Hi All,

I have created a procedures Drupal site that is stand-alone and SSL secure.

Our internal It department is concerned that this site can be a threat, and a conduit for hackers to get in to internal network.
There is nothing connecting the internal network to the Drupal site except a reference path of users going to the site for info.

In my amateur opinion, it seems to be about as locked-down as it can be, but then again, I know nothing about Black Hat.

Can anyone enlighten me as to the threat that I may have created to my companies internal network?

Comments

Jaypan’s picture

Shouldn't they be explaining that? If they want to claim it's a threat, they should back that claim up.

Drupal itself is very secure, and has a dedicated security team that checks up on Drupal core and 3rd party modules.

VM’s picture

makes me wonder how they justify running php on the server or anything for that matter.

Jaypan’s picture

Yes. When it comes down to it, they are asking for proof of non-existence.

shambly’s picture

thanks for your comments Jaypan and VM.

maybe I should ask, has anyone had experience with these kinds of sites becoming the entry point for malicious network activity?
what to watch out for?

VM’s picture

That's a broad question. I suggest if you want to learn about these types of things to get a few books and google some relevant information about server and network security.

Jaypan’s picture