secure your umbraco - perplex · 2016-12-20 · security | het landschap ids, ddos protection,...
TRANSCRIPT
![Page 1: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/1.jpg)
Secure your UmbracoJeffrey Schoemaker | Perplex Internetmarketing
![Page 2: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/2.jpg)
Introductie | Wie ben ik?Programmeur & CISSP
UmbracoEditor experienceAccessibilityPerformanceSecurity
![Page 3: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/3.jpg)
Introductie | Wie zijn wij?
Perplex Internetmarketing30 marketeers, designers & programmeurs
Mercedes-Benz | AZL | ING
Focus Filmtheater | Het Gelders Orkest
VieCuri Medisch Centrum | Rijnstate | ZiekenhuisGroep TwenteSchipholTickets | SchipholTravel
FNV | Aevitae
Maker van 3 packages
![Page 4: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/4.jpg)
Security | Het landschap
IDS, DDOS Protection, AntiVirus, Wifi, File Integrity Checking, IPS, SAML, CSRF, Firewalls, SocialEngineering, RAID, OSI-model, Failsafe vs Failsecure, BlowFish, BRP, HIPAA, Worm, Smurf-attack,
X-Frame, Poodle-vulnerable, Hearsay evidence, Atlassian, Kerberos, Penetration Testing, Encryption, Patching, NIDS vs HIDS, UPS, PCI-DSS Compliance, ISO, Common Criteria, Password,
TEMPEST attack, Single-Point-of-Failure, Biometrics, SSL, HVAC, Bell-LaPadula, CSP, Lattice BasedAccess Model, AES, Delphi Technique, Tripwire, DAC, Lucifer, ECB, MAC, El-Gamal, WEP, RBAC, Privilege Creep, ALE, SLE, ARO, SOC, SAS70, FISMA, Gramm-Leach-Bliley-Act, Bluesnarfing,
NetBIOS, SOX, NIST, Open relay, Due Care, Threat, PBKDF2, War Chalking, SSID, Cookies, Ping-of-Death, ITIL, L2TP, Six Sigma, DMZ, no-sniff, Brouter, RADIUS, Ticket-Granting Service, Buffer
Overflows, 3-DES, Honeypot, Virtualization, PGP, PEM, TCB, Security Perimeter, HSTS, PIDAS, AES, State Machines, Zero day, Public-Key Pinning, Kernel Proxy Firewall, Chinese Wall model, NDA, CMMI, Salami attack, SIEM, Chain of Custody, QoS, OWASP, Covert Channel, SESAME, CCTV, PTZ,
IPS, Daisy Chaining, Avalanche effect, Brownout, Deluge, Montreal Conference, S/MIME, X-Content-Type-Options Kerckhoff’s Principle, RTO, MTBF, 10Base5, Warm Site, XSS, SLA, Locard’sPrincipal of Exchange, Dumpster Diving, Cybersquatting, DHCP Snooping, BIA, Time-of-check /
Time-of-use, BYOD, X.509, IPv6, IPSec…
![Page 5: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/5.jpg)
Agenda
Security focus 11 tips Security & Umbraco
![Page 6: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/6.jpg)
Security
Don’t outrun the bear, outrun your friends!
Layered Defense
Een ketting is zo sterk als…
“Zorg dat het bij de buurman aantrekkelijker is” of…
Een gemiddelde hack duurt 372 dagen
![Page 7: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/7.jpg)
Aantrekkelijkheid|
Gevoeligheid van data datingsites Inhoud van de data creditcardnummers Hoeveelheid van de data Eenvoud om de data te verkrijgen Bekendheid van de site
![Page 8: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/8.jpg)
Data |
PII (Personally Identifiable Information)
Creditcard-gegevens
Data in motion vs. data in rest
{ Naam | Adres | E-mailadres | Paspoortnummer | Kenteken | Geboortedatum | Loginnaam }
![Page 9: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/9.jpg)
Security reviews |
Te weinig tijd om heel diep te graven Blackbox vs. whitebox Automatische tests en tools: “Pas toe óf leg uit” Standaard aandachtspunten
{ Querystrings | Technisch }{ Login-proces | Proces }{ HTTPS | Technisch }{ Cookies & headers | Technisch }{ Deploy & configuratieproces | Proces }{ Wijze van bouwen | Proces }{ Forms posts | Technisch }
![Page 10: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/10.jpg)
11 tips|
Basistips, om je goed op weg te helpen!
![Page 11: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/11.jpg)
Tip 1| Gebruik HTTPS
Geen enkele (goede) reden om dit niet te doen
Firefox & Chrome gaan je site blokkeren als er een password-pagina is zonder HTTPS
Patch je server en/of loadbalancer!
