Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Nov 1999 17:51:47 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Warner Losh <imp@village.org>
Cc:        Peter Wemm <peter@netplex.com.au>, Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: ps on 4.0-current
Message-ID:  <383C8823.8438567B@softweyr.com>
References:  <19991124090523.9689C1C6D@overcee.netplex.com.au> <199911241612.JAA20799@harmony.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote:
> 
> In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes:
> : 
> : In a dedicated server role, again it might be appropriate to default
> : it to "open" (dedicated server being something like a squid box),
> : again there will be a couple of sysadmin type users or people who
> : have to monitor things.  Hiding information gains nothing there
> : either.
> 
> I disagree with this, but that is because I've rarely seen a totally
> dedicated server.  A simple fileserver that does nothing else would
> want to be open in this respect since few people have accounts.
> 
> : In other roles, including something like a shell server box with presumably
> : hostile users (you reasonably have to assume this), you want everything you
> : possibly can to be locked down.
> 
> Firewall, dialup boxes, dns servers, etc are good candidates to be
> locked down.

Firewall, web, dns, news, etc. servers are good candidates to be open because 
there should not be any "normal" user accounts on them, only administration 
accounts.  And darned few of those.  I think this is what Peter was getting
at.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?383C8823.8438567B>