Drupal: Security, Privacy & A Sad Hacker
Richard Clarke once said, “If you spend more on coffee than on IT security, you will be hacked”. In an ever-changing, fast-paced field such as Information Technology, security and privacy have become the main concern. After all, it seems that if you give your data to any company, they either sell it, leak it, lose it, or get hacked. That’s why many companies are treating the security aspect as a part of the Software Development Life Cycle (SDLC).
How Secure is Drupal?
Drupal is considered to be one of the most (if not the most) secured open-source Content Management Systems (CMS) in the market. That’s because the security feature is included in its core functionality. For example, Drupal has a security-based feature as Brut Force attack detection, 256-AES (military level) encryption algorithm, and granular user access control.
Security Features in Drupal
While we have mentioned multiple security features in Drupal, these are not the only features or reasons to choose Drupal as your own secured CMS. Since security is a part of Drupal’s core, it offers more features than meets the eye. Besides a team that is specialized in security that will always check for vulnerabilities and release security updates, Drupal offers you:
- Password Encryption: The password you set to Drupal upon installing it, is encrypted with the SHA-512 function. The SHA-512 function performs 80 rounds of encryption for each character in your password. That means it’s virtually impossible to decrypt it.
- Access Control: You can configure your access control with you having full control in each case. By that, you ensure that each user is limited to exclusively his role.
- Database encryption: Drupal allows you to encrypt your database. You can either encrypt certain parts or your entire database. These types of encryption allow Drupal configuration to pass any of the privacy standards or encryption laws.
- Role Delegation: This module allows you to give certain users the ability to manage other users. This allows you to manage your users efficiently without giving any other user full permission.
- ClamAV: This module is integrated with Clam Anti-Virus. That means, each file you upload is scanned with the anti-virus to ensure it’s not infected and it’s safe to save it in the Drupal Files system.
- Mass Reset Password: This module allows you to reset the password for all the accounts you have at once. It also allows you to notify certain users with a specific role about the need to reset their passwords. The notification can be customized which gives context to the users.
- Username Enumeration Prevention: This technique is used by anonymous users to identify valid users on a website. Once confirmed, they can use it to perform cyber-attacks. Drupal offers protection against this technique by hiding the usernames and not showing them in the configurations.
- Audit Log: This log allows you to see the full activity of your admin users. This is genuinely needed when a security incident occurs and you need to know whether it was intentional or just a user error.
In IT Enterprises, the need has become dire for a secure CMS. And while many are secured, they remain closed source. This is where Drupal comes. It’s an open-source CMS with the most up-to-date security features that will protect your data, ensure the privacy of your content, and add one more sad Nigerian prince to your list.