Date: Sat, 16 Oct 1999 21:30:46 -0700 (PDT) From: tom brown <tmcb1971@yahoo.com> To: freebsd-security@freebsd.org Subject: General securiy of vanilla install WAS [FreeSSH] Message-ID: <19991017043046.5909.rocketmail@web115.yahoomail.com>
next in thread | raw e-mail | index | archive | help
I think we've lost the direction here somewhere. This started as a conversation about 'security'options. I think that FreeBSD is great as a distribution, and it's realy importaint that it's flexable enough to suit us all, including UUCP is clearly a must. But something should be done to allow the less experienced users roll out a box that can sit unprotected on the net. Personal experience has demonstrated that many insecure installs are out there running in production enviroments. People often seem to have the impression that unix is secure, but they don't understand what they need to do to make it that way. If /stand/sysinstall had a checkbox in the install that said "don't run services" that would go a long way to stoping vanilla installs being "cracked" thereby giving the project a bad name. Simple IP filtering would also be a bonus. Commercialy speaking people will start to pay more attention to security in the near future. If the project were to exploit this need it could grab a bigger chunk of the pizza. It's a mean world out there, and FreeBSD is a good contender as security goes, but not straight out of the box! I know of two apache servers running FreeBSD that recieve a hostile packet every 5 seconds. Base-install+apache+IPFW. It took years the engineer 45 Minuits to build them, and 2 Years to learn how.. Tom ===== __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991017043046.5909.rocketmail>