If I had to choose just one tip for keeping your web server secure, it
would be:
Keep your web applications up to date!I can't stress that one enough. While it's important to keep your firewalls tightened Apache and PHP up to date, it will not secure your web environment from vulnerabilities that exist within your web applications.
I've seen a number of system administrators diligently keep Apache, PHP, MySQL, the kernel, and every other aspect of their system up to date, yet they are running a version of Wordpress older than my socks.
(My socks are at least 4 years old, but I do wash them regularly.)
Here is what I suggest:
It's very important to take inventory of any web applications that you use -- blogs, forum software, chat applications, CRM packages, content management solutions, etc. Include open source and commercial applications.
Find an authoritative source of security information for each application you have installed. Most will offer a security-announce list or a user forum where security updates are posted. Subscribe so that you are notified immediately of important security updates. Here are a few for popular web applications:
Wordpress
Joomla
vBulletin
Some web applications are notoriously tricky to upgrade. Duplicate the application, perform a test upgrade, and make sure everything works before upgrading your production version.
Treat these updates as high priority items.
This is not a comprehensive how-to on web security, but keeping your web apps up-to-date is an important piece of any security model.
0 comments:
Post a Comment