Experts in the field anticipate cyber-crime in 2012 could rise as high as 7000% from 6 years ago

Wow, the more we learn about web security these days and the capabilities of hackers, the more we are in awe! So many folks do not adequately protect their web assets from even the many common or well know threats and vulnerabilities let alone the even more dangerous cyber criminals that could completely steal your identity and milk your bank accounts.

In a recent security audit we found that if you are not protected with a tool like Secure Live (www.securelive.net) and other server side security monitoring solutions, hackers can find ways to penetrate the deepest levels of your server environment by installing stealth scripts that allow them to do just about anything they want with your data and any other data stored on the server. These scripts can be buried layers deep in directories that you would never find and could go virtually undetected allowing the hacker to leverage your server for a variety of exploitations.

This is serious stuff folks!

Stats on cyber-crime over the past 6 years:

• 2008 - 2009 +22%
• 2009 - 2010 +56%
• 2010 - 2011 +726%
• 2011 - 2012 +2965% at a cost of 216.7 billion dollars
• Competitors and disgruntled employees make up over half of the cyber-attack sources

These are not just kids anymore having fun by putting up a picture of a penguin on your index page just because they can… to be cool in some underground community. Let’s say that your web site gets hacked by someone that could access the entire server or even worse a whole cloud environment where they could download databases with credit card numbers and other personal information. Maybe you are doing all of the right things to protect folks from getting in to your web site from the front end but what if someone came in from the server back door any time they wanted, and they were able to get in and take what they wanted and then get out again without you or anyone else even knowing about it? What if a hacker found out this open door into your site and broadcast it to every other hacker on the internet? Can you imagine how vulnerable you could not only be yourself but how vulnerable you could make your customers if you do not take adequate steps to protect their trust in you?

I used to work for a Government contractor and achieved a security clearance because it was required for the information and content I was exposed to. When you are working with highly sensitive or confidential data the importance of security is driven into you in a way that the process of proactive protection has to become a natural reflex. They do this by constantly keeping you alert and they require annual refresher courses just so this stays at the top of your thought process. It actually is everyone’s responsibility to protect and be on the look-out.

In the commercial world I think this attention to creating a proactive culture for security can get diverted by economic conditions or other priorities at a given moment. There is usually not a specific protocol to follow nor consistent training available especially in smaller and mid-sized companies. In addition, many folks do not know the right questions to ask nor do they fully understand the technology or the consequences and thus leave themselves vulnerable to the whims of a crafty cyber hacker. Since over half of cyber threat activity comes from your competition or former employees you need to also take proactive security measures off line as well.

Locking down open source web environments:

In our little corner of the world with Joomla, Drupal and other open source technologies we have to pay special attention to this and try to share as much available information to inform our customer on best practices for protecting their investments as well as how they can be the most proactive with security.

What can you do?

1. Make sure you work with a technical support team that is proactive about security.
2. Stay in the loop on the latest trends and vulnerabilities
3. Learn to ask the right questions and make them habits
4. Train your team and establish protocols and procedures to follow
5. Keep your web applications up to date
6. Use SecureLive to monitor and lock down your web portals
7. Never let security slip from the top of your priority list.

Remember a hacker is like a cancer, if you catch it in time you can prevent it from spreading or getting beyond control but you must completely remove it once it is discovered and make sure you monitor your vulnerability while keeping health conscious habits. However, the best defense is always prevention.

There are many sites online you can review to stay up on this and I recommend a few Google searches to explore the available information online but here is a good web site to monitor for security breaches that you can proactively respond to:

http://www.exploit-db.com/webapps/

In addition with open source projects like Joomla! CMS they have a whole team dedicated to security. We post an rss feed directly from Joomla in our news section on www.joomladesignservices.com and try to get timely notifications out to our clients with required actions and recommendations.

Comment (0)

This article reviews approaches to developing custom extensions vs “hacked” code solutions for a Joomla CMS but the principles are more universal in concept.

First let’s explore some of the many definitions of a “code hack”, not to be confused with a commonly known intruder typically known as a “hacker”.  Then we need to define what we are referring to as it relates to developing a quality Joomla CMS portal. Below are some quotes I found on the web related to a code hack that range from an appropriate method for solving a coding problem vs someone with limited skill providing a less than adequate mess of “spaghetti code”. The term “hacker” traces its origins back to making rough furniture with a hatchet and a stump. That seems to fit nicely — a very quick solution that solves a particular problem good enough. This approach would not equate to the fine craftsmanship of a quality piece of furniture nor offer the longevity for a sustainable solution.

