Date: Thu, 23 Mar 2000 20:34:13 +0100 From: Brad Knowles <blk@skynet.be> To: Warner Losh <imp@village.org>, "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: FreeBSD Audit List <freebsd-audit@FreeBSD.ORG> Subject: Re: Portmapper enabled, IPv6 circumvents FW Message-ID: <v0422080cb5002170b286@[195.238.1.121]> In-Reply-To: <200003231923.MAA42847@harmony.village.org> References: <38DA6D77.FB93FC36@vangelderen.org> <200003231923.MAA42847@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:23 PM -0700 2000/3/23, Warner Losh wrote: > I've been sent patches that make *ALL* network services off by > default. I'm thinking seriously about committing them to at least > -current and maybe to -stable also. These patches also hack > sysinstall to enable them in /etc/rc.conf so as to not effectively > change our system defaults. I would like very much to see these patches get committed, so that the box tends to be secure by default out-of-the-box, and then you turn on the additional features you want/need. I know that this may make the system a bit harder to use, but I think that's a better alternative than making the boxes easier to DoS or break into by default. Myself, after I've got a machine done with the initial install, I go through and turn off virtually everything, before I start adding stuff. If I can install from CD, that means I don't even connect the network until the base OS is on the box and I've turned off everything I possibly can. It would be nice for me if this installation procedure were a little easier to do, because that's the way the OS installs out-of-the-box. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, <blk@skynet.be> || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v0422080cb5002170b286>