Date: Fri, 22 Sep 2000 02:12:07 -0500 From: Dave McKay <dave@mu.org> To: Brett Glass <brett@lariat.org> Cc: Wes Peters <wes@softweyr.com>, nbm@mithrandr.moria.org, security@freebsd.org Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922021207.A90466@elvis.mu.org> In-Reply-To: <4.3.2.7.2.20000921182152.046d6ee0@localhost>; from brett@lariat.org on Thu, Sep 21, 2000 at 06:32:48PM -0600 References: <99016.969437392@winston.osd.bsdi.com> <cjclark@reflexnet.net> <99016.969437392@winston.osd.bsdi.com> <20000920125405.D22272@149.211.6.64.reflexcom.com> <4.3.2.7.2.20000921113652.053d4960@localhost> <20000921210521.A17973@mithrandr.moria.org> <39CA8E45.7DA45048@softweyr.com> <4.3.2.7.2.20000921182152.046d6ee0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass (brett@lariat.org) wrote: *snip* > Telnet is dangerous and should be disabled now that SSH is in common use > and is not encumbered by patents. sshd should be on unless the user > asks for it not to be. (He or she should still be asked.) SSH is in common use? It is still third party on Linux and Windows, and Solaris. Telnet *IS* however installed by default on every major OS I can think of. > I wind up spending hours agonizing over the configuration of every > FreeBSD install I do, because I have to turn off many of the defaults > which could potentially compromise security or waste resources. This is not healthy. Editing /etc/inetd.conf and /etc/rc.conf shouldn't take one hours, this sounds like a personal problem. > >They rely on firewalls, prayer, or > >abject cluelessness to secure their systems, and that's just fine. > > Windows users do that. FreeBSD users should have it better. uhm.. can't find the words.. > >Have you considered using OpenBSD? It does install with a more secure (i.e. > >"doesn't work for most people") configuration out of the box. > > I have not only considered it -- I've used it quite a bit. On the table > next to me are machines with the latest releases of FreeBSD, NetBSD, > and OpenBSD. You'll have to forgive me, I don't subscribe to the netbsd or openbsd lists, but do you suggest these ideas to *BSD? If everyone in the world was straw- berry then no one would taste good. -- Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@sneakerz.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922021207.A90466>