[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Working on a security best practices document

Hash: SHA1

>>>>> "Chris" == Chris Travers <..hidden..> writes:
    Chris> I am working on a security best practices document.  I am interested in the
    Chris> following things:

    Chris> 1)  Browser settings and recommendations
    Chris> 2)  Browser plugin recommendations
    Chris> 3)  Other general practices beyond the usual stuff (least privilege,
    Chris> necessary for each user, etc)

I recommend that the browser/profile that you use for financial things
not be your default browser.   I am a (debian)Linux user, I've used
galeon/epiphany and now chrome as my default browser over 10 years,  but
during that time, I've kept the "mozilla" (not firefox) instance around 
to talk to my banking web site and to SQL-ledger.

firefox has relatively good support for profiles, but it's rather easy
to get a new window/tab opened up in the wrong profile by mistake.

Chrome in "application" mode might also be useful.

    Chris> 1)  New and patched Firefox with the NoScript prugin.
    Chris> 2)  Looking into IE8 and anti-clickjacking measures
    Chris> 3)  Recommendations that LedgerSMB is always run over SSL,
    Chris> and that where appropriate SSL client certs are used as a
    Chris> part of 2-factor authentication. 

It would be great if there was a simple SSL client side cert system.
I would be willing to put together some scripts and rpm/deb-ify them.
But, it needs hooks into the administrative interface to generate them.

    Chris> 4)  Mozilla script security policies.  I expect a number of
    Chris> these to be cooperatively developed as addons for 1.3.

What do you have in mind here?

SSL is not really the panacea people think it is.
I say this as the author of numerous network encryption systems and RFCs.

I'd rather we spent time on:
    a) a good dump/restore/"fsck" program that can be used to
       validate that data is still good.

    b) auditing tools, including ones that stream a transaction log
       to another system. I think 1.3 has better audit history, but I
       haven't been able to look under the cover of 1.3 yet.
       I think 1.3 has much better RBAC.
       One thing I'd like is the ability to give myself lower access
       control, and like the bank tellers do, enter "overrides"...
       Or do provisional transactions that must be approved.

    c) column encryption of certain data.  
       We don't have much in the way of payroll stuff yet, but I'll
       want to store the person's SSN/SIN in the employee/vendor page.
       There might be other things that should never appear in the clear
       in a database dump.

- -- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] ..hidden.. http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Finger me for keys