../web-seiten/www.themekat.com/

Why Penetration Testing helps security

In my last post I wrote about how to install Joomla. Now you can read, how you can secure your web site very professionally.

Securing your web site is very important. One very good way to do is to test the security via penetration testing via e.g. www.itexperst.at.

But what are penetration testing and what is it really for?

Penetration testing has many advantages for companies

In today’s world, IT security and business success are very closely linked. Even if entrepreneurs very often have various reasons to think themselves to be secure, unfortunately the reality is different! IT systems are exposed to many dangers every day in all sectors, and very often it is easy for cybercriminals to get what they want. To minimize these dangers as much as possible, companies can carry out so-called penetration tests. Penetration testing is the verification of IT systems, complete networks, onlineshops, websites, etc., with regard to their security against external attacks. The tests carried out by qualified and certified experts are, in principle, very realistic attacks, which are executed in a controlled way on IT systems. The goal is to uncover vulnerabilities and to log them in order to later eliminate them.

The advantages at a glance

Tailor-made tests

Since penetration tests can always be adapted very precisely to the given conditions, they always bring different procedures with them individually. This is an important factor and therefore a decisive advantage for the effective implementation and the maintenance of a comprehensive result. Tailor-made on-site and external testing for any organization will ensure the highest level of security.

Protection against system failure

Even a single targeted internal or external attack can lead to a complete system failure. Penetration tests can have different attack scenarios, which are very realistic and thus reveal possible weak points as well as provide solutions.

Protection against external attacks

Security vulnerabilities in applications, systems, or networks can cause external attackers to breach them. A major challenge for most IT security teams today are attacks on application levels. Simulated test procedures show how and how quickly these attacks can be detected and eliminated. With the knowledge gained, existing measures can be used in a real emergency case, thus minimizing the consequences of the attack.

Protection from Insider threats

Often the danger is overlooked from the inside and completely underestimated. A malicious software is infected via a data carrier or a file and spreads within the own system. Employees that have no limited rights, etc. Penetration tests can also point out weaknesses and protect IT systems from such dangers.

Data and business/trade secrets are protected

Through a successful hacking attack there is immediately the eminent danger that important data is stolen and abused or even destroyed. Cyberspionage nowadays is a lucrative business for criminals. A penetration test finds open back doors and brings the weaknesses of the existing data security to light.

Security requirement is established

The attack methods of the hackers are constantly adapting. It is important to determine the status quo of your company with regard to IT activities by means of a penetration test in order to identify the actual security requirements.

Your IT security is always up-to-date

Once the security requirement is determined by the results of the penetration test, the IT security can regularly be updated and thus the defense mechanisms are always up-to-date.

Cost savings

Every entrepreneur can begin to guess what a complete system failure or data loss will cost him due to a successful attack. Not just his nerves! The incapacity to work, leads to a temporary loss of business and a not to be disregarded business loss. Penetration testing can therefore protect you against financial damage.

Thoroughly tested IT

IT systems, applications and software are installed in many companies once, rarely checked and updated only from time to time and as a rule never subjected to a thorough security check. An IT penetration test also checks this.

Protection of customers

Entrepreneurs have a responsibility towards their customers. Planted malicious software can spread very quickly. But also malicious software can hide in onlineshops and websites, which are visited by customers and prospective customers. How well your customers are protected when you contact them, the result of a penetration test will show.

Protection of the company

Penetration testing is essential to protect your own values and those of your employees, as well as those of your customers. These tests are an important part of your company’s success and reputation. Customer trust and good business are the basis for successful work today. The competitive advantage is obvious.
Regular penetration tests are an important tool for IT security in large and small enterprises with regard to the generally growing security need.

Howto install Joomla

In my last article I mentioned why one might choose Joomla for building a web site. In this description you will see, how you can manually install a fresh new Joomla CMS on your web server.

Downlaoding Joomla

First download the latest Joomla installation zip package. Go to joomla.org and download the latest release

Install Joomla, Step 1

Unzip the installation files. In my case the file is named Joomla_3.6.5-Stable-Full_Package.zip.
The are currently 5336 files in this release 5336 which cover 52 Megabyte. Of course, this will vary depending on the version.

Upload files to webserver

Upload unziped files to the server/hoster of your choice. In my case I uploaded all the files to /public_html.

Please check what is the name of the right directory. Different hoster may use different names.
Select all the files and upload them. With Filezilla you might use the right mouse button and choose upload.

Install Joomla, upload files

Depending on the speed of your internet, this may last a few minutes.

Creating a MySQL database for Joomla

Please refer to your hoster how this can be done. Possibly you can do that in your cpanel or Plesk tool. You need a new database and a user which has all the privileges. For security reason please choose a secure password.

What is a secure password?