Snelheidsvoordeel http 2.0
Moeilijkheid Impact Kans dat je iets kapot maakt
![Page 12: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/12.jpg)
Tip 2| IP-lock Umbraco
Umbraco locken op IP(-range)
Vergeet niet je /umbraco/api/ weer open te zetten in het geval van UmbracoApi-controllers
Moeilijkheid Impact Kans dat je iets kapot maakt
![Page 13: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/13.jpg)
Tip 3| Weet hoe je security in elkaar zit
Zorg voor een sterk hashing-algoritme Geen MD5, SHA-1, SHA-256, SHA-512 Use bcrypt of pbkdf2
Weet of je je data encrypt opslaat en zo ja hoe AES
Moeilijkheid Impact Kans dat je iets kapot maakt
![Page 14: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/14.jpg)
Tip 4| Gebruik de juiste headers
X-Content-Type-Options
Moeilijkheid Impact Kans dat je iets kapot maakt
no-sniff
![Page 15: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/15.jpg)
Tip 4| Gebruik de juiste headers
X-Frame-Options
Moeilijkheid Impact Kans dat je iets kapot maakt
Deny / SameOrigin
![Page 16: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/16.jpg)
Tip 4| Gebruik de juiste headers
X-XSS-Protection
Moeilijkheid Impact Kans dat je iets kapot maakt
1; mode=block
![Page 17: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/17.jpg)
Tip 4| Gebruik de juiste headers
Strict-Transport-Security
Moeilijkheid Impact Kans dat je iets kapot maakt
max-age=31536000; preload;include subdomains
![Page 18: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/18.jpg)
Tip 4| Gebruik de juiste headers
Content-Security-Policy
Moeilijkheid Impact Kans dat je iets kapot maakt
default-src 'self' *.youtube.com *.google.com; child-src 'self' *.google.com *.vimeo.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.nl *.googleapis.com *.google.com *.youtube.com s.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.google.nl *.google.com; img-src 'self' data: *.google.nl *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net; font-src 'self' data:; form-action 'self'; reflected-xss block; report-uri https://perplex.report-uri.io/r/default/csp/reportOnly;
![Page 19: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/19.jpg)
Tip 4| Gebruik de juiste headers
Content-Security-Policy
Moeilijkheid Impact Kans dat je iets kapot maakt
default-src 'self' *.youtube.com *.google.com; child-src 'self' *.google.com *.vimeo.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.nl *.googleapis.com *.google.com *.youtube.com s.ytimg.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.google.nl *.google.com; img-src 'self' data: *.google.nl *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net; font-src 'self' data:; form-action 'self'; reflected-xss block; report-uri https://perplex.report-uri.io/r/default/csp/reportOnly;
![Page 20: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/20.jpg)
Tip 4| Gebruik de juiste headers
Public-Key-Pins
Moeilijkheid Impact Kans dat je iets kapot maakt
??
![Page 21: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/21.jpg)
Tip 5| Heb een patch proces in place
Moeilijkheid Impact Kans dat je iets kapot maakt
Wat patch je allemaal Hardware Servers Loadbalancers Routers Firewalls
Software Wij patchen alleen high risk security issues in Umbraco
![Page 22: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/22.jpg)
Tip 6| Check je cookies
Moeilijkheid Impact Kans dat je iets kapot maakt
Secure & HttpOnly
![Page 23: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/23.jpg)
Tip 7| Hoe lang bewaar je data?
Moeilijkheid Impact Kans dat je iets kapot maakt
Hoe lang sla je iets op? En waarom? Logs E-mails Overige data Hoe minder data, hoe minder aantrekkelijk
![Page 24: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/24.jpg)
Tip 8| Check je leveranciers
Moeilijkheid Impact Kans dat je iets kapot maakt
Waar host je de website? Azure?
Sla je data ook nog in andere systemen op? Hoe gaan die om met de data? Waar hosten die? Hoe zijn die beveiligd?
n.v.t.
![Page 25: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/25.jpg)
Tip 9| Testing & Tooling
Moeilijkheid Impact Kans dat je iets kapot maakt
Qualys Wordt ook gebruikt voor Thuiswinkel Waarborg Betaalde tool
n.v.t.
![Page 26: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/26.jpg)
Tip 9| Testing & Tooling
Moeilijkheid Impact Kans dat je iets kapot maakt
https://asafaweb.com https://securityheaders.io/https://www.ssllabs.com/ssltest/https://www.htbridge.com/sslhttps://www.htbridge.com/websec
n.v.t.
