[Operators] Attacks/Threats and related config attributes

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 4 14:50:47 CST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/4/09 5:48 AM, Wayne Mac Adams wrote:

> I am currently trying to document what Jabber administrators are doing
> with their Jabber servers in terms of configuration and threat
> minimisation, with one of the goals being to try automate this process.
> I am wondering does anyone know where I can get more information like in
> the document I mentioned or does anyone have first hand experience as an
> administrator the types of threats and attacks you would be worried
> about and how you go about avoiding those threats, whether it be through
> configuration or otherwise? And if so are you willing to share your
> knowledge with me :)

XEP-0205 talks about ranges because there are different deployment
scenarios. The threats faced by an XMPP instant messaging service on the
open Internet are different from those faced by an IM service on a
company intranet. Similarly, an XMPP-based service that is not quite so
open-ended (say, FireEagle or BuddyCloud for location data) probably
faces yet other threats. Multi-user chatrooms are attacked in ways that
are uncommon for single user accounts. And so on. It is hard to
generalize about all possible XMPP services. Perhaps you can provide
information about the "profile" you're most interested in?

Peter

- --
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrx6ScACgkQNL8k5A2w/vysNQCg+118H9F4O7a7n5rXU5OPXQpk
hPIAoITtbv170kUTNlmxvV7so4EEYcXf
=Srtx
-----END PGP SIGNATURE-----


More information about the Operators mailing list