Upload
kiana-towner
View
249
Download
4
Tags:
Embed Size (px)
Citation preview
Bitrix Intranet Portal
Digital Vision EA Limited-Bitrix Gold Partner
A Product Presentation by Digital Vision EA
Security Features of Bitrix Intranet
Bitrix Software Security
Bitrix Intranet Portal
Digital Vision EA Limited-Bitrix Gold Partner
Web Application FireWall (Proactive Filter)
The Proactive Filter is the most effective way to protect sites against possible security defects in the web project implementation (XSS, SQL Injection, PHP Including, and others).
• Protection against most known Web attacks• Application screening from the most importunate attacks• Filter exclusion list (with wildcards)• Recognition of most dangerous threats• Blocking of site intrusions• Protecting from possible security errors • Keeping of attacks log• Informing the administrator of invasions
• Configuring options of the firewall reaction to intrusion attempts: • Make data safe• Wipe unsafe data• Temporarily add attakers’ IP addresses to the stop list
Digital Vision EA Limited-Bitrix Gold Partner
One-time Password Technology (OTP) The concept of one-time passwords empowers the standard authorization scheme and significantly reinforces web project security. The one-time password system requires a physical hardware token (device) (e.g., Aladdin eToken PASS) or special OTP software.
What OTP gives you?
Confidence that only a user to whom a token was issued can authorize on the site. Password interception loses meaning in this case, as a password* can be used only once. A token is a hardware physical device that generates unique passwords only when a token button is being clicked. It means that a token owner is unable to tell the password to a third party to allow them authorize as well.
* the password = your password + unique numerical combination
Digital Vision EA Limited-Bitrix Gold Partner
Authorized Session Protection
Most web attacks are purposed to steal the authorized user session data. Enabling Authorized Session
Protection makes session hijacking senseless.
Session protection methods:
• Limited session lifetime (minutes)• Recurring session ID relay• Network mask to associate a session with a specific IP• Storing session data in the module database
Eliminate errors in:
• Virtual hosting and OS configuring• Temporary folder permissions settings• And more…
Digital Vision EA Limited-Bitrix Gold Partner
Activity Control
Protection from profusely active users
Protection from bots
Protection from DDoS-attacks
Preventing password brute force attempts
Setting the maximum possible visitor (human) activity quota
Registering an excess of activity rate in the intrusion log
Blocking visitors exceeding the activity quota
Showing a special information page to a blocked visitor
You can set maximum user activity for your site (for example, number of queries per second).
Digital Vision EA Limited-Bitrix Gold Partner
Intrusion Log
All events occurring in the system, including the unusual or malicious, are logged. You can view entries in the log immediately after they are generated. The log is updated in real time so you can view the events as soon as they have been registered. This feature enables you to discover attacks and intrusion attempts while they occur, so you can riposte immediately and even prevent attacks.
• Immediate registration all system events
• Filter for malicious events
• Real-time viewing and analyzing of events
• Immediate reaction to malicious events
Digital Vision EA Limited-Bitrix Gold Partner
IP-based Control Panel Pages
This type of protection strictly regulates secure networks from which the users are allowed to access Control Panel. All you have to do is specify the legal IP addresses (or a range). No need to worry about not adding yourself to this list: the system will check your IP automatically.
What effect would this protection produce?
Any XSS/CSS attacks become ineffective, interception of authorization data – absolutely useless.
Digital Vision EA Limited-Bitrix Gold Partner
Stop Lists The stop list contains parameters used to restrict access to a site and possibly redirect to a specified
page. Any visitor matching the stop list criteria (e.g. an IP address), will be blocked.
• Redirects visitors matching the stop list entries
• Blocks visitors by their IP addresses
• Manages stop list entry
• Collects the statistics on visitors matching the stop list criteria
• Allows you to specify the ban duration for users, IP addresses, network
masks, UserAgent’s, and the referrer links
• Shows a customizable message to a blocked visitor.
Digital Vision EA Limited-Bitrix Gold Partner
Script Integrity Monitor
File integrity control Verification of the file integrity control script
• Tracks file system changes;• Verifies kernel integrity;• Verifies system area integrity;• Verifies public files integrity
• Verifies the file integrity control script for changes;• Protects the script using the keyword and password pair.
Digital Vision EA Limited-Bitrix Gold Partner
Phishing Protection
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Two methods exist to prevent redirect phishing:• Detect malicious redirects by the lack of the referring page in the HTTP header• Sign links with a digital signature and verify them upon redirect attempt
The following can be used as protection: • Show a redirection warning to a visitor• Unconditionally redirect a visitor sto a surely safe site
Digital Vision EA Limited-Bitrix Gold Partner
Permanent Updates Audit
Bitrix has assigned a treaty of permanent update security audits with Positive Technologies.
Each time a new set of updates is released through the SiteUpdate system, minute security work is done by the Positive Technologies company.
Thanks to this work, the level of product security is always high.
Digital Vision EA Limited-Bitrix Gold Partner
Have a question?
E-mail us on :
Or call +254-20-21 33865+254-721-440 543
Digital Vision EA Limited-Bitrix Gold Partner
Digital Vision EA LimitedElgon Court, Ralph Bunche Road, Upperhill
Landline+254-20-2133865Cell phone+254 721 440 543
Contact Information
Digital Vision EA Limited-Bitrix Gold Partner