Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
By shambly on
Hi All,
I have created a procedures Drupal site that is stand-alone and SSL secure.
Our internal It department is concerned that this site can be a threat, and a conduit for hackers to get in to internal network.
There is nothing connecting the internal network to the Drupal site except a reference path of users going to the site for info.
In my amateur opinion, it seems to be about as locked-down as it can be, but then again, I know nothing about Black Hat.
Can anyone enlighten me as to the threat that I may have created to my companies internal network?
Comments
Shouldn't they be explaining
Shouldn't they be explaining that? If they want to claim it's a threat, they should back that claim up.
Drupal itself is very secure, and has a dedicated security team that checks up on Drupal core and 3rd party modules.
=-=
makes me wonder how they justify running php on the server or anything for that matter.
Yes. When it comes down to
Yes. When it comes down to it, they are asking for proof of non-existence.
thanks
thanks for your comments Jaypan and VM.
maybe I should ask, has anyone had experience with these kinds of sites becoming the entry point for malicious network activity?
what to watch out for?
=-=
That's a broad question. I suggest if you want to learn about these types of things to get a few books and google some relevant information about server and network security.
You can also read this
You can also read this article: https://drupal.org/documentation/is-drupal-secure
Edit - and this one too: http://www.acquia.com/blog/keeping-drupal-secure