I see security suggestions all over the place. How about IPS producing a list of things that we as customers can do to protect our systems. Obviously, number 1 would be to -
* Upgrade to the latest version when it becomes available.
* What about the permissions for IPS hosted customers? (which we seem to have lost control over)
* What about permissions for non-IPS hosted customers? Recommendations from IPS would be nice.
* What type of files do we restrict in the ACP from being uploaded/accessed in the uploads folder?
* The largest group of hackers seem to be .ru based. Block (for now) all .ru email registrations?
* What mods seem to make our systems more vulnerable?
* What type of things should we be looking for as we "float along" out here?
* .... add the numerous others that I haven't mentioned.
How about treating this list as a "living document" and email your customers with it when the world changes, as it surely will?
I'm not looking for answers in this topic. I'd like to see this as a permanent part of our IPS experience. Thanks.
Full Version: Customer Security Precautions
QUOTE
* Upgrade to the latest version when it becomes available.
That's obvious.
QUOTE
* What about the permissions for IPS hosted customers? (which we seem to have lost control over)
IPS probably take care of that one.
QUOTE
* What about permissions for non-IPS hosted customers? Recommendations from IPS would be nice.
Documentation tells you what to do in respect to this.
QUOTE
* What type of files do we restrict in the ACP from being uploaded/accessed in the uploads folder?
You can't compromise the security of IPB by uploading files using the standard method.
QUOTE
* The largest group of hackers seem to be .ru based. Block (for now) all .ru email registrations?
Those hackers might concoct a mischievous plan to circumvent this measure: use email addresses not ending in .ru.
QUOTE
* What mods seem to make our systems more vulnerable?
The ones with exploits?
QUOTE
* What type of things should we be looking for as we "float along" out here?
Are you on acid? Kidding, kidding
All that is really needed is to check the updates forum occasionally and read in there.
I think this is a good idea.
Where would this be?
QUOTE
Documentation tells you what to do in respect to this.
Where would this be?
QUOTE(augenj @ May 13 2006, 09:48 AM) 
I see security suggestions all over the place. How about IPS producing a list of things that we as customers can do to protect our systems. Obviously, number 1 would be to -
* Upgrade to the latest version when it becomes available.
That is why there is an "Update Available" icon in the ACP, and why we try to email our customers after a patch is released. It is always important to upgrade.
* What about the permissions for IPS hosted customers? (which we seem to have lost control over)
If hosting customers don't have control of this, then it should be a moot issue - our technicians will take care of it.
* What about permissions for non-IPS hosted customers? Recommendations from IPS would be nice.
This is in the install guide already. From the zip, Documentation/Installation Guide/install_guide.html - click "Structure and CHMOD" at the top.
* What type of files do we restrict in the ACP from being uploaded/accessed in the uploads folder?
This is up to you - IPB renames "bad" files already, so this will never be a problem anyways. Though don't allow members to post HTML, as that can lead to bad stuff if they are intent on causing harm.
* The largest group of hackers seem to be .ru based. Block (for now) all .ru email registrations?
I consider this discrimination in all honesty. Just because *some* hackers are Russian, or in recent months more Russians seem to be leaving their mark, doesn't mean you should block all Russians from any given site. It's up to each admin, but I think this idea is ludicrous. As ellawalla pointed out - they could just use a gmail, msn, yahoo, etc. email address anyways.
* What mods seem to make our systems more vulnerable?
We don't support or monitor modifications to make this information available.
* What type of things should we be looking for as we "float along" out here?
This is not a question we could easily answer....
* .... add the numerous others that I haven't mentioned.
How about treating this list as a "living document" and email your customers with it when the world changes, as it surely will?
I'm not looking for answers in this topic. I'd like to see this as a permanent part of our IPS experience. Thanks.
* Upgrade to the latest version when it becomes available.
That is why there is an "Update Available" icon in the ACP, and why we try to email our customers after a patch is released. It is always important to upgrade.
* What about the permissions for IPS hosted customers? (which we seem to have lost control over)
If hosting customers don't have control of this, then it should be a moot issue - our technicians will take care of it.
* What about permissions for non-IPS hosted customers? Recommendations from IPS would be nice.
This is in the install guide already. From the zip, Documentation/Installation Guide/install_guide.html - click "Structure and CHMOD" at the top.
* What type of files do we restrict in the ACP from being uploaded/accessed in the uploads folder?
This is up to you - IPB renames "bad" files already, so this will never be a problem anyways. Though don't allow members to post HTML, as that can lead to bad stuff if they are intent on causing harm.
* The largest group of hackers seem to be .ru based. Block (for now) all .ru email registrations?
I consider this discrimination in all honesty. Just because *some* hackers are Russian, or in recent months more Russians seem to be leaving their mark, doesn't mean you should block all Russians from any given site. It's up to each admin, but I think this idea is ludicrous. As ellawalla pointed out - they could just use a gmail, msn, yahoo, etc. email address anyways.
* What mods seem to make our systems more vulnerable?
We don't support or monitor modifications to make this information available.
* What type of things should we be looking for as we "float along" out here?
This is not a question we could easily answer....
* .... add the numerous others that I haven't mentioned.
How about treating this list as a "living document" and email your customers with it when the world changes, as it surely will?
I'm not looking for answers in this topic. I'd like to see this as a permanent part of our IPS experience. Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.