  • More then 12 characters
  • Password should not be found in any dictionary. If it is, it can be used in a dictionary attack.
  • Use numbers, lower and upper case characters and special characters
  • Use the password for only one account or one purpose. Do not reuse passwords. If the password is used several times and is compromised, other accounts can easily taken over.
  • I suggest using a Password Safe like KeyPassX.

Installing Joomla

Now these prerequisites are done, you can open your browser and start the installation. Go to your domain and enter:

http://yourdomain.com/

Installing Joomla, configuration

If you have Joomla installed in a subdirectory (local install) you should adapt the URL.

You will see the Joomla installer, where you can enter some administrative input.

Site Name: Here you can define how your site should be named. A lot of templates use that as a heading. This can be changed afterwards.

Description: Add a brief description. Depending on your template this may appear at different places. This is a alternative meta description. Best is to use 20 to 25 words. This can also be changed afterwards.

Admin E-Mail: This email will be used in cases of system messages and password recovery. Should be valid, of course.

Admin Username: This is the user name of the admin account. Default is admin, which should be changed. As you recognized my admin name is not easily guessable: it is admin and 4 random characters. This helps preventing script kiddies from brute force the admin account.

Admin Password: A secure password, see above.

Configure the Database

Installing Joomla, database configuration

If you are done, you can choose NEXT. In the next tab you have to configure the database. You can enter the necessary information of your MySQL database.

Database Type: Should be MySQL

Host Name: mostly localhost, but contact the support of your hoster if you have troubles in deciding.

Username: Name of user who has the permissions. This is the one you have chosen earlier, when setting up the MySQL database

Password: The password from the database

Database Name: The name of the database

Table Prefix: There is a prefix, so you could install more Joomla sites in one database. You can leave this value.

After that, there is the possibility of backing up any existing data from an old Joomla installation. If there is one please do by clicking Backup, otherwise choose Remove.

Now you can press Next and you are almost done.

nstalling Joomla, finalisation

On the last page you can choose if you want some sample files which should be copied to your installation. For a beginner, this is very neat. You can plunge around in the files and see how things can be done. So Default English (GB) Sample Date is quite well.

Installing Joomla, final summary

Further more the is a summary about what you have chosen for the installation. Have a look at these and correct if some is wrong.

After that you will be shown a summary of the configuration. If all seems well you will get a green Yes at every line.

You can now hit the Install button and everything should be done in a few minutes.

Installing Joomla, finished

There is one last thing to do. Please remove the installation folder. This is required for security. If you do not, anyone could reinstall Joomla and destroy your site. If you do not remove the installation files, you can’t process any further. This is prevented by Joomla itself.

Installing Joomla, remove installation folder

Congrats, you have installed your first Joomla CMS System. Now you can start publishing.
You can now choose between viewing the installation on http://yourdomain.com

Installing Joomla, the site

or login with the admin account on http://yourdomain.com/administrator

Installing Joomla, Adminstrator login

joomla logo light background

What is Joomla – advantages and disadvantages

Joomla 3D logoWhen it comes to launching a web site, a Content Management System (CMS) system needs to be established. Separating content from design is state of the are for many years. There are probably hundreds of free CMS one could choose. Joomla is one of them and the complexity is between WordPress and Drupal.

WordPress is primarily a easy blogging platform, very easy to manage and support. It can do quite very much things, but these has to be done with plugins. Drupal on the other hand has web 2.0 functions build in like forums and surveys. It was created to establish community sites.

Joomla has been downloaded 80 million times (by the end of 2016) and roughly 1% of the websites use joomla as CMS. It was a fork of another CMS, Mambo in 2005. Every year one or two minor versions (Major.Minor, e.g. 3.1, 3.2, …) are released. Each major version is supported for four years. Updating and patching of Joomla is very important to maintain security and keep hackers away from your site.

All these CMS are open source, but what are the advantages of Joomla?

  • Easy to install
  • Thousands of free plugins and components
  • Easy menu creation
  • Community support
  • LAMP infrastructure
  • Build in caching
  • Multilingual
  • Access Control Lists (ACL)
  • Well for small business website
  • Lots of extensions like blogging, calender, newsletters, gallieries, forums and so on

And what about the disadvantages?

  • Limited customization, Joomla has less templates and modules than e.g. WordPress.
  • It uses more Resources then other CMS. Therefore it is said that 50,000 users per day are the maximum which can be handled.
  • It is said that Joomla out of the box is not very well adaptable to SEO, but there are plugins available.
  • Higher complexity. If user come from WordPress they are often surprised about the level of complexity. It needs a while to handle the day to day work.

If you are unsure if Joomla fits your need, you can try it with a 90 days demo account from http://demo.joomla.org. On this page several further links to extensions, to news about joomla, to the community and support can be found. There are easy video tutorials available.