Category: Security

Posted on

NEW Tendenci version bump 15.3 & 15.3.1

Tendenci version bump 15.3.1

New Tendenci Version Alert!
The latest version of Tendenci, 15.3.1, is now available! 🐾🤓 As an Open Source platform, all of the code is fully visible and accessible to everyone. Developers, please ensure your Tendenci projects are upgraded to take advantage of the latest features, improvements, and security updates.

Tendenci’s updates boost security, streamline reporting, and add valuable features, ensuring a smoother and more efficient experience for all users!

All of the code is located on GitHub. The ChangeLog serves as the repository where you can find all software versions and their corresponding details. Open Source also signifies that it requires a collective effort to make significant changes in the world. The TedenciDEV Team (the creative women-led team behind the software) holds immense respect for everyone contributing to the improvement of Tendenci software. We wouldn’t be here without you.

Upgrade today to Tendenci 15.3.1 to stay ahead! Read the Docs https://tendenci.readthedocs.io/en/latest/upgrade/upgrade-to-tendenci.html

Later, fur-riends! Woof woof

TendenciDEV Team

Posted on

Tendenci Release v12.4.1 & v12.4.2

Wondering which version of Tendenci you’re running? No worries! If you’re hosted with us, software updates are included automatically with every release. All Tendenci sites were upgraded to version 12.4.1 yesterday—and then updated again today to the latest release, 12.4.2.

If you’re hosted with us, there’s nothing to worry about—your site is automatically kept up to date!

These updates include important improvements such as upgrading Django to version 2.2.18. Tendenci is built on the Django framework, and our software support aligns with the official Django Project lifecycle to ensure stability, security, and long-term reliability.

Check out the Tendenci Changelog—a chronological list of user-facing changes made to the Tendenci platform.

Why Managed Hosting with Tendenci?
Got a question or two? We are here to support you!

The Puppy keeps your data safe.

blog.tendenci.com

Posted on

The EU GDPR – the General Data Protection Regulation

Control your AMS with Open Source

RSA Conference in San Francisco
GDPR as seen by a vid from the RSA Conference

The European Union’s General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci “the Company” does not engage in cross site monitoring. It creeps us out a bit.

Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.

It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.

What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?

If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.

For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.

These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.

We are NOT lawyers, Thus it is up to YOU to determine how you manage your data. We do not, nor have we ever, sold client data to third parties.

 

Posted on

Security in the Tendenci SaaS Cloud at AWS

Kibana OSSEC Tendenci

Cyber Security is based on Prevention, Monitoring, and Incident Response

Associations are part of the fabric of society. We take it seriously. And we also understand there are no “perfect” or “completely secure” systems. Not even air-gapped.

To guard our SaaS AMS clients’s sites we use redundant systems. These include SSL encryption, application isolation, containers, layers of AWS (Amazon Web Services) VPC, Security Groups, ACLs, Route53 DNS, custom AMIs, virus scanners, malware scanners, pentesting, auditing and more. All of these activities generate redundant logs which need to be monitored. To do that we run what is called the “ELK Stack” or now the “Elastic Stack“.

Network Monitoring with OSSEC Logstash ElasticSearch and Kibana

Cyber Security starts with Project Management

A Cyber PM, upon initial completion, never ends. It requires constant vigilance. The process of Cyber Security can be further explained as:

  1. Architecture – Start with Security In Mind
  2. Passive Cyber Defense – Systems that are in place
  3. Active Cyber Defense
  4. Cyber Intelligence Gathering
  5. Response

** Note: There is a longer explanation on our site at https://www.tendenci.com/security/

There are many resources available for cyber security training. We encourage you to look them up and take an active role in keeping your web site, company, family and country secure from cyber attacks!

For the expanded full version of the basics of cyber security in the Tendenci SaaS cloud, view at https://www.tendenci.com/security