Hi, I don’t know about the current set-up, but I have some questions.
On 07/31/2016 05:24 AM, coadde wrote: > Hi guys, i would make some changes in the new server, however i would > propose it to be discussed under consensus first: > > * Remove SSL certificates to be more KISS and adhocratic. Which SSL certificates? If we are talking about packages, I don’t like it when others can watch what software I install. Since Parabola offers a mirror for redirection, my ISP, everybody in my local wireless network and possibly others would see what software and which version I install. > * Use a TOX server as XMPP replacement. In what way is Tox more peer-to-peer than XMPP? > * Use our own DNS server. > * Use NetworkManager (CLI) instead of Netctl. > * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in > anonymous -> "fe80::") I don’t know IPv6 that well; could you explain what you mean by “anonymous”? > * Add firewall Setting up nftables/iptables to block too many SSH connections per minute as described on the Arch wiki seems important anyway. It looks better and simpler than Fail2ban etc. > * Add TOR, DNSCrypt and VPN to increase security. How does a VPN increase security for a server? What do you want to use TOR for? > * Testing against all type of attacks to check our security settings is ok. > Regards, Florian Pelz
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
