More Security Steps to Protect Your DotNetNuke CMS

What more you can do to protect your eCommerce website

DNN DotNetNuke Website Security CMS

DNN Security Out Of The Box

DNN (DotNetNuke) is already the premier CMS of the US Government due to it's robust security and integration with existing security features.  However even DNN isn't absolutely perfect out of the box, and there are many additional security features that can be put in place depending on your specific DNN requirements. These security recommendations range from simple to complex and cover many different aspects of potential security risks. No guide can accurately assess your specific security needs. If you would like to adequately secure your DNN website, contact Clarity today.

DNN Security encryption authenticationWindows authentication instead of SQL authentication for the DNN Database

Windows authentication is much more secure than SQL authentication. When installing DNN both are enabled by default in ‘Mixed Mode’. You may turn off SQL authentication and run purely with windows authentication. This paired with the next step “Active Directory Authentication” brings your DNN instance under the security umbrella of your Windows Domain security, further reducing the chances of an outside attack. With this security step, your DNN implementation is only as secure as your Domain Active Directory settings. Consider reevaluating your Windows Domain security requirements.

DotNetNuke Active DirectoryActive Directory Authentication For Primary Access

In addition to the former Windows authentication for your DNN database, Windows Domain Security based in Active Directory can be linked with your DNN instance logins and require Active Directory authentication prior to accessing your DNN controls. This is the second step in bringing your DNN instance under the security umbrella of your Windows Domain security, further reducing the chances of an outside attack and providing more control over user permissions.

DNN Authentication Email e-mailDisable Anonymous Email Authentication

It’s recommended that if possible, you configure your email server to not support anonymous authentication. Log into host-host settings, and select basic or NTLM authentication, and provide any necessary username and password (or use the SMTPAuthentication , SMTPUsername and SMTPPassword template values). If using anonymous, it is recommended that you configure your mail server so it only accepts emails from non-routable IP ranges (i.e*/192.168.1.*) and the IP address you’ve configured your web server as.


Clarity Can Help

Security is a serious matter, and is not something that can be fully accomplished with generic steps. Clarity Ventures is a DNN Gold Partner and can help with any DNN requirements you may have. From the creation of an entirely new website and modules, to an audit of your current website. Call Clarity today for a free quote.

Get a Quote: 800.928.8160 (toll-free)

Enterprise eCommerce

Don’t get stuck with a platform that limits your range, Sell everywhere all the time with Clarity eCommerce.

image description