navigating online threats - website security for everyday website owners
TRANSCRIPT
Website Security via Sucuri
Navigating The Online Security Landscape
Roadmap to a Safe User
Experience
Tony Perez
@perezbox | @sucuri_security | http://perezbox.com | http://tonyonsecurity.com
@sucuri_security | https://sucuri.net
Who are we?
• Mitigate 50 million+ attacks a month.
• Scan over 3 million+ domains
• Respond to 500 + security incidents
• Secure 300,000 + websites like yours.
We clean and protect
websites, so you don't have
to.
Who am I?
❖ Work at Sucuri
❖ Website Security Professional
❖ Security blogger
❖ Business blogger
❖ Technology blogger
❖ and..
“As website owners we have a responsibility to 1)ensure that those that interact with our websites have a safe online experience and 2) to be good stewards of the internet by ensuring our websites
aren’t abusing it’s resources. ”
Tony Perez | Sucuri
❖ Regardless of where the website lives, the environments
are complex.
❖ There are a number of interconnecting components that
make your website operate.
❖ It’s a combination of hardware and software, meshed
together, that brings it to life.
Complexity does not begin to describe the various components required to
keep your website functional.
Types of Configurations
MANAGED
❖ wordpress.com
❖ squarespace.com
❖ wix.com
❖ tumbler.com
❖ rainmaker.com
SELF-HOSTED
❖ wordpress.org
❖ godaddy.com
❖ bluehost.com
❖ joomla.org
❖ dreamhost.com
Threats exist regardless of which approach you take. The difference, like most things in security, comes down to
your personal risk posture.
Website Attack Vectors
MANAGED
❖ Access Control
SELF-HOSTED
❖ Acces Control
❖ Exploitation of software
vulnerabilities
❖ Exploitation of web server
environment
Search Engine Result
Pages (SERP) are our
prized possessions as
content creators.
It takes months, if not
years to build good
ranking. Yet, minutes to
lose and months to rebuild.
“As a species, we are risk adverse when it comes to gain, but risk seeking when it comes to loss…”
- Bruce Scheier (BlackHat 2014)
Confidentiality
Integrity Availability
Data kept private
Data not modified Systems Available
Model designed to help
you think about your
own security posture.
How much security
should you consider?
Managing the security of your website is not a Do It Yourself (DIY) project. If what was discussed here is foreign to
you, then it’s a good time to seek professional help.
“Security is not a singular event or action, but rather a series of events and actions. It begins with good posture and the responsibility begins
and stops with you.
- Tony Perez | Sucuri