A few definitions I found online (I am sure there are more):

1. “An incredibly good, and perhaps very time-consuming, piece of work that produces exactly what is needed”
2. “to cut or sever with repeated irregular or unskillful blows”
3. “an appropriate application of ingenuity.”
4. “a quick-and-dirty patchwork job”

So the real question here is: When and why should I use a code hack vs a packaged extension?

I want to focus this article’s reference in regard to number 3 and 4. Sometimes there is not enough time or available resources to implement a solution to its fullest extent but you need to resolve a problem quickly yet effectively for the intended purpose. This would mean that you alter the core code in a way that solves your problem but perhaps would need to either be implemented again or maintained over the evolution of your project. Many times though unfortunately developers do not always leave good comments or breadcrumbs for keeping up on these modifications and thus when you upgrade your site you are left with the same problem all over again.

How “Joomla specific” are the developers you are working with?

If your developers are good at sharing comments and notes related to the changes then a hack can often be the “path of least resistance” and least expensive way to meet your challenge. However, if this is not the case then you need to make sure that you work with professional Joomla extension developers to make sure you get a clean bundled installable Joomla extension that can be easily maintained with version control and change logs.

Properly developed and packaged Joomla extensions cost a little more to complete upfront but significantly reduce the headaches, hassle, maintenance and expense over time. It has been our experience on larger more complicated projects you always want to choose to spend the extra time and money up front to have a proper extension built for your solution and when it is not possible to bundle the solution completely that you get clearly defined change logs that you can refer to the next time you have to upgrade your site. Remember in the world of open source you really need to keep your environment up-to-date and current to reduce potential security breaches. Try not to be short sighted in your approach or it may come back to bite you later if a bad guy “Hacker” with ill will finds a way to interrupt the presentation of your web site.

CNP Integrations specializes in developing custom components, plug-in’s, and modules for Joomla! CMS. For more information or a free consultation with a project manager call: 1-508-644-1553

Comment (0)

Mobile applications are growing in popularity and it is becoming increasingly important now that you tailor your web portal to be supported in mobile environments. Fortunately Joomla! CMS has several extensions and template configurations that will offer this capability.

Start with a smart template:

Using a third party template vender for your design foundation can save you a ton of time and money when implementing a mobile strategy for your site.  Rocket Theme or YooTheme templates for are a good example of template venders that have built in features for presenting your portal on mobile devices. You are allowed in these templates to configure primary menus for a mobile user which allows you to segment content just for your mobile user. This is often a good idea if you have a portal that leverages a lot of 3^rd party components since not all components will display as well as others in a mobile browser. There is also a great component/template extension called “MobileJoomla” which is simple to install and works pretty much right out of the box. It is very important to test and view your portal on the targeted mobile devices so you can see what your users are seeing and adjust where required to create an optimized mobile user experience.

Do Not use Flash:

I sooo love flash interactive for some of the cool things you can do with it but unfortunately this does not work on iphones of ipads and many other mobile devices so you need to not direct users to any pages with flash content.

Smartphone Applications:

Sometimes you may want or need to have an actual application available for your portal to take advantage of unique features. For example if you are using JomSocial for a site with a social network you may want to consider getting an branded application for your portal from the folks at iJoomer.com. What I have noticed is that the JomSocial pages do not display well in a normal browser experience on most smart phones. However with an iJoomer application branded to your portal smart phone users can download from their phone and access these features in very nice mobile layout.

Overall there some good tools available now and surely more will evolve over time so make sure you think through your user experience for mobile users when designing your Joomla portal.

CNP Integrations builds and customizes portals for mobile and can help you with this. Feel free to call for a free consultation on your next Mobile Joomla! CMS portal project. 1-508-644-1553

Comment (0)

Joomla! SEF Kickstart for implementing search engine friendly URL’s on your Joomla site.

Start by researching the features of the available Joomla CMS extensions and map their features with the particular needs of your site.

Here are several components you should consider:

1. aceSEF - http://www.joomace.net
2. SEFAdvanced - http://www.sakic.net/products/sef_advance/
3. Sh404 - http://anything-digital.com/sh404sef/seo-analytics-and-security-for-joomla.html
4. ijoomla SEO - http://seo.ijoomla.com/

Of course you can also browse the extensions directory over at Joomla.org for tools like site maps and other SEO extensions: http://extensions.joomla.org/extensions/structure-a-navigation/site-map

Make sure you read the installation directions for the particular component. Then, in the admin area you will install the components and configure the SEF settings in the general configuration area of 1.5 or 1.7+

Tips:

