• No results found

Bitrix Software Security. Powerful content management with advanced security features

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Bitrix Software Security. Powerful content management with advanced security features"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)

Bitrix Software Security

(2)

Internet Security 2009 Quick Facts

*

• 210,000 websites are attacked every month on the Internet

• $234,244 is your approx. loss count if your website is shut down by hacks • The number of hacker attack attempts sky-rocketed 671% in 2009

• The number of hacker attack attempts sky-rocketed 671% in 2009 • 41% of companies are not satisfied with their web security

*According to Dasient, White paper “Drive-by-Downloads,Web Malware Threats, and Protecting YourWebsite and Your Users”, https://wam.dasient.com/wam/info?prod=18

(3)

Is Your Company Vulnerable to Hacker Attacks?

Every day your website or corporate portal could be attacked many times, damaging the integrity of your web project. Data leaks, phishing and

unauthorized access to your website pose a real threat to your company,

making up-to-date security mechanisms mandatory. Here’s a look at the industry vulnerability chart:

vulnerability chart:

Industry Vulnerability Chart

Percentage of websites susceptible to security threats, by industry. Source: White Hat Security, "Website Security Statistics" by Trey Ford.

(4)

Main Reasons for Data Leak / Data Loss:

Data leak due to

• Inappropriate access permission distribution • Unauthorized user account registration

Data loss and data damage due to

• Weak login/password protection • Inflexible authorization policy • Weak or inflexible moderation policy

• Phishing attempts from within

• Weak protection from external threats

• Lack of internal dataflow monitoring techniques • Delay in virus and web threat security updates

• Non-adjustable session lifetime • Easy access to the website root • Harmful web-code implants

• Inappropriate notification system • Incoherence of web-code elements

(5)

How Can Bitrix Products Protect My Web Presence?

Bitrix Site Manager and Bitrix Intranet Portal include the PRO+PRO™ Security Framework that provides maximum

Framework that provides maximum

protection from thousands of threats that can be encountered on the Internet or originate locally because of inappropriate web project security policies.

(6)

PRO+PRO™ Framework Highlights:

The PRO+PRO™ framework incorporates a number of technically advanced security technologies. It uses multiple security levels, allowing you detect and combat almost all known hacking techniques. The PRO+PRO module features:

• Security Dashboard

• Proactive Filter / FireWall Web Application • One Time Password technology support • Protection of authorized sessions

• Activity Control and Intrusion Log • IP-based Protection Mechanism • Script Integrity Control

(7)

PRO+PRO™ Offers Preconfigured Protection Levels:

assigned to all web projects running without the Proactive Protection module; only basic security features are provided.

customized for projects conforming to higher security requirements (standard level +

kernel module event logging, storing security features are provided.

uses most common proactive protection

features (everything offered by the basic level + proactive web filter, intrusion log, activity control, CAPTCHA, error log, etc.)

kernel module event logging, storing sessions in the database, etc.)

assigned to all projects requiring maximum protection from internal/external threats (all high level security features + OTP support, control script integrity verification, etc.)

(8)

Web Application Firewall

The firewall filters incoming website requests for malicious code, hacker

attacks and suspicious activity like buffer attacks and suspicious activity like buffer overflow. Protects against XSS, CSRF, SQL injection and File Include attacks.

(9)

Web Anti-Virus

• An elaborate web antivirus system

• Shields websites against harmful HTML-implants • Detects 90% of potential infection threats

• Notifies administrator upon location of dangerous code • Detects and reports incoherent code elements

(10)

One-Time Passwords (OTP)

A hardware token generates a series of digits which the user adds to his password at each log in. This means that the password will be different with every new session. Even if a third-party illegally acquires your password, it will not be possible to use to

(11)

File Integrity Log

This feature allows you to detect any changes that could have been made to the system files.

