Festival" in August 2009. During the competition, more than 25.000 attacks on the Proactive Protection security mechanism were repulsed, proving its superb reliability! Slide 17 of 19

More Information about PRO+PRO Framework: Bitrix PRO+PRO Security Framework Overview: http://www.bitrixsoft.com/products/intranet/security.php Bitrix Web Anti-Virus Main Features: http://www.bitrixsoft.com/products/intranet/security.php#tab-antivirus-link Bitrix Proactive Protection Guide: http://www.bitrixsoft.com/download/manuals/en/security_tutorial.pdf Bitrix SiteUpdate System Overview: http://www.bitrixsoft.com/products/intranet/siteupdate.php Slide 18 of 19

Thank you! Sales Department: sales@bitrixsoft.com Website: http://www.bitrixsoft.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information