Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howto:hardening [2014/07/22 16:12] – [Disable Plain Text Protocols] - type-os fix & channeling the inner grammar nazi TINFOILhowto:hardening [2014/07/25 02:29] (current) – Synchronet supports Digest auth now, you don't need to disable the server to disable Basic auth deuce
Line 1: Line 1:
 ====== Hardening the Synchronet Servers ====== ====== Hardening the Synchronet Servers ======
  
-Hardening a system is the process in which an administrator or systems operator reduces the chance an attacker can either gain access or information from a system. It is recommended that systems be hardened to protect your BBS, your users and your self. +Hardening a system is the process in which an administrator or systems operator reduces the chance an attacker can either gain access or information from a system. You may wish to harden your system to protect your BBS, your users and your self. 
  
 ===== Identifing your version of Synchronet ===== ===== Identifing your version of Synchronet =====
Line 19: Line 19:
  
 ===== Settings to Harden ===== ===== Settings to Harden =====
-Some settings I'm proposing to harden include. 
- 
 This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality.. This guide will cover hardening synchronet from a security point of view, as well as an operational security point of view. Sometimes hardening breaks or removes functionality..
  
Line 69: Line 67:
     * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP, with basic auth sessions, could be intercepted     * HTTP with basic auth is not a secure method of transferring information - at any given time it's possible HTTP, with basic auth sessions, could be intercepted
       * Change: Configuration Value       * Change: Configuration Value
-      **Disable Web Server on Win32**: From the //Synchronet Control Panel//Select **Web->Configure** from the top menuon the **General** tabUnCheck **Auto Startup**, then click **OK**.+        In the .ini filein the Web sectionadd (or modify) the Authorization line to read ''Authorization=Digest'' 
 +        Ensure that any webctrl.ini files don't override this value.
  
   * Don't enable NNTP   * Don't enable NNTP