Hi Andres, A few comments to get you warmed up. I will ask the current EduBlog team to give you more suggestions and details too.
1 - My understanding of the current XS design is that it has one interface visible to the Internet and another visible to the school only. It seems pretty secure that way but it can open up a bunch of security issues if you expose the School side interface to the Internet. You may need to do that in order to run EduBlog on the Internet so let us know ASAP which services are available on public routed interfaces. 2 - Use denyhosts (http://denyhosts.sourceforge.net/) or some other protection against dictionary style attacks on any public facing interfaces. 3 - Put an anti-virus tool on the box. e.g. clamAV. Especially if your PHP, Apache, Moodle, SQL services are visible publicly its important to have a second line of defense in case some virus SW gets on the box. 4 - Run a port scan yourself (e.g. Nessus). Also, watch and protect yourself against being port scanned by an attacker. Those are some suggestion off the top of my head. I'll try to collect all suggestions from EduBlog round 1 and get those to you as well. HTHs. Thanks, Greg S ************ Date: Sun, 5 Oct 2008 14:52:25 +1300 From: "Martin Langhoff" <[EMAIL PROTECTED]> Subject: Re: [Server-devel] Password-less authentication with moodle To: " Andr?s Ambrois " <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 On Sun, Oct 5, 2008 at 5:29 AM, Andr?s Ambrois <[EMAIL PROTECTED]> wrote: >> >> - What's your timeframe? > > > > The timeframe for our project is 5 weeks starting from last Wednesday, in > > which I need to cover the interface (Moodle and Wordpress theming), course > > configuration, authentication, modifying Write to enable blog posting, and > > document all this for a manual. Ouch - that's very tight! > > I'm glad I wasn't that far off :) . Are these required modifications documented > > somewhere? Not yet. We're finishing off 0.5 - will be looking into this for 0.6 or 0.7, not too far away, unlikely to be "done" in the next 5 weeks either :-/ cheers, m _______________________________________________ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
