BCSE354E: Information Security Management

Information Security Devices

A. Avinash, Ph.D.
School of Computer Science and Engineering
Vellore Institute of Technology (VIT), Chennai
Identity & Access Management (IAM)1
What is Identity & Access Management (IAM)?
A set of tools & services used to manage access to systems or resources used by personnel as
well as our customers
Why is Managing Access Important?
Controlling access = Controlling risk
How Do We Manage Applications?
Centrally-Managed applications
Use one or more centrally-managed IAM services
Business-Managed applications
Applications the business manages locally. The business owns and creates the access to
application. The owner has responsibility for and the timely removal of access when someone
terminates or transfers jobs.
Who Is Responsible for Managing Access?
Everyone who manages employees or contractors in the organization

Reference: 1. Identity & Access Management: Business Performance Through Connected Intelligence by
Ertem Osmanoglu
Identity and Access Management
Identity Management (IdM)
IdM manages an identity’s lifecycle through a combination of processes, organizational
structure, and enabling technologies.

on
Pr

Pr
at i op

rd
ag

oc
oa
ni z
Users
nb at

es
Organization e
ga

Processe
O

s
Or

al Reporting
Identity
Attributes
s
Structure Lifecycle
Management
Workflow Privileges

Te
r m

n
in Passwords

ai
at
nt
e M
ai

Technology

Technolo
Access Management (AM)
AM primarily focuses on Authentication and Authorization

Authentication Authorization
Any combination of the following 3 2 primary forms of Authorization:
factors will be considered as Strong •Coarse-Grain
Authentication:  High-level and
•What you know overarching
 Password entitlements
 Passphrase  Create, Read,
Update, Modify
•What you are
 Iris •Fine-Grain
 Fingerprint  Detailed and
•What you have explicit entitlements
 Based on factors
 Token
such as time, dept,
 Smartcard
role and location
Uniting Identity and Access Management2
Identity and Access Management are tightly coupled by the governance and
consumption of identity data.

Users Access Resources Identity Mgmt ID Sources

Management Credential
Employees Management Human
Authentication Resources
Applications Self Service
Profile
Authorization Management
Contractors
Contractor
Registration s
Access Physical
Assets Enrollment
Policies
Workflow
Customers External Partners
Provisioning
Single Sign On
Policies
Role Management
Federated Platforms
Business Delegated
Identities
Partners Administration Customers
Application
Entitlement Integration
Data
Management
Sources Reconciliation

Reference: 2. The Unique Alternative to the Big Four, Crowe

 Typical IT Architecture2

 Multiple Identity
Stores (5)

 Multiple
Administration
Points (4)

 Redundant data
synchronization
and replication

 Users must
authenticate to
each
application

Reference: 2. The Unique Alternative to the Big Four, Crowe

 I&AM Architecture
 Single Identity
Store

 Ability to
present multiple
data views

 Single
Administration
Point

 Reduced
replication and
synchronization

 Single Sign-On

Reference: 2. The Unique Alternative to the Big Four, Crowe

 I&AM Solution Approach
A sound I&AM solution approach and design will reduce implementation
risks and overall costs.
 Start with defining a solution roadmap and release schedule
 Begin consolidating identity data sources
 Normalize and clean-up identity data
 Evaluate organizational data and roles for access privileges and approval
routing
 Design efficient request and approval processes
 Implement a technology that will accommodate the data, organization and
processes with the most out-of-the-box functionalities
End points/Edge devices and Networking devices3

There are two classification of devices in the network

End devices:
• Devices that a person can use for communication purpose
Network devices:
• Equipment's that form the network and help to mediate and transfer data between
end devices
Edge devices:
• Run applications locally and make immediate decisions. Data does not need to be
sent over network connections.
• Enhances resiliency by allowing devices to operate when network connections are
lost.
• Enhances security by keeping sensitive data from being transported beyond the
edge where it is needed.

