2. • Armel Nene – Founder and Chief Software Architect
• ETAPIX Global – Founded in 2006
• Key focus on Open Source Software implementation
• Over 5 Liferay implementations in the last 3 years
• Experienced from Banking, Digital
Agencies, Recruitment and Telecom
HACKING LIFERAY - ARMEL NENE 05/03/2013 2
6. Here are 5 key points in securing your OS
• Secure all network communication – do not use FTP, Telnet and
Rlogin
• Disable “ROOT” login – use SUDO to execute root level
commands
• Install a firewall and block unnecessary ports
• Linux Kernel Hardening ( /etc/sysctl.conf)
• Disabled unwanted services and uninstall unnecessary software
HACKING LIFERAY - ARMEL NENE 05/03/2013 6
8. Here are some basic MySQL Security best practices
• Set a root password for MySQL
• Remove all anonymous accounts
• Disable non-local root access
• Reload privilege tables to apply changes
• Enable SSL connection, the default connection is
unencrypted
HACKING LIFERAY - ARMEL NENE 05/03/2013 8
10. Tomcat has been the most popular application server for
Liferay deployment, based on our projects.
Here is some guidelines for securing Tomcat
• Disable Tomcat shutdown port
• HTTP connectors only to designate IP addresses
• Disable non-local root access
• Configure the “ciphers” attribute used for SSL connections
• Serve all contents through HTTPS
HACKING LIFERAY - ARMEL NENE 05/03/2013 10
11. Liferay popularity is rising very fast and many companies are
using it on the open web. On the web, Liferay is vulnerable as
any other web sites.
Here is some guidelines for securing Liferay
• Override all the Admin portlet defaults such user / pass
• Set the preferred protocol to HTTPS
• Secure all tunnel servlet – JSON and Liferay Tunnel
• Secure the Spring Remoting & WebDav Servlets - HTTPS
• Choose a strong password encryption algorithm
HACKING LIFERAY - ARMEL NENE 05/03/2013 11
12. When deploying Liferay in production on the Open
Web, attackers can try to gain access:
- Operating System vunerabilities
- SQL vunerabilities
- Tomcat and Liferay ( Web Application) vulnerabilities
Make sure to secure your system if you do not want to be
a victim.
HACKING LIFERAY - ARMEL NENE 05/03/2013 12