• Make sure you have a good back up of your site and that you test your URL’s and menu links directly after installing the component of choice.
• Carefully choose a naming convention that matches your targeted keywords. This will dictate the effectiveness of your SEF.
• Remember that most of the SEF components require extensions or plugins to support the particular Joomla extensions you have added to your site configuration. Be sure to review the list of components installed on your site and review the available libraries of supported components to make sure the component that you chose will meet your needs and offer SEF for the tools you plan to use.
• Remember to get all of your internal links done before you turn on SEF since you are going to want your site to not break if you have to toggle between turning SEF on and off. Let the SEF tool and your carefully chosen naming conventions for sections and categories do the work for you.
• If you need professional support installing Joomla extensions, building custom extensions, troubleshooting technical issues or optimizing your installation you can go to providers like CNP Integrations to get help and expertise: www.cnpsupport.com

Remember SEF can be tricky and easily bring your site down so try not to do this work during peak traffic times on your site.

Comment (0)

Joomla! CMS project Mistake Number Three: Having bigger ideas than your budget, resources and time will allow or than what is actually needed to provide the intended solution.

Often times we get a client with a relatively small budget and limited web experience that wants us to do all of the work and expects a fully functional Amazon type of ecommerce web portal system. Needless to say this is rather unrealistic. Robust features and capabilities are abundant with few limitations when building a portal system using Joomla! CMS. This platform is built on open source code and you can leverage over 7500+ 3^rd party extensions. However, where you do have limitations is in the skill level and resources available from the principle instigator as it relates to the scope or vision they want to implement.

Avoid Scope Creep

As a creative guy myself I have been the king of scope creep in the past on my own projects when I start letting my imagination wonder on all of the possibilities. I am though easily wound in when I start thinking about how much time it is going to take me or my team to make these ideas a reality.

One of the challenges I have as a consultant is being that translator between the visionary ideas of the project and the practical programming aspects required for the content experts to achieve the most realistic outcome and managed expectations.

Build a Realistic Plan

If you are starting a project it is great to map out all of the cool ideas and WOW! factor as long as you can hone this down to a realistic project plan that will be within your means and present your ideas in ways that never overwhelm your end users. Not to mention that you want to see the best value for your investment in a Joomla! CMS system tailored to your business goals. One of the tools I like to use to get everything in perspective early in the planning process and throughout the project is a mind mapping tool called mindjet (www.mindjet.com).

If you know the end goal and can plan the phases of your project with the proper milestones this will help you know when it is appropriate to move to the next phase. It will also allow you to hold your purse strings in a way that you get the best return on your investment. With that said not spending enough on maintenance and support over time can be just as risky.

Make Sure you have the Right Technology Strategy for the Targeted Goals

A while back we did an extensive strategy session for a client and together we came up with a fantastic quadrant map of their customer base, the top 20 questions they would want to ask their clients and this discussion evolved into what could have been a very cool online tool for their Joomla! CMS eCommerce web site. Hey, we would have loved to build this and our programmers would have eaten well and sent their kids through college from the level of work it required.

As a consultant though looking out for the best interest of the client I had to tell them to first evaluate how many times this form process and application would get used and would this really be a good investment at that point in the project? I went on to suggest that they could real in a lot of customers with a manual process and be more affective with a personalized interaction first and then if they get overwhelmed with more work than they could handle perhaps then this would be a good investment to consider at that time. As it turned out the personal approach I recommended was a far better end game for their marketing approach and business success. Even though the owner was passionate about building this tool, everyone won from taking a step back and getting perspective.

Be Careful not to put your Business at Risk

If we would have eagerly taken on the development project as they wanted us to they would have spent a ton of money that would have not been a good return on their investment and thus put their business at risk. So even if a client has the money to spend “right now” we still have to ask;

• Can you afford this and how much should you invest over what period of time to protect your investment?
• What features are going to give you the greatest return and where should you place your priorities?

Even though not every return is tangible you have to be careful to keep the right balance between value, perspective and risk. The last thing any business or project needs is to run out of money before you reach a satisfactory or useful level of completion. A half-baked solution is mostly useless.

Give your customers what they need and you will be successful!

We ended up with more business from this customer by giving the right advice, the customer ended up growing more business through a personal approach and the end user received a higher level of customer support and personalized service. They turned out to be one of our greatest success stories.

In conclusion make sure you ask the right questions as you bring your project into scope, be realistic in what you can afford both in time and treasure and remain focused on what is essential to meeting the needs of your end user. Of course somewhere in this mix you want to keep enough of your vision and creativity to make the site your own and be able to stand out in a crowded web space.

Comment (0)