Reference: 3. Computer networks by andrew s tanenbaum

Network device: Network Interface Card

 NIC is used to physically connect

host devices to the network media.
 A NIC is a printed circuit board
that fits into the expansion slot of a
bus on a computer motherboard.
 It can also be a peripheral device.
NICs are sometimes called network
adapters.
 Each NIC is identified by a unique
code called a Media Access Control
(MAC) address.
 This address is used to control data
communication for the host on the
network.
Network device: Repeaters and Hubs
 A repeater is a network device used
to regenerate a signal.
 Repeaters regenerate analog or
digital signals that are distorted by
transmission loss due to
attenuation.
 A repeater does not make an
intelligent decision concerning
forwarding packets
Hubs concentrate on connections.
In other words, they take a group of
hosts and allow the network to see
them as a single unit. This is done
passively, without any other effect on
the data transmission.
Active hubs concentrate hosts and
also regenerate signals.
Network device: Bridges and Switches
 Bridges convert network data formats
and perform basic data transmission
management.
 Bridges provide connections between
LANs.
 They also check data to determine if it
should cross the bridge. This makes
each part of the network more efficient
Switches add more intelligence to data
transfer management.
They can determine if data should remain
on a LAN and transfer data only to the
connection that needs it.
Another difference between a bridge and
switch is that a switch does not convert data
transmission formats
Network device: Routers and Gateway
 Routers have all the capabilities
listed above.
 Routers can regenerate signals,
concentrate multiple connections,
convert data transmission formats,
and manage data transfers.
 They can also connect to a WAN,
which allows them to connect
LANs that are separated by great
distances.
A gateway is a piece of networking
hardware used in telecommunications for
telecommunications networks that allows data
to flow from one discrete network to another.
Gateways are distinct from routers or
switches in that they communicate using more
than one protocol to connect a bunch of
networks
Network device: Firewall and Wireless access point
 A firewall is a network device or software
for controlling network security and access
rules.
 Firewalls are inserted in connections
between secure internal networks and
potentially insecure external networks such
as the Internet.
 Firewalls are typically configured to reject
access requests from unrecognized sources
while allowing actions from recognized
ones.
 The vital role firewalls play in network
security grows in parallel with the constant
increase in cyber attacks.
 Wireless access point is a small
hardware device featuring built-in
network adapter, antenna, and radio
signals.
 Configured nodes on a WLAN.
Operates using radio frequency
technology
 To connect to a wireless AP – SSID
is needed.
Modems and its types
• Cannot send digital signal directly to
telephone line
• Sending end: MODulate the computer’s
digital signal into analog signal and transmits
• Receiving end: DEModulate the analog
signal back into digital form

• No clocking devices
• Commonly used in telephone
networks
• Data is transmitted in a serial
stream. Each character is turned
into a string of 8 bits
• Each of these characters is
separated by one start bit and one
or two stop bits
• Need clocking devices
• Data are transmitted in blocks
• Used in digital networks
16
Infrastructure Devices
Relationship between End devices and Networking
devices
• A person uses end devices to communicate with another person with another end
devices via the network formed by the network devices.
• Servers and clients are end devices
Network Attached Storage (NAS)4
NAS is shared storage on a network infrastructure.

NAS Storag
Head e

ppl Prin
cation t NAS
Server Serve Device
References: 4. Network Attachedr Storage A Complete Guide - 2020 by Gerardus
Blokdyk
Storage device: Network Attached Storage (NAS)
Evolution
Portable Media Networked PCs Networked File
Stand Alone PC for File Sharin Sharing

Network Attached Storage (NAS)

General purpose servers vs NAS devices

Single Function
Device (NAS
General Purpose Server)
Server “ (NT or
Unix Server)
Network Attached Storage (NAS)
• Supports global information access
• Improves efficiency
• Provides flexibility
• Centralizes storage
• Simplifies management
• Scalability
• High availability — through native clustering

• Provides security integration to environment (user authentication and

authorization)
NAS Device Components and File services protocols

Network File System (NFS)

Common Internet File System (CIFS)
Small Computer System Interface (SCSI)
Fiber Channel (FC)
Advanced Technology Attachment (ATA)
Network File System (NFS) and
Common Internet File System (CIFS)
Network File System (NFS)
• Client/server application
• Uses RPC mechanisms over TCP protocol
• Mount points grant access to remote hierarchical file structures for local file system structures
• Access to the mount can be controlled by permissions
Common Internet File System (CIFS)
• Public version of the Server Message Block (SMB) protocol
• Client applications access files on a computer running server applications that accept the
SMB protocol
• Better control of files than FTP
• Potentially better access than Web browsers and HTTP
 SERVER and its Types5
• It is a physical computer that provide
services to all client computers connected
to it, allowing them to access available
information or resources.
• Server contain more powerful processors
than a desktop computer.
• Servers support advanced RAM
technologies
• Have higher storage capacity as multiple
disks can be inserted into them
• Built to support multiple user applications
and multiple user access
• Have multiple NIC Easier to apply security
policies
Reference: 5. https://www.spiceworks.com/tech/tech-general/articles/what-is-a-server/
TYPES OF SERVER
Web Servers
The internet based on web servers that
respond to requests from clients such
as web browsers.

