Starting Your Baseline
Baselining your site can yield quite a bit of valuable information. Some of that information will be useful to you on a regular basis. Following are some baseline items that are general to most sites:
- Inventory — What is installed on your site and your server?
- Version control — What are the versions of the installed extensions?
- Patches — What needs to be updated?
- Security holes — Do you have any software or settings (such as open ports) that may be a cause for security concern?
- Improvement of workflow — In going through your site, do you see anything that is causing poor performance, such as an older (but not insecure) package installed on your CMS? Or do you have users with too much access?
Determining this baseline gives you a good handle on what you are specifically dealing with in your site. You may have other questions and responses you want to add, depending on your site.
The following sections take a closer look at a couple of items on that list.
Taking Inventory
When you review your website, you may easily find third-party add-ons that you forgot about. Although they may be disabled on the site, they could be a point of attack. Alternatively, the add-on may have been installed with a valid software installation, but it is simply out of date and vulnerable. Either way, it's during this inventory period that you can begin the baseline process by capturing all the data in a spreadsheet.
At a minimum, you should capture the following information:
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
