Discuss mailing list

[Alex <coyo AT darkdna.net>]

On 5/3/2012 2:07 PM, Falk Husemann wrote:
> Hello,
>
> I've thought about some of the possible problems the whole day and asked
> myself: What could be of use, just in case?
>
> As a first starting point for security interested T1/T2 owners, we could
> really try to have a "Secure OpenNIC Configuration" Wiki page where
> detailed step-by-step instructions are given to secure your BIND
> nameserver. What do you think?
>

Sounds like an excellent idea.

> Alex #1 really has good points on what might happen. We could try to
> work out a Emergency/Desaster Plan for server owners that they can read
> through, if someone really does bad.
>

We should form an Alex club, srsly.

> This doesn't have to be rocket science, just basic guidelines to point
> people at. No "total fort knox we'll shoot you if you blink" things like
> "get bgp and nullroute the attackers", but baseline security advice for
> intermediate server owners (most of us are, I guess, it's still just a
> hobby).
>
> I've worked with and without such things and its a better experience,
> when you have a _useful_ Emergency plan, but even a bad one is better
> than first having to think about what your options are. Think about
> secure configuration like cancer prevention :)
>
> Greets,
> Falk

So it's basically a problem management, rather than seeking any cure? okay.

Attachment: 0xC34ED745.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature