First of all, the conclusions
It’s a big article, and it’s a bit boring. So I decided to write my conclusions at the beginning to increase the chances that you will read them. So, looking at the size of this post, it may seem that it is easy to get confused in the whole variety of Bitrix security tools. But it is not so. All of them are rather simple.
For an ordinary user who doesn’t know too much about technical details of site development, it’s enough to know where to look at the report on the current site security, to be able to launch a security scanner and a quality monitor (both are done in one click). There are places where you can see single bulletins – simple and clear.
Thus, you don’t have to be a security specialist to monitor security in Bitrix, just as you don’t have to be a web analytics expert to watch your site’s traffic in Livinternet or Yandex.
Site security is a thing you can’t ignore. Or you can, until the first time you have problems. Bitrix is very cool in terms of security. And most importantly, it gives the site owner clear tools to evaluate the security (as well as many other important things). About all this will be in the article.
Proactive protection against site hacking
Bitrix has a range of technical and organizational security tools and measures that are collectively referred to as “Proactive Protection”.
All the tools listed in this section are available from the 1C-Bitrix Standard edition and above (they are not available in the Start edition). For some of them the “Web analytics” module is required, it is mentioned separately.
Web Application Firewall
Protects the site from hacking through most known attacks. The filter identifies potential threats and blocks intrusions into the site, analyzes all data that comes from the visitor, and filters out what it considers suspicious. The filter protects the site from hacking, including due to security errors made by developers.
The proactive filter logs the attack attempts in a special log file and also informs the site administrator about the intrusion incidents. The filter allows you to block the attacker by adding his IP-address to the stop list.
Web antivirus. Protects the site from viruses.
The easiest way to protect a site from a virus is to use antivirus on your computer. Infecting the site with a virus usually comes from the administrator’s computer, which has access to it, not because the site sits on the Internet for a long time :-).
Therefore, the main task of the web antivirus is to notify the site administrator about the infection. The virus on the site means that the virus may also be present on the administrator’s computer, and you need to take action.
Web-antivirus works on the site, not on the administrator’s computer, so you need a regular antivirus.
Depending on the settings that will be set, the Web-antivirus can either only inform the site administrator about the suspicion of a virus, or automatically detect dangerous areas in the HTML code of the site and “saw” suspicious iframe and javascript.
With Anonymousone, it is possible to add exceptions so that the antivirus stops working on safe but suspicious (in his opinion) parts of the code.