Date: Fri, 22 Sep 2000 12:11:25 -0600 From: Brett Glass <brett@lariat.org> To: Dave McKay <dave@mu.org> Cc: Wes Peters <wes@softweyr.com>, nbm@mithrandr.moria.org, security@freebsd.org Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <4.3.2.7.2.20000922120415.00c7bdc0@localhost> In-Reply-To: <20000922021207.A90466@elvis.mu.org> References: <4.3.2.7.2.20000921182152.046d6ee0@localhost> <99016.969437392@winston.osd.bsdi.com> <cjclark@reflexnet.net> <99016.969437392@winston.osd.bsdi.com> <20000920125405.D22272@149.211.6.64.reflexcom.com> <4.3.2.7.2.20000921113652.053d4960@localhost> <20000921210521.A17973@mithrandr.moria.org> <39CA8E45.7DA45048@softweyr.com> <4.3.2.7.2.20000921182152.046d6ee0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:12 AM 9/22/2000, Dave McKay wrote: >SSH is in common use? It is still third party on Linux and Windows, and >Solaris. So are Netscape Navigator, RealPlayer, etc. -- and everyone downloads them! The fact that Microsoft doesn't make one is, IMHO, a good thing. They'd probably insert their own less secure authentication schemes and turn them on by default -- or, worse yet, try to hijack the standard by introducing incompatibilities. > Telnet *IS* however installed by default on every major OS I can >think of. It should not be. It sends passwords in the clear. This is not acceptable on today's Internet. >> I wind up spending hours agonizing over the configuration of every >> FreeBSD install I do, because I have to turn off many of the defaults >> which could potentially compromise security or waste resources. > >This is not healthy. Editing /etc/inetd.conf and /etc/rc.conf shouldn't >take one hours, this sounds like a personal problem. Don't argue ad hominem; it doesn't strengthen your argument and in fact makes it suspect. The fact is that it really CAN take hours to reconfigure FreeBSD to secure it. This includes recompiling the kernel (to get IP Filter in there, save resources, turn off BPF, etc.), editing rc.conf, editing sshd.conf, and much more. >You'll have to forgive me, I don't subscribe to the netbsd or openbsd lists, >but do you suggest these ideas to *BSD? If everyone in the world was straw- >berry then no one would taste good. I fail to see your point. Security is good on ALL platforms, and if the defaults are good and options are offered it can save a great deal of time and frustration. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000922120415.00c7bdc0>