[Server-devel] Password-less authentication with moodle (Martin Langhoff)

Greg Smith gregsmitholpc at gmail.com
Mon Oct 6 09:56:30 EDT 2008 

Hi Andres,

A few comments to get you warmed up. I will ask the current EduBlog team 
to give you more suggestions and details too.

1 - My understanding of the current XS design is that it has one 
interface visible to the Internet and another visible to the school 
only. It seems pretty secure that way but it can open up a bunch of 
security issues if you expose the School side interface to the Internet. 
  You may need to do that in order to run EduBlog on the Internet so let 
us know ASAP which services are available on public routed interfaces.

2 - Use denyhosts (http://denyhosts.sourceforge.net/) or some other 
protection against dictionary style attacks on any public facing interfaces.

3 - Put an anti-virus tool on the box. e.g. clamAV. Especially if your 
PHP, Apache, Moodle, SQL services are visible publicly its important to 
have a second line of defense in case some virus SW gets on the box.

4 - Run a port scan yourself (e.g. Nessus). Also, watch and protect 
yourself against being port scanned by an attacker.

Those are some suggestion off the top of my head.  I'll try to collect 
all suggestions from EduBlog round 1 and get those to you as well.

HTHs.

Thanks,

Greg S

************

Date: Sun, 5 Oct 2008 14:52:25 +1300 From: "Martin Langhoff" 
<martin.langhoff at gmail.com> Subject: Re: [Server-devel] Password-less 
authentication with moodle To: " Andr?s Ambrois " 
<andresambrois at gmail.com> Cc: server-devel at lists.laptop.org Message-ID: 
<46a038f90810041852y7ba08ddcv4d1f0595ca82926a at mail.gmail.com> 
Content-Type: text/plain; charset=ISO-8859-1 On Sun, Oct 5, 2008 at 5:29 
AM, Andr?s Ambrois <andresambrois at gmail.com> wrote:
 >> >> - What's your timeframe?
 > >
 > > The timeframe for our project is 5 weeks starting from last 
Wednesday, in
 > > which I need to cover the interface (Moodle and Wordpress theming), 
course
 > > configuration, authentication, modifying Write to enable blog 
posting, and
 > > document all this for a manual.

Ouch - that's very tight!

 > > I'm glad I wasn't that far off  :) . Are these required 
modifications documented
 > > somewhere?

Not yet. We're finishing off 0.5 - will be looking into this for 0.6
or 0.7, not too far away, unlikely to be "done" in the next 5 weeks
either :-/

cheers,



m

More information about the Server-devel mailing list