Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...security for dotnetnukesecurity for dotnetnuke
Previous
 
Next
New Post
7/5/2006 11:41 AM
 
Bill Cochran

Joined: 5/20/2005
Posts: 18

I am interested in finding out if there is documentation for securely configuring dotnetnuke on windows 2003 server standard with SQL Server 2005 standard.  Are there other technologies that should not be used with this configuration...for example, should you never install php4?

From my initial impression, dotnetnuke is secure on it's own and windows server 2003 standard is also considered secure out of the box.  So, with a firewall only allowing port 80 and https, the system should not get hacked?...provided the host and admin accounts have secure passwords?

Is there any kind of checklist?  A service that someone uses and can recommend for verifying the security of a configuration?  Perhaps a book I should read?  Or just a point in the right direction?

Thank you for any help you may provide.

Sincerely,

Bill
 
New Post
7/5/2006 12:32 PM
 
Shawn Mehaffie

Joined: 1/4/2003
Posts: 2313
You are correct DNN is pretty secure out of the box, and our security team does a good job closing secuirty hole when they are discovered.  The biggest issue is 3rd party modules.  You really need to test any non-core modules for security risk before using them.  The core team had no control over 3rd party modules, so it all depends on how security conciense the module developer is.
 
New Post
7/5/2006 12:40 PM
 
Bill Cochran

Joined: 5/20/2005
Posts: 18

If a dotnetnuke site were to get hacked, how could you go about finding out what happened?
 
New Post
7/5/2006 3:34 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

Please download the documentation download, in it you'll find a document "Hardening DotNetNuke Installations.pdf", that details some areas where you can harden the default installation of dotnetnuke.

To diagnose a hack on a dotnetnuke site, you would do just what you would for any other website, check the website logs and the event log.

Cathal

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
7/5/2006 6:55 PM
 
timtimtimtimtim timtimtimtimtim

Joined: 11/20/2004
Posts: 358
bnsc wrote

and windows server 2003 standard is also considered secure out of the box.



I'd like to touch on that 1 little comment there.  Before you fully put your trust in Windows 2003 Standard being secure "out of the box", I would suggestion immediately assuming it is not secure out of the box.  I say this because, well, Windows 2003 is not secure out of the box :)

If you google up Win2k3 security then you will find a lot of common things to change, including Windows FW, guest/anon accounts, execute-as accounts (such as IIS network services), and the like.  Also check out IISLock and URLScan.
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...security for dotnetnukesecurity for dotnetnuke


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out