Administrators can verify the integrity of the system Administrators can verify the integrity of the system kernel, system files or public files anytime. The File Integrity Log helps you identify unauthorized

(12)

Script Integrity Monitor

File integrity control Verification of the file integrity control script

• Tracks file system changes • Verifies kernel integrity

• Verifies system area integrity • Verifies public files integrity

• Verifies the file integrity control script for changes

• Protects the script using the keyword and password pair

(13)

Intelligent System Backup

This backup feature protects the website from a range of risks from server hardware failure to

malware infection. When a website gets infected, it malware infection. When a website gets infected, it is nearly impossible to eliminate all the bits of

malicious code. They are usually spread over all the site content and manual eradication would require too much time. With a backup in place, you can simply restore the original non-infected version.

(14)

Anti-Phishing Protection

Phishing – an illegal attempt to acquire private information (usernames, passwords, credit card details, etc.) that is made through a routine activity details, etc.) that is made through a routine activity performed on a website that is thought to be

trustworthy. The PRO+PRO module allows you to stop redirection to potentially dangerous websites, offering your website visitors even more safety.

(15)

Flexible Access Management

PRO+PRO Security Framework leverages the power of a variety of mechanisms for protection from the external threats and an advanced user from the external threats and an advanced user permission management system. These features combine to allow customized access permission to sections, pages and even page objects in a most flexible manner.

(16)

Automatic Updates

Bitrix products offer click-away security updates with real-time notifications about new patches and bug-fixes available. All updates affect only the system fixes available. All updates affect only the system core and will not cause any data change in the public view part (front-end) of your web project.

(17)

PRO+PRO Crash Test 2009

More than six hundred Russian hackers tried to invade the brand-new Bitrix PRO+PRO™ security framework as part of the "Bitrix Real-Time Hack framework as part of the "Bitrix Real-Time Hack Competition". The test was organized during the "Chaos Constructions CC9 Festival" in August 2009. During the competition, more than 25.000 attacks on the Proactive Protection security mechanism were repulsed, proving its superb reliability!

(18)

More Information about PRO+PRO Framework:

Bitrix PRO+PRO Security Framework Overview:

http://www.bitrixsoft.com/products/intranet/security.php

Bitrix Web Anti-Virus Main Features:

http://www.bitrixsoft.com/products/intranet/security.php#tab-antivirus-link http://www.bitrixsoft.com/products/intranet/security.php#tab-antivirus-link

Bitrix Proactive Protection Guide:

http://www.bitrixsoft.com/download/manuals/en/security_tutorial.pdf

(19)

Thank you!

Thank you!

References

Download now ( PDF - 19 Page - 0.95 MB )

Related documents

We can do it, but I wouldn\u27t like it: Gender, interests, and occupational perceptions

perceptions of the masculinity and femininity of RIASEC types and to examine the contributions of vocational interests, gender identity, and attitudes toward women in accounting

Automatic Caricature Recognition

Attribute Labelling Add Caricature to Database Take the attributes Compare the Attributes Automatic Feature Extraction Pre-Process Image (Face de- tection+Eye Detec- tion+ASM)

Analysis of vertical reinforcement in slender reinforced concrete (tilt-up) panels with openings & subject to varying wind pressures

With the Alternative Design of Slender Walls method, vertical reinforcement was determined for tilt-up wall panels subject to axial load and out-of-plane uniform lateral wind

Financial Strategies and Resources for Sustaining Small Business in Kumba, Cameroon

The purpose of this qualitative exploratory multiple case study was to explore the financial strategies and resources small lodging business owners in Kumba, Cameroon, use to

An Appraisal of the Motivators for and Inhibitors to Information Communication Technology (ICT) Use and Adoption by SMEs in Nigeria

Other themes related to influence on the use and adoption of ICT by SMEs in Nigeria such as; management and acquisition of ICT, management perception of ICT,

Free/Open Source Software Open Standards

For example, if a multinational organization requires that all its offices worldwide use office software applications that can read and write files using the Open Document format –

THE GEOGRAPHY OF STOCK MARKET PARTICIPATION: THE INFLUENCE OF COMMUNITIES AND LOCAL FIRMS

The second effect we report in this paper, namely that a stronger presence of publicly- traded firms in one’s community increases the probability of equity market participation, is

Socially Responsible Investments - The Success Factor in Portfolio Management

In identifying whether social preferences are an important determinant for investing socially responsible we need to control for individual differences in