[Server-devel] Password-less authentication with moodle (Martin Langhoff)

Greg Smith gregsmitholpc at gmail.com
Mon Oct 6 09:58:49 EDT 2008 

Hi Andres,

I missed one key one.

Have a known clean backup. Add user data to it if you can, but backup 
regularly. Be ready to restore to a clean backup on short notice if you 
are compromised and need to start from scratch.

Thanks,

Greg S

Greg Smith wrote:
> Hi Andres,
> 
> A few comments to get you warmed up. I will ask the current EduBlog team 
> to give you more suggestions and details too.
> 
> 1 - My understanding of the current XS design is that it has one 
> interface visible to the Internet and another visible to the school 
> only. It seems pretty secure that way but it can open up a bunch of 
> security issues if you expose the School side interface to the Internet. 
>  You may need to do that in order to run EduBlog on the Internet so let 
> us know ASAP which services are available on public routed interfaces.
> 
> 2 - Use denyhosts (http://denyhosts.sourceforge.net/) or some other 
> protection against dictionary style attacks on any public facing 
> interfaces.
> 
> 3 - Put an anti-virus tool on the box. e.g. clamAV. Especially if your 
> PHP, Apache, Moodle, SQL services are visible publicly its important to 
> have a second line of defense in case some virus SW gets on the box.
> 
> 4 - Run a port scan yourself (e.g. Nessus). Also, watch and protect 
> yourself against being port scanned by an attacker.
> 
> Those are some suggestion off the top of my head.  I'll try to collect 
> all suggestions from EduBlog round 1 and get those to you as well.
> 
> HTHs.
> 
> Thanks,
> 
> Greg S
> 
> ************
> 
> Date: Sun, 5 Oct 2008 14:52:25 +1300 From: "Martin Langhoff" 
> <martin.langhoff at gmail.com> Subject: Re: [Server-devel] Password-less 
> authentication with moodle To: " Andr?s Ambrois " 
> <andresambrois at gmail.com> Cc: server-devel at lists.laptop.org Message-ID: 
> <46a038f90810041852y7ba08ddcv4d1f0595ca82926a at mail.gmail.com> 
> Content-Type: text/plain; charset=ISO-8859-1 On Sun, Oct 5, 2008 at 5:29 
> AM, Andr?s Ambrois <andresambrois at gmail.com> wrote:
>  >> >> - What's your timeframe?
>  > >
>  > > The timeframe for our project is 5 weeks starting from last 
> Wednesday, in
>  > > which I need to cover the interface (Moodle and Wordpress theming), 
> course
>  > > configuration, authentication, modifying Write to enable blog 
> posting, and
>  > > document all this for a manual.
> 
> Ouch - that's very tight!
> 
>  > > I'm glad I wasn't that far off  :) . Are these required 
> modifications documented
>  > > somewhere?
> 
> Not yet. We're finishing off 0.5 - will be looking into this for 0.6
> or 0.7, not too far away, unlikely to be "done" in the next 5 weeks
> either :-/
> 
> cheers,
> 
> 
> 
> m
>

More information about the Server-devel mailing list