[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers
pelzflorian (Florian Pelz)
pelzflorian at pelzflorian.de
Sun Jul 31 06:40:11 GMT 2016
I don’t know about the current set-up, but I have some questions.
On 07/31/2016 05:24 AM, coadde wrote:
> Hi guys, i would make some changes in the new server, however i would
> propose it to be discussed under consensus first:
> * Remove SSL certificates to be more KISS and adhocratic.
Which SSL certificates? If we are talking about packages, I don’t like
it when others can watch what software I install. Since Parabola offers
a mirror for redirection, my ISP, everybody in my local wireless network
and possibly others would see what software and which version I install.
> * Use a TOX server as XMPP replacement.
In what way is Tox more peer-to-peer than XMPP?
> * Use our own DNS server.
> * Use NetworkManager (CLI) instead of Netctl.
> * Improve IPv6 security against IoT and RFID (keep link-local IPv6 in
> anonymous -> "fe80::")
I don’t know IPv6 that well; could you explain what you mean by “anonymous”?
> * Add firewall
Setting up nftables/iptables to block too many SSH connections per
minute as described on the Arch wiki seems important anyway. It looks
better and simpler than Fail2ban etc.
> * Add TOR, DNSCrypt and VPN to increase security.
How does a VPN increase security for a server? What do you want to use
> * Testing against all type of attacks to check our security settings is ok.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Dev