Opened 8 years ago
Last modified 8 years ago
#884 new defect
Security-critical instructions to data centre support should have integrity
| Reported by: | Sander Maijers | Owned by: | Sander Maijers |
|---|---|---|---|
| Priority: | critical | Milestone: | |
| Component: | System administration | Version: | |
| Keywords: | security | Cc: | Willem Elbers, Dieter Van Uytvanck |
Description
Data integrity is critical for such instructions, which are now mostly sent over e-mail. I would say that there is a practical DoS attack against CLARIN today using social engineering to forge some e-mails, which could take much of the CLARIN infra down within day. (And worse attacks cannot be excluded.)
In case official support web control panels with multifactor auth are not available (as with most academic data centers), we should agree on clear rules of conduct with the affected support staff. One solution would be to cryptographically sign all such e-mails, but that's impractical to do in some webmail interfaces.
Change History (2)
comment:1 Changed 8 years ago by
| Cc: | Willem Elbers Dieter Van Uytvanck added |
|---|
comment:2 Changed 8 years ago by
| Keywords: | security added |
|---|
Note: See
TracTickets for help on using
tickets.
