[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers

pelzflorian (Florian Pelz) pelzflorian at pelzflorian.de
Sun Jul 31 06:40:11 GMT 2016


I don’t know about the current set-up, but I have some questions.

On 07/31/2016 05:24 AM, coadde wrote:
> Hi guys, i would make some changes in the new server, however i would
> propose it to be discussed under consensus first:
> * Remove SSL certificates to be more KISS and adhocratic.

Which SSL certificates? If we are talking about packages, I don’t like
it when others can watch what software I install. Since Parabola offers
a mirror for redirection, my ISP, everybody in my local wireless network
and possibly others would see what software and which version I install.

> * Use a TOX server as XMPP replacement.

In what way is Tox more peer-to-peer than XMPP?

> * Use our own DNS server.
> * Use NetworkManager (CLI) instead of Netctl.
> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in
> anonymous -> "fe80::")

I don’t know IPv6 that well; could you explain what you mean by “anonymous”?

> * Add firewall

Setting up nftables/iptables to block too many SSH connections per
minute as described on the Arch wiki seems important anyway. It looks
better and simpler than Fail2ban etc.

> * Add TOR, DNSCrypt and VPN to increase security.

How does a VPN increase security for a server? What do you want to use
TOR for?

> * Testing against all type of attacks to check our security settings is ok.

Florian Pelz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20160731/50541a3d/attachment.sig>

More information about the Dev mailing list