Discuss mailing list

[Dale <dweide9 AT aim.com>]

I like the idea of a "Secure OpenNIC Configuration" Wiki page. But would it be OS specific? As a newb, tinkering with bind in my spare time, I find that ubuntu server just works. I imagine you guys primarily use BSD, correct? I'm good at following instructions, but FreeBSD doesn't seem to play as nicely (for a PC to Linux guy, with no pure Unix experience). It may be that there are enough engineers out there to satisfy OpenNIC's needs. In which case, it is probably best to avoid using amateurs like me. But if it's "All hands on deck!", then I'll need a "kiddie pool" : )

Dale

-----Original Message-----
From: Falk Husemann <josen AT paketsequenz.de>
To: discuss <discuss AT lists.opennicproject.org>
Sent: Thu, May 3, 2012 12:08 pm
Subject: Re: [opennic-discuss] Attack Countermeasures: An Exercise of Paranoia

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I've thought about some of the possible problems the whole day and asked
myself: What could be of use, just in case?

As a first starting point for security interested T1/T2 owners, we could
really try to have a "Secure OpenNIC Configuration" Wiki page where
detailed step-by-step instructions are given to secure your BIND
nameserver. What do you think?

Alex #1 really has good points on what might happen. We could try to
work out a Emergency/Desaster Plan for server owners that they can read
through, if someone really does bad.

This doesn't have to be rocket science, just basic guidelines to point
people at. No "total fort knox we'll shoot you if you blink" things like
"get bgp and nullroute the attackers", but baseline security advice for
intermediate server owners (most of us are, I guess, it's still just a
hobby).

I've worked with and without such things and its a better experience,
when you have a _useful_ Emergency plan, but even a bad one is better
than first having to think about what your options are. Think about
secure configuration like cancer prevention :)

Greets,
Falk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPotd+AAoJEPPG1NATKThtoTIH/0YaRXQEaNUCo1OCHcfU9lWK
7wh3jTJszo0unUh8+KMX4+KuXniaj87xtWtji0f7mNPRHdD6Na+8MIZJXWV4+Buv
XEbTv/fWO94o4DNhgBzH3H9CxrIB/W9kgofYOWVtYCJfXHSgyooNh/Pj2yZ3FfvU
RfyM6XyETTHHs2Ux/2UWUTIl41XtvV12yv7c/oETLG8BZO5x+eYCqEDUARDIqImq
nUI6tM5eKvZwOxUSXM1bDyLDrwKHYmX+ohnPz9DZ9zJ6c8Nispm0crmbMxP7p4VK
VU5tLPdAdG4KxLPo8IWBWL1sw+vbdubFuuBPm2qUoDHlO45jnXRZo03cfPqNpyo=
=tyx8
-----END PGP SIGNATURE-----


--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org