Bitrix Software Security Bitrix Intranet Portal Bitrix Site Manager Your web site is a part of the Corporate Infrastructure. More than 50% of attacks are done through the Web . Corporate site hacks hit the reputation and image of a company.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Bitrix Intranet Portal
Bitrix Site Manager
More than 50% of attacks are done through the Web.
Corporate site hacks hit the reputation and image of a company.
What is more, the loss of data and client information leads to sheer material losses.
The more solid and famous the name and products of a company, the more substantial can be the risks and losses caused by a corporate site hack.
Site. Portal. Image. Reputation.
Which to choose?
During the development of the Bitrix Site Manager software particular attention is paid to the security issuesat all stages of developing and testing.
My Site is My Castle
Proactive Protection is the latest security technology combining technical and organizational measures that allow combating malicious programs that have undergone modifications and those that are still unknown!
With the Proactive Protection module, you can significantly improve the security of your site. You need only to select and configure one of the module security levels.
The Proactive Filter is the most effective way to protect sites against possible security defects in the web project implementation (XSS, SQL Injection, PHP Including, and others).
The concept of one-time passwords empowers the standard authorization scheme and significantly reinforces web project security. The one-time password system requires a physical hardware token (device) (e.g., Aladdin eToken PASS) or special OTP software.
What OTP gives you?
Confidence that only a user to whom a token was issued can authorize on the site.
Password interception loses meaning in this case, as a password* can be used only once. A token is a hardware physical device that generates unique passwords only when a token button is being clicked. It means that a token owner is unable to tell the password to a third party to allow them authorize as well.
* the password = your password + unique numerical combination
Most web attacks are purposed to steal the authorized user session data. Enabling Authorized Session Protection makes session hijacking senseless.
You can set maximum user activity for your site (for example, number of queries per second).
All events occurring in the system, including the unusual or malicious, are logged. You can view entries in the log immediately after they are generated. The log is updated in real time so you can view the events as soon as they have been registered. This feature enables you to discover attacks and intrusion attempts while they occur, so you can riposte immediately and even prevent attacks.
This type of protection strictly regulates secure networks from which the users are allowed to access Control Panel. All you have to do is specify the legal IPaddresses (or a range). No need to worry about not adding yourself to this list: the system will check your IP automatically.
What effect would this protection produce?
Any XSS/CSS attacks become ineffective, interception of authorization data – absolutely useless.
The stop list contains parameters used to restrict access to a site and possibly redirect to a specified page. Any visitor matching the stop list criteria (e.g. an IP address), will be blocked.
File integrity control
Verification of the file integrity control script
Phishingis the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Transmission channel encryption using SSL
In the nearest future
Recommendations on configuration
Bitrix has assigned a treaty of permanent update security audits with Positive Technologies.
Each time a new set of updates is released through the SiteUpdate system, minute security work is done by the Positive Technologies company.
Thanks to this work, the level of product security is always high.