[DG: Spanish Sakai] Fwd: secure sakai?
Rafael Morales Gamboa
rmorales at suv.udg.mx
Wed May 14 11:36:29 PDT 2014
Interesante. Como suele suceder, se da el balance entre la flexibilidad
y la funcionalidad, por un lado, y la seguridad por el otro. Más
interesante sería saber cómo está la práctica entre nuestras
instituciones. Nosotros al 15%.
El 14/05/2014 07:19 a.m., Diego del Blanco Orobitg escribió:
>
> Para los que no estáis en la lista en inglés...obviamente está en
> inglés... Pero creo que es de gran utilidad para los que queráis
> agregar seguridad a Sakai.
>
> Saludos
>
> ---------- Mensaje reenviado ----------
> De: "Sam Ottenhoff" <ottenhoff at longsight.com
> <mailto:ottenhoff at longsight.com>>
> Fecha: 13/05/2014 12:50
> Asunto: Re: [Building Sakai] secure sakai?
> Para: "Charles Hedrick" <hedrick at rutgers.edu <mailto:hedrick at rutgers.edu>>
> Cc: "sakai dev" <sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>>
>
> * Disable guest access
> * Disable .auth and .anon special roles
> * Implement two-factor auth using Duo or Authy
> * Lockdown DAV access because it can't do 2-factor
> * Remove all webservices access
> * Remove all unused tools (e.g., OSP)
> * Setup some live auditing of Sakai events
> * Prevent IP blocks except from your approved regions from accessing
> the server
> * Use HTTP headers like HSTS
> (http://ibuildings.nl/blog/2013/03/4-http-security-headers-you-should-always-be-using)
> * Connect to a user directory provider that implements user management
> (expire accounts because of inactivity, strong passwords, etc)
>
>
> On Tue, May 13, 2014 at 11:05 AM, Charles Hedrick <hedrick at rutgers.edu
> <mailto:hedrick at rutgers.edu>> wrote:
>
> Does anyone have experience running an instance of Sakai where
> users are allowed to store sensitive information? Any suggestions
> for what to do differently?
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org
> <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
> subject of "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org
> <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a subject
> of "unsubscribe"
>
>
> _______________________________________________
> spanish-sakai mailing list
> spanish-sakai at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/spanish-sakai
>
> TO UNSUBSCRIBE: send email to spanish-sakai-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/spanish-sakai/attachments/20140514/001ee314/attachment.html
More information about the spanish-sakai
mailing list