Security Standards and Recommendations

From JonDonym Wiki
(Difference between revisions)
Jump to: navigation, search
Line 4: Line 4:
  
 
==== Encrypt the file system of your server ====
 
==== Encrypt the file system of your server ====
We propose Operators to encrypt their server file system before installation. This will prevent an automatic restart of your server, but gives you some protection from possibly manipulating server hosters.
+
We propose operators to encrypt their server file system before installation. This will prevent an automatic restart of your server, but gives you some protection from possibly manipulating server hosters.
  
 
==== Stop and uninstall all other network services ====
 
==== Stop and uninstall all other network services ====
Stop all services that accept connections from the internet. Only SSH and the Mix process should listen to outside connections. (If you do not understand these terms, you should better not run a Mix).
+
Stop all services that accept connections from the Internet. Only SSH and the mix process should listen to outside connections. (If you do not understand these terms you should better not run a mix).
  
 
==== Protect your server against brute force login attacks ====
 
==== Protect your server against brute force login attacks ====
 
For making it harder to hack your server login, use SSH certificates for login or install login protection software like fail2ban or portknocking.
 
For making it harder to hack your server login, use SSH certificates for login or install login protection software like fail2ban or portknocking.

Revision as of 21:49, 23 March 2010

File:En.png File:De.png

Contents

Security Standards and Recommendations

(not ready yet)

Encrypt the file system of your server

We propose operators to encrypt their server file system before installation. This will prevent an automatic restart of your server, but gives you some protection from possibly manipulating server hosters.

Stop and uninstall all other network services

Stop all services that accept connections from the Internet. Only SSH and the mix process should listen to outside connections. (If you do not understand these terms you should better not run a mix).

Protect your server against brute force login attacks

For making it harder to hack your server login, use SSH certificates for login or install login protection software like fail2ban or portknocking.

Personal tools