Application Server

A server that provides

services to applications
such as a mobile app.
TYPES OF SERVER

Real-time Communication Servers

Known as chat servers sometimes

referred to as instant messaging
(IM) servers, enable large numbers
users to exchange information near
instantaneously.

FTP Server

One of the oldest of the Internet services,

File Transfer Protocol makes it possible to
move one or more files securely between
computers while providing file security
and organization as well as transfer
control.
TYPES OF SERVER

Name Server

Servers that look up addresses

such as mapping domain
mapping to an IP. This is basic
infrastructure for networks such
as the internet.

Database Server
Provides access to a database. It is
a server which uses a database
application that provides database
services to other computer
programs or to computers.
 TYPES OF SERVER
Game Server
Server is authoritative source of events in
a multiplayer video game. The server
transmits enough data about its internal
state to allow its connected clients to
maintain their own accurate version of
the game world for display to players.

Media Server
Delivers media such as streaming
video or audio.
TYPES OF SERVER
Proxy Server
Acts as an intermediary between clients and
servers to implement functions such as security,
monitoring or anonymization.

List Server
Servers offer a way to better manage mailing
lists, whether they be interactive discussions
open to the public or one-way lists that deliver
announcements, newsletters or advertising.
Computer Assets: Identifying Unauthorized
Devices
• Asset Management

• Work for assets known and permitted within the environment, but offer little
visibility or control over rogue machines that may be connecting to the network.

• Challenge of rouge machine:

1. Not part of the management framework

2. Not part of any standards, policies, security controls, or patch updates

3. Pose a unique threat to an environment

Identify Assets
On-access or real-time detection:
• It relies on detection of traffic generated by the endpoint.
• Advantage:
• Timely nature - detection is immediate.
• Disadvantage:
• Detection is based on traffic generated by the endpoint, there must be a
sensor located near this traffic.
• This technique may not be practical for all network topologies.
On-demand or Scheduled Detection :
• The system queries network addresses for a response according to a
schedule.
• Advantage:
• Sensors can execute scans from a limited number of locations or a single
location on the network.
• Disadvantage:
• Detection is not immediate.
• It is limited to the detection interval determined by the schedule.
Asset Inventory Tool
• Deploy an automated asset inventory discovery tool
• Active tools: scan through network address ranges
• Passive tools: identify hosts based on analyzing their traffic

• Deploy DHCP server logging

Testing Traffic Filtering Devices

• Traffic-filtering technologies are commonly divided into

Packet filtering/stateless firewall
Stateful firewall technologies.
Stateless Firewalls
• A stateless firewall doesn’t maintain any remembered context (or “state”) with respect
to the packets it is processing. Instead, it treats each packet attempting to travel through
it in isolation without considering packets that it has processed previously.

SYN
Seq = x
Port=80

SYN-ACK
Client Seq = y
Ack = x + 1

ACK
Seq = x + 1
Ack = y + 1
Trusted internal Server
network
Firewall

Allow outbound SYN packets, destination port=80

Allow inbound SYN-ACK packets, source port=80
Stateless Restrictions
• Stateless firewalls may have to be fairly restrictive in order to prevent most attacks.

SYN
Client (blocked) Seq = y Attacker
Port=80

Trusted internal Firewall

network

Allow outbound SYN packets, destination port=80

Drop inbound SYN packets,
Allow inbound SYN-ACK packets, source port=80
Statefull Firewalls
• Stateful firewalls, when packets are part of legitimate sessions originating within
a trusted network.

• Stateful firewalls maintain tables containing information on each active

connection, including the IP addresses, ports, and sequence numbers of packets.

• Using these tables, stateful firewalls can allow only inbound TCP packets that
are in response to a connection initiated from within the internal network.
 Statefull Firewall
• Allow only requested TCP connections
76.120.54.101

SYN
Seq = x Server
128.34.78.55 Port=80

SYN-ACK
Client Seq = y
Ack = x + 1

ACK
Seq = x + 1
Ack = y + 1
Trusted internal
SYN-ACK
network (blocked) Seq = y
Attacker
Port=80

Allow outbound TCP sessions,

destination port=80
Firewall

Established TCP session:

(128.34.78.55, 76.120.54.101)
Firewall state table
Solutions combining traffic filtering with
other Technologies
• Virtual private networking (VPN) is a technology that allows private networks to be
safely extended over long physical distances by making use of a public network, such as
the Internet, as a means of transport.

