From owner-freebsd-security  Sat Oct 16 21:33:16 1999
Delivered-To: freebsd-security@freebsd.org
Received: from web115.yahoomail.com (web115.yahoomail.com [205.180.60.88])
	by hub.freebsd.org (Postfix) with SMTP id 1BBC314FB7
	for <freebsd-security@freebsd.org>; Sat, 16 Oct 1999 21:33:09 -0700 (PDT)
	(envelope-from tmcb1971@yahoo.com)
Message-ID: <19991017043046.5909.rocketmail@web115.yahoomail.com>
Received: from [207.215.8.122] by web115.yahoomail.com; Sat, 16 Oct 1999 21:30:46 PDT
Date: Sat, 16 Oct 1999 21:30:46 -0700 (PDT)
From: tom brown <tmcb1971@yahoo.com>
Subject: General securiy of vanilla install WAS [FreeSSH]
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I think we've lost the direction here somewhere. 
This started as a conversation about
'security'options.

I think that FreeBSD is great as a distribution, and
it's realy importaint that it's flexable enough to 
suit us all, including UUCP is clearly a must.

But something should be done to allow the less
experienced users roll out a box that can sit
unprotected on the net.  Personal experience has 
demonstrated that many insecure installs are out there

running in production enviroments.  People often seem
to have the impression that unix is secure, but they 
don't understand what they need to do to make it that 
way.
 
If /stand/sysinstall had a checkbox in the install
that
said "don't run services" that would go a long way to 
stoping vanilla installs being "cracked" thereby
giving 
the project a bad name.  Simple IP filtering would
also 
be a bonus. 

Commercialy speaking people will start to pay more
attention to security in the near future.  If the
project were to exploit this need it could grab a
bigger chunk of the pizza.

It's a mean world out there, and FreeBSD is a good 
contender as security goes, but not straight out 
of the box!

I know of two apache servers running FreeBSD that 
recieve a hostile packet every 5 seconds.
Base-install+apache+IPFW.  It took years the engineer
45 Minuits to build them, and 2 Years to learn how..

Tom

=====

__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message