[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Working on a security best practices document

Hi all;

I am working on a security best practices document.  I am interested in the following things:

1)  Browser settings and recommendations
2)  Browser plugin recommendations
3)  Other general practices beyond the usual stuff (least privilege, necessary for each user, etc)

I expect this to be important for 1.3 because of major changes in how security is handled.

In general, my current recommendations are:

1)  New and patched Firefox with the NoScript prugin.
2)  Looking into IE8 and anti-clickjacking measures
3)  Recommendations that LedgerSMB is always run over SSL, and that where appropriate SSL client certs are used as a part of 2-factor authentication.
4)  Mozilla script security policies.  I expect a number of these to be cooperatively developed as addons for 1.3.

Any thoughts?

Best Wishes,
Chris Travers