• VPN provides guarantees of data confidentiality, integrity, and authentication, despite

the use of an untrusted network for transmission.

• There are two primary types of VPNs, remote access VPN and site-to-site VPN.
• Remote access VPNs allow authorized clients to access a private network that is
referred to as an intranet.
• E.g., UCF VPN. Computer has internal IP when connected.
• Set up a VPN endpoint, network access server (NAS)
• Clients install VPN client software on their machines.

• Site-to-site VPN solutions are designed to provide a secure bridge between two or
more physically distant networks.
• Before VPN, organizations wishing to safely bridge their private networks
purchased expensive leased lines to directly connect their intranets with cabling.
Solutions combining traffic filtering with
other Technologies

Intrusion Detection Systems

• Intrusion Actions aimed at compromising the security of the target
(confidentiality, integrity, availability of computing/networking
resources)

• Intrusion detection The identification through intrusion signatures and

report of intrusion activities

• Intrusion prevention The process of both detecting intrusion activities

and managing automatic responsive actions throughout the network
IDS Components
• IDS manager compiles data from the IDS sensors to determine if an intrusion has
occurred.
• If an IDS manager detects an intrusion, then it sounds an alarm.

IDS Manager
Untrusted
Internet

router

IDS SensorIDS Sensor

Firewall

router router
Possible Alarm Outcomes
• Alarms can be sounded (positive) or not (negative)
Intrusion Attack No Intrusion Attack

Bad
(reject norm
Alarm
Sounded

True Positive False Positive

Bad
(miss attack)
No
Alarm
Sounded

False Negative True Negative 41

Types of Intrusion Detection Systems
• Rule-Based Intrusion Detection
• Rules and signatures identify the types of actions that match certain known
profiles for an intrusion attack
• Alarm raised can indicate what attack triggers the alarm
• Problem: Cannot deal with unknown attacks
• Statistical Intrusion Detection
• Statistical representation (profile) of the typical ways that a user acts or a host is
used
• Determine when a user or host is acting in highly unusual, anomalous ways.
• Alarm when a user or host deviates significantly from the stored profile for that
person or machine
• Problem: High false positive rate, cannot tell which attack triggers the alarm
 SERVER STORAGE6
DAS (Direct Attached Storage) is a block device from a disk which is physically
attached to the host machine.

Advantages of DAS:
• Simpler to setup and configure over NAS / SAN
• Cheaper than NAS / SAN in terms of raw storage
• Networks not necessary, doesn’t use IP addresses
• Faster, more performant and better latency over SAN / NAS
• Easier to deal with overall considering all things
Disadvantages of DAS:
• Dedicated resource to a single computer
• No economies of scale in sharing the storage
• Can’t manage DAS via a network
• Requires a special hardware connection

Reference: 6. Storage Security: Protecting SANs, NAS and DAS by John Chirillo
and Scott Blaul
SERVER STORAGE
• NAS ( Network Attached Storage) is a filesystem delivered
over the network. It is ready to mount and use. Technologies to
do this include NFS, CIFS, AFS, etc.

Advantages of NAS:
• Economical way to provide large storage to many persons or
computers
• Several times easier to setup and configure versus SAN
• Easy way to provide RAID redundancy to mass amount of
users
• Allows users permissions, folder privileges, restricted access
to documents, etc
• Higher utilization of storage resources
Disadvantages of NAS:
• Requires IP Address(es) and takes up network space
• Slower latency and potentially maximum data-transfer issues
• Performance can be affected by network status
 SERVER STORAGE
• SAN ( Storage Attached Network) is a block device which is
delivered over the network. Technologies to do this include
FibreChannel, iSCSI, FoE, etc.
• Combining the best of DAS and NAS.
DAS is good at? Speed. Speed. SPEED.
NAS is good at? Sharing. High Utilization. Flexibility.
Advantages of SAN:
• Higher hardware utilization, similar to that of NAS
• Speed similar or comparable to DAS
• Allows virtual environments, cloud computing, etc.
Disadvantages of SAN:
• Performance limited by network if configured incorrectly
• Requires multiple static IP Addresses
• Generally consumes more IP addresses than NAS devices
• Complex networking planning is necessary
• Physical network wiring may affect performance
• Generally more expensive than NAS or DAS
Content Management System7,8

● A content management system is a computer application that allows

publishing, editing and modifying content, organizing, deleting as well as
maintenance from a central interface.
● CMSs have been available since the late 1990s.
● CMSs are often used to run websites containing blogs, news, and
shopping.
● Typically aim to avoid the need for hand coding.

