powered by Jive Software

Server Attacks/threats & the relation with configuration attributes

Hi there,

I’m a student studing IT security, I am doing some research into Jabber servers. I am looking at the configurable attributes and researching the possible attacks and the relation between them and the Jabber server attributes.

For example a Denial of Service attack is possible on a Jabber server and a related attribute is the number of simultaneous logins from the same account, a best practise for avoiding a DOS attack would be to limit the number of simultaneous logins( its limited to 2 by default in Openfire).

There is actually a document of best practises for avoiding DOS attacks available from the XMPP standards foundation, http://xmpp.org/extensions/xep-0205.html.

This is exactly the kind of info I am looking for.

I am currently trying to document what Jabber administrators are doing with their Jabber servers in terms of configuration and threat minimisation.

I am wondering does anyone know where any information is available like in the document previously mentioned? Or does any one have experience/insight to share with me with regards the types of threats and attacks you would be worried about and how you go about avoiding those threats, whether it be through configuration or otherwise?

Any help at all is much appreciated,

Thanks

Message was edited by: babo9 - reason : more informative title