From owner-freebsd-security Sat Sep 23 5:13:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.218.227.234]) by hub.freebsd.org (Postfix) with ESMTP id 4919E37B43C for ; Sat, 23 Sep 2000 05:13:17 -0700 (PDT) Received: from kew.com (xena.hh.kew.com [192.168.203.148]) by kendra.ne.mediaone.net (Postfix) with ESMTP id 010A78C33 for ; Sat, 23 Sep 2000 08:13:10 -0400 (EDT) Message-ID: <39CC9E56.EC4FDD44@kew.com> Date: Sat, 23 Sep 2000 08:13:10 -0400 From: Drew Derbyshire Organization: Kendra Electronic Wonderworks, Stoneham MA 02180 (http://www.kew.com) X-Mailer: Mozilla 4.73 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: rsh/rlogin (was Re: sysinstall DOESN'T ASK, dangerous defaults!) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Warner> That assumes that your firewall is good and that it can't > Warner> be breached. Working Assumption: Some day, some how, the firewall *will* get breached. > Correct. But that's true for a lot more than just rsh. Good practice dictates security in depth. If for example, ssh is as easy for the end-user to use as rsh (if for example installed as a straight replacement), it reduces your number of holes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message