CMS features
● Web-based publishing,
● Format management,
● Revision control,
● Indexing, search, and retrieval.

References:
7. Barker, D. (2016). Web content management: Systems, features, and best practices.Boston : O'Reilly, 2016
8. Boiko, B. (2001). Understanding content management.Bulletin of the American Society for Information
Science and Technology, 28(1).
Content and Presentation
The content management system (CMS) has two elements:
● Content management application (CMA) is the front-end user interface that
allows a user, even with limited expertise, to add, modify and remove content
from a Web site without the intervention of a Webmaster.
● Content delivery application (CDA) compiles that information and updates
the Web site.
Web CMS
● A software system that provides website authoring, collaboration, and
administration tools.
● Designed to allow users with little knowledge of web programming to create and
manage website content with relative ease.
● Uses a content repository or a database to store page content, metadata, and other
information assets.
● Has a presentation layer (template engine) to display the content to website
visitors based on a set of templates.
● Uses server side caching to improve performance.
Capabilities of CMS
● Automated templates
● Access control
● Scalable expansion
● Easily editable content
● Scalable feature sets
● Web standards upgrades
● Collaboration
● Document management
● Workflow management
● Content virtualization
Advantages and Disadvantages
Advantages
● Low cost
● Easy customization
● Easy to use
● Workflow management
● Search Engine Optimization

Disadvantages
● Cost of implementations
● Cost of maintenance
● Latency issues
● Tool mixing
● Security
Popular CMS

● WordPress was the most popular content management system before 2014.
● Textpattern is one of the first open source CMS.
● Joomla! is a popular content management system.
● Drupal is the third most used CMS and originated before WordPress and
Joomla.
● ExpressionEngine is in the top 5 most used CMSs. It is a commercial CMS
● MediaWiki powers Wikipedia and related projects.
● Magnolia CMS.
● Cascade Server is popular among universities and enterprise scale
organizations.
● eXo Platform Open Source Social CMS.
● Liferay Open Source Portal WCMS.
Secure Content Management
• Organizations are increasingly moving toward collaboration
• Encouraging usage of the internet for knowledge access and
productivity enhancement, advocating widespread adoption of email as
communication means and promoting instant messaging for better
coordination.

• The global nature of business transactions — involving service providers

and third party solutions — relies on communication protocols such as
SMTP, HTTP, HTTPS, FTP, IPsec VPN, etc.

• For exchange of information and execution of a transaction. This has been

contributing to increased dependencies of an organization on the inbound
and outbound traffic flowing across its boundaries.
Importance of Secure Content Management

Unrestricted Access
The use of the internet is on the rise, as are the risks of uncontrolled
access.
Deliberately access sites containing inappropriate, illegal or dangerous
content, businesses suffer losses of productivity, expose themselves to
legal liabilities and can experience degraded network performance that
negatively affects mission-critical tasks.

The risks include:

Impacted employee productivity
Liability exposure
Hacker attacks and privacy violations
Unrestricted Access
Impacted employee productivity
Restricting access to inappropriate web sites helps companies prevent
excessive non-productive web surfing and preserves network bandwidth.

Liability Exposure
Visit racist/hate sites represent a major legal liability concern. Businesses
need to shield themselves from potential legal liability that can arise if an
employee is repeatedly exposed to offensive material on a co-worker’s
computer or anywhere in the workplace.

Hacker Attacks and Privacy Violations

Instant messaging, peer-to-peer file sharing and multimedia downloads
make businesses vulnerable to backdoor attacks.
 Secure Content Management Solutions
Basic level - user access to internet content is controlled
Secure content management solutions employ one of two basic approaches: site
blocking or content monitoring based on pass-through filtering technology.
The site blocking approach for content management typically uses list-based or
URL-based filters to identify and block certain web sites.
Some solutions rely on white lists that allow access to only those sites that appear
on the list. Other solutions use black lists, which permit access to all sites except
those on the black list.
The black list approach is preferable for businesses whose employees need less
restrictive internet access. With a black list approach, the database of web sites is
organized into categories, such as “violence” or “drugs,” and network
administrators can selectively block categories.
• The effectiveness and manageability of site blocking depends on a number of
factors:
Database size
Update frequency
Category Organization
 Secure Content Management Solutions
The most basic level of content monitoring uses a keyword-blocking
approach.

