1729
Comment:
|
2040
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
== Encryption == The shell server only accepts encrypted logins via [[SSH]] (only protocol version 2 is allowed). Make sure to chech the key fingerprint the first time you log in via SSH: [[Info/SSH_Servers|SSH Server Fingerprints]]. Normal non-encrypted FTP is not supported, instead [[SFTP]] from the OpenSSH package is used to transfer files to and from the shell server. Sensitive webpages such as phpMyAdmin and Webmail are only available over HTTPS, and the wiki and blog are optionally available over HTTPS. The certificate is signed by CAcert, which is not included by default in most browsers. Instead you have to install the CAcert root certificate in your browser: http://wiki.cacert.org/wiki/BrowserClients |
|
Line 5: | Line 12: |
Do not use the same password for your shell account as you use for other services. Especially not services that communicate over non-secure protocols like most connections via IRC. | Do not use the same password for your shell account as you use for other services, especially those that communicate over non-secure protocols like IRC or webpages. |
Line 9: | Line 16: |
== Phising and trust == Phising is starting to become a more eminent threat, therefore I've decided to make some policies about how communication with users regarding sensitive information (passwords) should be handled |
== Phishing and trust == No one at Blinkenshell will ever ask you for your password. Do not ''ever'' give away your password, not even to someone saying he/she is an admin. |
Line 12: | Line 19: |
Firstly, all messages sent by me to users will always start with a ''personal'' greeting. It will say "Hi George" if your name is george, never trust emails from me without this personal greeting. | On IRC, there often is no really good way to protect your nickname, so anyone can use anyone else's nickname. Don't trust someone to be an admin just because of the username. Check things like connecting host and if the user is identified with NickServ. |
Line 14: | Line 21: |
Secondly, I will always send an OpenPGP signature with all my emails. If you do not know what OpenPGP is, you can read more about it at Wikipedia: http://en.wikipedia.org/wiki/OpenPGP | Emails can be sent from addresses other than one's own, so don't trust emails asking you to reply with your password or similar just because the sender address is from a trusted domain. |
Line 16: | Line 23: |
You can download my OpenPGP public key signature on my personal page: JohanMarcusson. You can not ''fully'' trust this however, since you downloaded it over the internet. But I'll make sure that no one else publishes an OpenPGP signature on this website trying to say it's mine. | Use common sense and a certain ammount of paranoia and you will be all right :-) |
Line 18: | Line 25: |
Communication that is not regarding sensitive information like passwords might not be signed. Also, automatically sent information like the email activation step in the signup program does not currently send signed messages. | == Read more == * Pretty Good Privacy (PGP): http://en.wikipedia.org/wiki/Pretty_Good_Privacy * Gnu Privacy Guard (GPG, Gnu PGP-thingy): http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html |
Line 20: | Line 29: |
Lastly, I will never ask you to enter your password for the shell on any form on any website, especially not over a non-secure connection. | |
Line 22: | Line 30: |
Read more http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html |
---- CategoryInfo |
Security
Here you can find some general information and pointers about security in general and more specifically Blinkenshell.
Encryption
The shell server only accepts encrypted logins via SSH (only protocol version 2 is allowed). Make sure to chech the key fingerprint the first time you log in via SSH: SSH Server Fingerprints.
Normal non-encrypted FTP is not supported, instead SFTP from the OpenSSH package is used to transfer files to and from the shell server.
Sensitive webpages such as phpMyAdmin and Webmail are only available over HTTPS, and the wiki and blog are optionally available over HTTPS. The certificate is signed by CAcert, which is not included by default in most browsers. Instead you have to install the CAcert root certificate in your browser: http://wiki.cacert.org/wiki/BrowserClients
Passwords
Do not use the same password for your shell account as you use for other services, especially those that communicate over non-secure protocols like IRC or webpages.
Also, check out our password policy: PasswordPolicy
Phishing and trust
No one at Blinkenshell will ever ask you for your password. Do not ever give away your password, not even to someone saying he/she is an admin.
On IRC, there often is no really good way to protect your nickname, so anyone can use anyone else's nickname. Don't trust someone to be an admin just because of the username. Check things like connecting host and if the user is identified with NickServ.
Emails can be sent from addresses other than one's own, so don't trust emails asking you to reply with your password or similar just because the sender address is from a trusted domain.
Use common sense and a certain ammount of paranoia and you will be all right
Read more
Pretty Good Privacy (PGP): http://en.wikipedia.org/wiki/Pretty_Good_Privacy
Gnu Privacy Guard (GPG, Gnu PGP-thingy): http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html