Discuss mailing list

[Falk Husemann <josen AT paketsequenz.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I've thought about some of the possible problems the whole day and asked
myself: What could be of use, just in case?

As a first starting point for security interested T1/T2 owners, we could
really try to have a "Secure OpenNIC Configuration" Wiki page where
detailed step-by-step instructions are given to secure your BIND
nameserver. What do you think?

Alex #1 really has good points on what might happen. We could try to
work out a Emergency/Desaster Plan for server owners that they can read
through, if someone really does bad.

This doesn't have to be rocket science, just basic guidelines to point
people at. No "total fort knox we'll shoot you if you blink" things like
"get bgp and nullroute the attackers", but baseline security advice for
intermediate server owners (most of us are, I guess, it's still just a
hobby).

I've worked with and without such things and its a better experience,
when you have a _useful_ Emergency plan, but even a bad one is better
than first having to think about what your options are. Think about
secure configuration like cancer prevention :)

Greets,
Falk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPotd+AAoJEPPG1NATKThtoTIH/0YaRXQEaNUCo1OCHcfU9lWK
7wh3jTJszo0unUh8+KMX4+KuXniaj87xtWtji0f7mNPRHdD6Na+8MIZJXWV4+Buv
XEbTv/fWO94o4DNhgBzH3H9CxrIB/W9kgofYOWVtYCJfXHSgyooNh/Pj2yZ3FfvU
RfyM6XyETTHHs2Ux/2UWUTIl41XtvV12yv7c/oETLG8BZO5x+eYCqEDUARDIqImq
nUI6tM5eKvZwOxUSXM1bDyLDrwKHYmX+ohnPz9DZ9zJ6c8Nispm0crmbMxP7p4VK
VU5tLPdAdG4KxLPo8IWBWL1sw+vbdubFuuBPm2qUoDHlO45jnXRZo03cfPqNpyo=
=tyx8
-----END PGP SIGNATURE-----