On 07/30/2016 11:24 PM, coadde wrote: > Hi guys, i would make some changes in the new server, however i would > propose it to be discussed under consensus first: > > * Remove SSL certificates to be more KISS and adhocratic. No idea what this means, but we should keep our TLS certs and all mirrors should be required to have HTTPS. Would also be nice to have a means of verifying the fingerprint of the certs. > * Use a TOX server as XMPP replacement. +1. Simple to use, works on my slow internet, and doesn't require a central server (XMPP does require a centralized server, although it is "federated" meaning we could setup our own. Tox is still more reliable imo.) > * Use our own DNS server. +1, but you have to make sure it isn't publicly accessible otherwise we'll be getting hammered with random reflection attacks. We could include any of the public OpenNIC non-logging servers as default in /etc/resolv.conf. > * Use NetworkManager (CLI) instead of Netctl. Netctl is pretty solid, I no longer use network manager on anything other than my laptop due to the heavy bloatware.
> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in > anonymous -> "fe80::") Not sure what RFID has to do with our Parabola server? But improving IPv6 security sounds good. > * Add firewall +1 - IPTables should be setup to prevent at least basic script-kiddie DDoS attempts. > * Add TOR, DNSCrypt and VPN to increase security. I could see a TOR Hidden Service and/or VPN into the server for developers as being useful. However, unless we are planning to surf around using the main server as a VPN (probably not a good idea?) there isn't much need for DNSCrypt as others mentioned. This can be done client-side. > * Testing against all type of attacks to check our security settings is ok. +1. We should have someone audit the server for any vulnerabilities. > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.parabola.nu/mailman/listinfo/dev
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
