My takeaways from "The Pragmatic Guide to Defending Drupal"

These are my key takeaways from the DrupalSouth '22 talk - "The Pragmatic Guide to Defending Drupal". It covered ways to defend Drupal from cyber attacks but can also be used in other stacks. They are categorised into the following environments: 

  1. local dev - your day to day development environment
  2. pull request/ deployment - the process of pushing your code to your repo
  3. hosting/prod environment - your production environment


Key takeaways

Have an incident response plan (local dev environment)

  • Can be as simple as using your README.md file with the following headings


  • If you look after multiple sites, use a central document or handbook for the organisation to refer to
  • It tells owners what to do in case of an incident

Use a CDN (hosting/prod environment)

  • Cloudflare, Fastly and Akamai were mentioned (I work with Cloudflare, it has many defense mechanisms)
  • Amazon Cloudfront - recommended if you are already hosting with AWS
  • CDNs provide a way to mitigate the attack at the proxy level before it hits your server

Scan your repo for vulnerabilities (pull request/ deployment environment)

  • Trivy - is a project that can scan you repo for any vulnerabilities such as API secrets. 
  • Recommend to deploy as part of your pull request/ deployment environment so it runs each time you commit or have a pull request

Threat detection (hosting/prod environment)

  • Consider Amazon GuardDuty to monitor your AWS servers and services for any interesting or unusual activities such a brute forcing on your servers.
  • Most cloud hosting providers (Azure Advanced Threat Protection, Google Cloud Platform: Security Command Center) offer a similar service


But wait there's more!

The talk covered lots of other goodies so feel free to watch the whole talk below:

 


 

Comments

Post a Comment

Popular posts from this blog

Insights for Software Development Workflows from the Pacific Islands

Image
Talofa! I came across an interesting video on how enterprise software development workflows might work. I found that I was using a hybrid of techniques mentioned which aligned well given that it was showing how BIG companies with teams of developers would develop software. We have a few software developers at SPREP but mostly work on our own projects . I thought I would reflect on my workflow as it is something that I've built up over time from research and collaboration with other developers. Tests, Continuous Integration/ Continuous Deployment (CI/CD) My workflow involves setting up tests from the get go and putting them into Gitlab CI pipelines . This gives me confidence that the system builds and I'm not breaking stuff I already fixed . Here is an example of how I would set up a Drupal project with style tests and a Github Action for running them. Feature building with Git branches I build features using git branches . If I have an urgent requirement or fix , I can switch ...
Read more

Government of Tonga’s first mobile app nears completion

Image
  Caption: Workshop participants Last week I was in Tonga to facilitate a training workshop for the Tonga Meteorological Services (TMS) and its partners. The workshop is part of finalising the Tonga Joint Early Warning and Response mobile app (app name to be finalised). The TMS lead initiative will help address challenges in communications on the ground and sharing of data with partners in times of natural disasters. Furthermore, the app provides real-time weather warnings using push notifications to mobile devices. Unlike traditional “weather” apps, TMS envisioned a “two-way” app that not only provides weather forecasts but enables the public to report weather and disaster related events to them. It will become the first mobile app for the Government of Tonga and will be available in Tongan and English languages on Android and iOS devices. SPREP provides ICT expertise to assist TMS Caption: Mr. Ainsof So'o reviewing the mobile app One of the Secretariat of the Pacific Regional Env...
Read more

Bot Busters: Defending Your Site Against Bots

Image
TL;DR: A climate change portal faced performance issues due to excessive bot crawling. After trying various solutions, including updating core and modules, scaling up the server, and exploring different security modules, the problem was solved using Drupal's built-in Ban module to block problematic IP addresses. The Autoban module was then implemented to automate the process, effectively improving the site's performance and resilience against bots.      🌐 Introduction In today's digital landscape, websites face numerous challenges, and one of the most persistent is the threat of bots. These automated programs can wreak havoc on your site's performance, especially when they crawl your pages excessively. Recently, we encountered this issue with one of our country climate change portals built on Drupal 7. Here's how we tackled the problem and restored the site's performance. 🔍 The Investigation Begins When we noticed performance issues on our climate change p...
Read more