 Instead of blocking URL’s, it compares the keyboard data to a user-

defined library of words and phrases.

When a match to one of the blocked words or phrases is detected, the

solution filters or blocks the data, or in some cases even closes the
application.

The problem with this approach is that it can inadvertently block

legitimate pages based on the fact that they contain one or more
targeted keywords.
Solution Architectures
• Content management software can be embedded on a networked
device such as a proxy server, caching appliance or firewall, or it
can reside on a dedicated server running the Microsoft windows,
Linux or UNIX operating system.
• Common deployment methods vary in terms of effectiveness, cost
and manageability.
Client Solutions
Standalone Solutions
Integrated Solutions
Integrated Content Management and Firewalls
Standalone Appliances
Solution Architectures
• Client Solutions
• Installed on the desktop, client solutions are most suited for home environments
where parental control is the primary application.
• Client software solutions include a management interface and a database of
blocked web sites; the parent downloads database updates via the internet.
• Leading providers of client solutions include zone labs, net nanny and internet
service providers (ISP’s) such as Microsoft MSN and AOL.

• Standalone Solutions
Standalone solutions consist of a dedicated database server for defining policies
and a separate gateway or firewall that enforces the content management policies.
These solutions are more manageable than client based solutions because an
administrator can create a policy once on the gateway and then apply it across all
desktops.
 However, most standalone solutions require organizations to purchase and
manage two separate hardware devices in addition to content management
software.
 They also require additional storage to be purchased as needed, when the policy
database grows to exceed the storage available.
 Key vendors of standalone solutions include SonicWALL, Websense and Surf
Control.
Solution Architectures
• Integrated Solutions
• Integrated solutions consolidate management and processing in a single
gateway or firewall, thereby reducing capital and operational expenses.
• However, when the gateway or firewall is also used for services like anti-virus
and intrusion prevention, performance can suffer.
• Key vendors of integrated content filtering solutions include SonicWALL,
Symantec and Watch Guard.

• Integrated content management and firewalls

Content filtering integrated on a firewall is a cost-effective content
management solution that is ideal for businesses with small to mid-sized
networks.
This alternative integrates the existing firewall technology, or is installed
simultaneously with a new firewall solution.
A typical service will make available a continuously updated, comprehensive
database of millions of web sites, domains and IP addresses.
Minimal administrative overhead means that businesses can either manage the
solution themselves or outsource the task to their IT service provider.
Solution Architectures
• Standalone Appliances

 A standalone appliance can affordably combine internet content

management with real-time gateway anti-virus and antispyware
capabilities, and the best appliances are rich in features and
functionality and deliver superior value for the investment.
 For larger businesses and enterprise environments requiring more
comprehensive content control abilities, a standalone content filtering
appliance maximizes the protection of any network from today’s
sophisticated internet threats.
 Although it requires the purchase of additional hardware, ease of
installation and use make this an attractive solution. The appliance
can be dropped into the existing network without any reconfiguration
of existing hardware or software.
 Appliances are also an affordable way to upgrade existing firewalls by
introducing new functionality without an actual upgrade on the
firewall itself.
Why are CMS platforms so vulnerable?
CMSes are vulnerable by nature because they are built on open source frameworks.
Such shared development environments offer several benefits but they also have their
share of flaws, many of which arise form a lack of accountability.
Website operatorsuse weak passwords, leaving their admin accounts vulnerable to
automated brute force attacks, inject the website with malware, turning them into DDoS
zombies.
Protection from CMS vulnerabilities
Create a regular schedule to update or patch their CMS, and all installed plugins and
themes. This will ensure that all components are up-to-date.
Regularly backup CMS and its underlying database. This should be performed weekly at
a minimum.
Subscribe to a regularly-updated list of vulnerabilities for the specific CMS being used
(e.g., WordPress).
Delete default admin usernames (e.g., ‘Admin’•) and use strong passwords (at least eight
characters long, with a combination of upper and lower case, as well as both letters and
numerical characters).
Use a plugin for strong authentication, or two-factor authentication (2FA) for an
additional layer of protection