![Page 27: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/27.jpg)
https://asafaweb.com
![Page 28: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/28.jpg)
https://securityheaders.io
![Page 29: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/29.jpg)
https://www.ssllabs.com/ssltest
![Page 30: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/30.jpg)
https://www.htbridge.com/ssl
![Page 31: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/31.jpg)
https://www.htbridge.com/websec
![Page 32: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/32.jpg)
Tip 10| Beveilig je test & acceptatie-omgeving
Moeilijkheid Impact Kans dat je iets kapot maakt
Alsof het productie is
![Page 33: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/33.jpg)
Tip 11| OWASP
Moeilijkheid Impact Kans dat je iets kapot maakt
SQL Injection
![Page 34: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/34.jpg)
Reguliere audits
Built on ASP.NET Identity
Locking van users
Password rules
Automated logout
Wachtwoord vergeten-functionaliteit
Zie: https://umbraco.com/securityUmbraco & Security |
![Page 35: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/35.jpg)
Not secure by default Legacy encoding op false (tot in 7.6)
Usergroups and userroles Uitgesteld van 7.6 naar 7.7
Maar dat is het voorlopig wel…
Umbraco & Security | De toekomst
![Page 36: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/36.jpg)
Wachtwoordmanagement Enforce password complexity Enforce password history Enforce password aging No default passwords Limit number of login failed attempts (within a timeframe) Log invalid attempts Inform administrator by suspicious activity
Umbraco & Security |
![Page 37: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/37.jpg)
http://umbraco.usermanagement.perplex.eu/
Multiple startnodes: http://issues.umbraco.org/issue/U4-8638 Reset lockout after x minutes: http://issues.umbraco.org/issue/U4-8645 Default hashing algorithm: http://issues.umbraco.org/issue/U4-8644 Store algorithm in usertable: http://issues.umbraco.org/issue/U4-8643 Expiration date account: http://issues.umbraco.org/issue/U4-8641 Change pwd on next logon: http://issues.umbraco.org/issue/U4-8639 Log interactions in table: http://issues.umbraco.org/issue/U4-8634 Password aging: http://issues.umbraco.org/issue/U4-8633
Wil je ons helpen?|
![Page 38: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/38.jpg)
Laten we zorgen dat Umbraco niet negatief in het nieuws komt
Zorg dat je door die security reviews heen komt
Heb je een probleem? Laat het weten!
Kunnen wij jou helpen?|
![Page 39: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/39.jpg)
Security | Het landschap
IDS, DDOS Protection, AntiVirus, Wifi, File Integrity Checking, IPS, SAML, CSRF, Firewalls, SocialEngineering, RAID, OSI-model, Failsafe vs Failsecure, BlowFish, BRP, HIPAA, Worm, Smurf-attack,
X-Frame, Poodle-vulnerable, Hearsay evidence, Atlassian, Kerberos, Penetration Testing, Encryption, Patching, NIDS vs HIDS, UPS, PCI-DSS Compliance, ISO, Common Criteria, Password,
TEMPEST attack, Single-Point-of-Failure, Biometrics, SSL, HVAC, Bell-LaPadula, CSP, Lattice BasedAccess Model, AES, Delphi Technique, Tripwire, DAC, Lucifer, ECB, MAC, El-Gamal, WEP, RBAC, Privilege Creep, ALE, SLE, ARO, SOC, SAS70, FISMA, Gramm-Leach-Bliley-Act, Bluesnarfing,
NetBIOS, SOX, NIST, Open relay, Due Care, Threat, PBKDF2, War Chalking, SSID, Cookies, Ping-of-Death, ITIL, L2TP, Six Sigma, DMZ, no-sniff, Brouter, RADIUS, Ticket-Granting Service, Buffer
Overflows, 3-DES, Honeypot, Virtualization, PGP, PEM, TCB, Security Perimeter, HSTS, PIDAS, AES, State Machines, Zero day, Public-Key Pinning, Kernel Proxy Firewall, Chinese Wall model, NDA, CMMI, Salami attack, SIEM, Chain of Custody, QoS, OWASP, Covert Channel, SESAME, CCTV, PTZ,
IPS, Daisy Chaining, Avalanche effect, Brownout, Deluge, Montreal Conference, S/MIME, X-Content-Type-Options Kerckhoff’s Principle, RTO, MTBF, 10Base5, Warm Site, XSS, SLA, Locard’sPrincipal of Exchange, Dumpster Diving, Cybersquatting, DHCP Snooping, BIA, Time-of-check /
Time-of-use, BYOD, X.509, IPv6, IPSec…
![Page 40: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/40.jpg)
Vragen?Jeffrey Schoemaker | Perplex Internetmarketing
![Page 41: Secure your Umbraco - Perplex · 2016-12-20 · Security | Het landschap IDS, DDOS Protection, AntiVirus, Wifi, File IntegrityChecking, IPS, SAML, CSRF, Firewalls, Social Engineering,](https://reader033.vdocuments.net/reader033/viewer/2022043013/5facdc4a986a863bc459dd79/html5/thumbnails/41.jpg)
Links
Nosniff-header: https://blog.fox-it.com/2012/05/08/mime-sniffing-feature-or-vulnerability
CSP-header: https://report-uri.io
Https in Chrome: https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452
Https in Firefox: https://tweakers.net/nieuws/118279/firefox-gaat-waarschuwingen-tonen-bij-inloggen-non-https-sites.html