Difference between revisions of "Security memo"

From Drafts
Jump to: navigation, search
('Unsecure' protocols)
(User management in irisnet)
 
(3 intermediate revisions by the same user not shown)
Line 11: Line 11:
 
== Spam ==
 
== Spam ==
  
* constant's news is regularily spammed.
+
* <strike>constant's news is regularily spammed. </strike> now migrated to irisnet wordpress.
 
* subscription forms for the mailing list.
 
* subscription forms for the mailing list.
 
* map of stitch-and-split
 
* map of stitch-and-split
 
* <strike>wiki, see recent changes.</strike> Wiki is now only open for writing to people that have a user registered by the admin.
 
* <strike>wiki, see recent changes.</strike> Wiki is now only open for writing to people that have a user registered by the admin.
  
== 'Unsecure' software ==
+
== 'Insecure' software ==
  
 
* wiki needs upgrade.
 
* wiki needs upgrade.
* wordpress needs upgrade.
+
* <strike>wordpress needs upgrade </strike> wordpress is autmatically updated and backed up on irisnet.
 
* regular updates on server + router.
 
* regular updates on server + router.
  
 
== User management in irisnet ==
 
== User management in irisnet ==
  
* at the moment, the weblogs share the same database. It means if one is cracked all the oters will fall. the same for the wiki. We need to create user accounts for irisnet, it will involve changes in urls, etc. We need to secure contract with irisnet, too.
+
* <strike>at the moment, the weblogs share the same database It means if one is cracked all the oters will fall. the same for the wiki.</strike>.blogs do not share db at the exceptions of two.
 +
 
 +
* <strike>We need to secure contract with irisnet, too.</strike> Done. Date of expiration?

Latest revision as of 16:16, 18 September 2006

'Insecure' protocols[edit]

  • FTP, when possible use sftp (available in gftp, fugu and filezilla)
  • SMTP and webmails without https
  • in general, open wifi connections

We have to start using gpg keys. How about a key-signing party? How to secure wifi?

Spam[edit]

  • constant's news is regularily spammed. now migrated to irisnet wordpress.
  • subscription forms for the mailing list.
  • map of stitch-and-split
  • wiki, see recent changes. Wiki is now only open for writing to people that have a user registered by the admin.

'Insecure' software[edit]

  • wiki needs upgrade.
  • wordpress needs upgrade wordpress is autmatically updated and backed up on irisnet.
  • regular updates on server + router.

User management in irisnet[edit]

  • at the moment, the weblogs share the same database It means if one is cracked all the oters will fall. the same for the wiki..blogs do not share db at the exceptions of two.
  • We need to secure contract with irisnet, too. Done. Date of expiration?