Fares Hassan Amirul Asyraf Asma Huysan Mayedah Farahanim

CMS(CONTENT MANAGEMENT SYSTEM)PROBLEM

Hacker CMS A lack of editor and admin control

Lost Important Document

Uncommitted contributors

PROBLEM TOWARD CMS

Injection to SQL database it may cause the database lost everything the data that the most important component of the CMS for example :

Sometime they use exploit code from exploit-db.com , When the hacker get access to the Admin Cpanel their actually will steal and modified the important data. For example what hacker do is deface!

EXAMPLE DEFACE PAGE

This thing happen because their change some content in your CMS. This is a small problem that hacker do. What the solution to avoid this problem?

LOST IMPORTANT DOCUMENT IN CMS

This is the incident happen between Hbgary and the famous hacker group knowly Anonymous has been hacked and revealed all the email and data from Hbgary and the CEO of HB Gary resign because this incident. Some of the documents taken by Anonymous show HBGary Federal was working on behalf of Bank of America to respond to Wikileaks' planned release of the bank's internal documents.[4]. [23]"Potential proactive tactics against WikiLeaks include feeding the fuel between the feuding groups, disinformation, creating messages around actions to sabotage or discredit the opposing organization, and submitting fake documents to WikiLeaks and then calling out the error. (Wikipedia)

WHAT IS THE SOLUTION?

Install CMS anti-hacker module into your CMS (Example For Joomla CMS)

MySQL protect solution. You should use a strong password to protect MySQL accounts all the time.

You should always try to check release notes. There is a detailed list of changes in every version of MySQL and you need to check them out. It is very essential to recognize the changes in your release to keep track of probable bugs that your application may exploit.

But in my opinion this problem can be overcome only because the system always up to date and the hacker can find more security hole.

Online Back-Up Norton SOS

This both panel are for online data backup its mean all data from CMS that we put in our server or another server can be back-up by sync online.

Offline Backup This is the problem happen when there is no internet connection their can be the only one solution is the using central axis network drive.

This drive can sync and backup data in offline mode only in LAN,P2P only because this drive sometime become portable and can be move everywhere.

Recognise the importance of the web (management system) The website needs to be seen as a critical business tool and job descriptions must reflect this by making site maintenance. Ideally this should be somebody who has experience in writing and editing online copy. However, the most important thing is that this person feels confident in editing copy, and has the authority to remove inappropriate material.

Get an editor

http://boagworld.com (credit)

LEARNING MANAGEMENT SYSTEM (LMS)

Also the time of the system that can be highly online also not easy to make online appointment or tuition with a teacher.

The explanation is not clear or trouble

Lack of operator or virtual teacher.(B OT)

EXAMPLE OF LMS FOR SECONDARY AND PRIMARY SCHOOL IN MALAYSIA

SOLUTION
When the traffic increase, also the teacher have to make a timetable for online meeting between student and teacher via online.

Also the explanation must be in video or tutorial that can make it easy to understand My suggestion using a teamviewer or skype to interact with a student.

RECORD MANAGEMENT
Illegal operator that can change the content in the RM for example their change their account or indentity by accessing the RM panel in office . Example of illegal operator : who get pay by someone to change the important data. Also the record in the RM is easy to exploit by someone that know more detail about the code behind extranet. Most of RM system using extranet because it is a private network that nobody can access it but some of the famous hacker Micheal Calce he can bypass the access into extranet then steal about 8Million Dolor money using banking customers service account. He said that our network today is not the safe place to store important data .

SOLUTION
Make your network firewall become more strong and stay up to date also you can try using end point security because it always announce you about new threat that locate in your network.Some of threat are trying using the technique brute and force to bypass extranet.

Store all the record into DBMS (database management system) that can easily protect your data from unresponsible hacker also some of your data can be in safe condition.Because DBMS are really best way to store data.

CONCLUSION
We must aware and stay up to date and read all the release note about CMS for example joomla you need to patch the security module when you upgrade the version of CMS because that can protect or overcome your CMS from hacker attack and also all kind of Management System need to think far about how to produce a good Management system that can be classified as user friendly for user to use and interact. Someday Management system will be important for all human being to adapt on their own life.For example now the in campus life the main system for student to check out or study is CMS that can easily help student to get

Hackers are everywhere and computer is not god made it is human made.
the information just only one click.