You carry money to the Bank, Banks carry money to Bitrix
Security requirements for financial companies should be as stringent as possible. We looked at the websites of the leading banks in Russia and foreign branches and found that many banks leave open access to the Bitrix administration panel. That is the folder / bitrix / admin /
Below is a list of banks from the first 40 in the Yandex catalog.
DeltaCredit
')
BTA Bank
AK Bars
Globex Bank
Moskommertsbank
Nordea
Sobinbank
Uniastrumbank
Insurance company on our list. AlphaInsurance
Now the banks that closed access.
On the website of the Moscow Credit Bank protection is implemented on the basis of the server, through .htpasswd
In our opinion, before the site of the bank, it is necessary to close access from the outside and block at the ip level.
Such a correct decision was implemented on the sites of the banks Trust and the Agricultural Bank.
At the same time, Bitrix itself provides security settings to hide access to the folder.
Details about this are described on Habré in the Beatrix’s blog. And it is ip level protection that can be easily implemented in the system.
Restricting access to the administrative part by IP
Very often, companies strictly regulate networks that are considered safe and from which they allow employees to administer the site.
We have developed a special simple interface that allows you to specify a list of IP addresses or address ranges from which you can manage the site. The system checks that you do not close yourself access at the time of blocking. But in general, if you wish, you can make such an error :) in this case, look at the settings of the Proactive Defense module. There you will find the path to the IP lockout check box. For each project, this is a unique file name.
By configuring this option, you can easily and very effectively protect the / bitrix / admin / folder from access from outside your networks.
The setting is required to get the security level High.
http://habrahabr.ru/company/bitrix/blog/57171/
Conclusions everyone makes himself. Which of the banks should be entrusted with their money, and in which bank the word “security” refers not only to the verification of credit histories, but it works all the way around. In particular, in the field of "information security".
Below is a list of banks from the first 40 in the Yandex catalog.
DeltaCredit
')
BTA Bank
AK Bars
Globex Bank
Moskommertsbank
Nordea
Sobinbank
Uniastrumbank
Insurance company on our list. AlphaInsurance
Now the banks that closed access.
On the website of the Moscow Credit Bank protection is implemented on the basis of the server, through .htpasswd
In our opinion, before the site of the bank, it is necessary to close access from the outside and block at the ip level.
Such a correct decision was implemented on the sites of the banks Trust and the Agricultural Bank.
At the same time, Bitrix itself provides security settings to hide access to the folder.
Details about this are described on Habré in the Beatrix’s blog. And it is ip level protection that can be easily implemented in the system.
Restricting access to the administrative part by IP
Very often, companies strictly regulate networks that are considered safe and from which they allow employees to administer the site.
We have developed a special simple interface that allows you to specify a list of IP addresses or address ranges from which you can manage the site. The system checks that you do not close yourself access at the time of blocking. But in general, if you wish, you can make such an error :) in this case, look at the settings of the Proactive Defense module. There you will find the path to the IP lockout check box. For each project, this is a unique file name.
By configuring this option, you can easily and very effectively protect the / bitrix / admin / folder from access from outside your networks.
The setting is required to get the security level High.
http://habrahabr.ru/company/bitrix/blog/57171/
Conclusions everyone makes himself. Which of the banks should be entrusted with their money, and in which bank the word “security” refers not only to the verification of credit histories, but it works all the way around. In particular, in the field of "information security".
Source: https://habr.com/ru/post/77625/
All Articles