Security memo

From Drafts

Jump to: navigation, search

Contents

1 'Insecure' protocols
2 Spam
3 'Insecure' software
4 User management in irisnet

'Insecure' protocols[edit]

FTP, when possible use sftp (available in gftp, fugu and filezilla)
SMTP and webmails without https
in general, open wifi connections

We have to start using gpg keys. How about a key-signing party? How to secure wifi?

Spam[edit]

~~constant's news is regularily spammed.~~ now migrated to irisnet wordpress.
subscription forms for the mailing list.
map of stitch-and-split
~~wiki, see recent changes.~~ Wiki is now only open for writing to people that have a user registered by the admin.

'Insecure' software[edit]

wiki needs upgrade.
~~wordpress needs upgrade~~ wordpress is autmatically updated and backed up on irisnet.
regular updates on server + router.

User management in irisnet[edit]

~~at the moment, the weblogs share the same database It means if one is cracked all the oters will fall. the same for the wiki.~~.blogs do not share db at the exceptions of two.

~~We need to secure contract with irisnet, too.~~ Done. Date of expiration?

Retrieved from "http://interne.constantvzw.org/index.php?title=Security_memo&oldid=2089"

Website development