Friday, September 16, 2016

SiteCore Security Hardening

Thought this security hardening article by Rackspace was useful for those supporting SiteCore environments. To quickly summarize

1. Deny anonymous users access to key folders (e.g. keep bad guys out from reconing your admin, config, debug, and other folders)
2. Disable client RSS feeds (this prevents bad guys from getting access to modify or see sensitive data)
3. Secure the file upload functionality (e.g. disable execute permissions, apply a strong and strict filter, etc.
4. Improve the security of the website folder (e.g. move non-web folders like data and indexes out of the web root)
5. Increase login security (e.g. enable HTTPS and disable auto-complete)
6. Limit access to certain file types (e.g. block access to your configuration files, transformation files, etc.)
7. Protect PhantomJS (e.g. get rid of this tool, it's generally not needed but could be used against you)
8. Protect media requests (e.g. only allow server generated requests to be processed on images)
9. Remove header information from responses sent by your website (e.g. remove response headers to prevent information leakage)

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

1 comment:

  1. Bluehost is ultimately the best web-hosting provider with plans for all of your hosting needs.