Security for your intranet is performed by Bitrix’ unique Proactive Protection module, which combines technical and organizational measures to combat potentially malicious code that has undergone modification and whose function is still unknown. The Proactive Protection technology significantly increases security of web-based applications.
Protection level settings in Control Panel
Proactive filter (Web Application FireWall)
One Time Password technology
Protection of authorized sessions
IP based Control Panel protection
Script integrity control
Any website based on the Bitrix Platform is preconfigured at the Basic protection level. However, you can improve the site security significantly by selecting one of the Proactive Protection module presets: standard, high or highest. The system will show you tips about any parameter you may need to configure.
The Web Application Firewall protects the system from most known types of web attacks. The filter recognizes dangerous threats in incoming requests and blocks intrusions. Proactive Filter is the most effective way to guard against possible security defects in a web project implementation (XSS, SQL Injection, PHP Including etc.). The filter fully analyzes all data received from visitors in variables and cookies.
The Bitrix Web Antivirus is not designed to replace standard antivirus programs installed on your computer. It cannot monitor or filter your FTP traffic and prevent a Trojan virus from intruding into your website, or screen any of the documents contained on the web server or local computer, and it cannot detect any virus-infected .pdf, .doc or flash files. But it is a great enhancement to your security and to the security of your site visitors. Importantly, there is a "white list" that helps the program avoid false alerts and differentiate between bad code segments and the good ones.
We recommend that you use the Bitrix Web Antivirus in addition to your regular antivirus program to enhance the security level of your web projects. Combined with the safety features provided by a locally installed antivirus program, the Bitrix Web Antivirus greatly enhances the security level of your web projects.
The intrusion log registers all events occurring in the system including uncommon, suspicious and malicious events. The log is updated in real time so you can view the events as soon as they have been registered. This feature enables you to discover attacks and intrusion attempts while they occur, so you can riposte immediately and even prevent attacks.
The Proactive Protection module supports one-time passwords for any site users. This feature is especially recommended for site administrators since they significantly improve security of the “Administrators” user group. The concept of one-time passwords empowers the standard authorization scheme and significantly reinforces the web project security. The one-time password system requires a physical hardware token (device) (e.g., Aladdin eToken PASS) or special OTP software such as the Bitrix OTP for mobile devices built on BitrixMobile technology. A password stem is supplemented by the series of generated number. Password theft or interception is absolutely excluded because a password can be used only once.
File integrity control helps an administrator reveal maliciously or mistakenly modified system files. You can check the integrity of the system kernel and other system or public files any time.
This type of protection strictly regulates which users are allowed to access Control Panel. All you need to do is specify the allowed IP addresses (or a range) from which the Control Panel can be accessed. Users permitted to access the Control Panel in accordance with their access level will nonetheless have to log in from a permitted IP address. There’s no need to worry about not adding yourself to this list: the system will check your IP automatically.
What effect will this protection produce? XSS/CSS attacks become ineffective, and interception of authorization data becomes absolute useless.
Most web attacks are intended to steal an authorized user’s session data. Enabling session protection makes session hijacking impossible. Use of session protection is one of the most effective and necessary security measures for administrator accounts.
In addition to the conventional session protection options that are available in the user group parameters, the session protection mechanism includes some special, even unique, features.
Storing session data in the module database prevents data from being stolen by running scripts of other projects on the same server. This approach prevents virtual hosting configuration errors, bad temporary folder permission settings, and other operating system-related errors. Additionally, it reduces file system stress by loading the database server with these operations.
Activity Control lets you protect the system from profusely active visitors, obtrusive bots, some DDoS attacks, and password brute force attacks on passwords. You can also set the maximum allowed activity for your site (e.g. number of requests per second a user can perform).
User activity control is built on the Web Analytics module's mechanisms and requires this module to be installed.
The stop list contains parameters used to restrict access to a site and possibly redirect to a specified page. Any visitor matching the stop list criteria (e.g. an IP address), will be blocked.
Documentation: Proactive Protection Guide|
Training Course: System administration
Blog: Is Intranet Security a Myth?