Securing Your Drupal Stack

In the world of security you're only as safe as the weakest link in your chain. You need to secure your Drupal site(s), your operating system, your services, your network, and even most of that can be undone by one bad administrator password. In this session we'll review strategies for securing your Drupal sites and their dependent services. We'll look at best practices for auditing your Drupal sites and for configuration gotchas.

In modern and highly containerized environments whole new challenges present themselves. We will discuss best practices for avoiding having out of date containers compromizing the security of your infrastructure. We will walk you through strategies for keeping your containerized services up to date without the luxury of a global `yum` or `apt-get` update.

We'll also look at the role of securing servers with firewalls, openssh systems, and with securing access using HSM devices.