-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/4/09 5:48 AM, Wayne Mac Adams wrote:
> I am currently trying to document what Jabber administrators are doing > with their Jabber servers in terms of configuration and threat > minimisation, with one of the goals being to try automate this process. > I am wondering does anyone know where I can get more information like in > the document I mentioned or does anyone have first hand experience as an > administrator the types of threats and attacks you would be worried > about and how you go about avoiding those threats, whether it be through > configuration or otherwise? And if so are you willing to share your > knowledge with me :) XEP-0205 talks about ranges because there are different deployment scenarios. The threats faced by an XMPP instant messaging service on the open Internet are different from those faced by an IM service on a company intranet. Similarly, an XMPP-based service that is not quite so open-ended (say, FireEagle or BuddyCloud for location data) probably faces yet other threats. Multi-user chatrooms are attacked in ways that are uncommon for single user accounts. And so on. It is hard to generalize about all possible XMPP services. Perhaps you can provide information about the "profile" you're most interested in? Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrx6ScACgkQNL8k5A2w/vysNQCg+118H9F4O7a7n5rXU5OPXQpk hPIAoITtbv170kUTNlmxvV7so4EEYcXf =Srtx -----END PGP SIGNATURE-----
