Well, a very striped down version of OpenBSD running off a cd and
freenet's cache being on an encripted disk with a one-time key (ie a
new key is randomly generated at boot) would make setting up a freenet
machine simple, safe, and dificult to update. :-p mmmm, 9 years with
one remote hole....
~Paul

On Thu, 05 Aug 2004 00:23:51 +0200, Zenon Panoussis
<[EMAIL PROTECTED]> wrote:
> 
> Toad wrote:
> 
> >> You have taken extraordinary measures to protect against [the
> >> ftp server being hacked], haven't you?
> 
> > Umm, measures such as..? I don't see how you can defend against the
> > above, really.
> 
> Well, first of all the elementary stuff. No other services on the
> same machine. You don't want your ftp server compromised because
> of a flaw in mailman, or even sendmail, so put that stuff elsewhere.
> Heavy firewalling. IDS. No compiler installed; most hacks begin
> with a compilation. No unnecessary script interpreters; an ftp
> server can live very well (and much longer) without PHP, python,
> perl, java, whathaveyou. A super-lean kernel. A permanently up
> to date system.
> 
> Then the more tedious stuff. Remote syslog. Remote md5sums of every
> file on the machine, regularly checked. A draconic password policy.
> Why not a read-only server running from a CD-ROM?
> 
> And then comes the really difficult part, physical security. A
> gang of angry and hungry dobbermans in the outer perimeter, cobras
> in the server room, tarantulas inside the server itself.
> 
> As a side-dish, network security. If your DNS can be compromised,
> nobody needs to touch your ftp server before they can serve their
> own files from "your" machine. Arp. There is really no way to
> ensure that a visitor to your ftp server won't end up elsewhere,
> but an unpredictable control mechanism can let you know if that
> happens and mitigate the damage.
> 
> > There is one thing though... I think the CVS announcement mails are
> > generated on the client side. They should be generated on the server
> > side. Anyone know how to do this?
> 
> What you mean by "CVS announcements"?
> 
> Z
> 
> --
> Framtiden är som en babianröv, färggrann och full av skit.
>                                       Arne Anka
> _______________________________________________
> Support mailing list
> [EMAIL PROTECTED]
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:[EMAIL PROTECTED]
>
_______________________________________________
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]

Reply via email to