From owner-freebsd-security Sun Nov 21 17: 5:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id DFB6B14E3F for ; Sun, 21 Nov 1999 17:05:38 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id CAA01901; Mon, 22 Nov 1999 02:05:33 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id CAA16217; Mon, 22 Nov 1999 02:05:33 +0100 (MET) Date: Mon, 22 Nov 1999 02:05:32 +0100 From: Eivind Eklund To: Mike Tancsa Cc: Nate Williams , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <19991122020532.M602@bitbox.follo.net> References: <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com> <19991120190417.I602@bitbox.follo.net> <199911201808.LAA10767@mt.sri.com> <19991122000209.J602@bitbox.follo.net> <4.1.19991121180544.04252f00@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.1.19991121180544.04252f00@granite.sentex.ca>; from mike@sentex.net on Sun, Nov 21, 1999 at 06:25:38PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Nov 21, 1999 at 06:25:38PM -0500, Mike Tancsa wrote: > At 06:02 PM 11/21/99 , Eivind Eklund wrote: > >Most people do NOT need need network services running when they set up > >a new box. A lot of people get screwed by having extra services they > >do not need. > > > >Most users sit on the console of the box they are installing while > >doing initial setup, and most of those of them that feel they need > >access to the box from the network install ssh as their first thing to > >do in a shell on the box. > > I think a lot of time could be spent trying best effort to protect end > users from themselves (I am not thinking about ISPs here), and users will > eventually either through carelessness or accident install something, or > misconfigure something that will allow their system to be remotely > compromised. But, even if you do disable potentially dangerous services, > there is nothing to prevent the user from fumbling around and re-enabling > it, there by subverting the original intent to protect them. Sure. However, this is something we can never guard against. Let me come with an analogy: Consider FreeBSD as a car. We are presently selling a variant which is pre-trimmed to be able to drive over the median strip (the protective strip between different directions of traffic in a highway), and will do so quite smoothly and automatically, without the driver even intending to do more than get to the gas-station on the other side (and not noticing that he actually ends up crossing through traffic - the windows are made of the same stuff as peril sensitive sunglasses). I consider it reasonable to have the driver flip a switch to be able to drive that way; others consider it reasonable to have the switch enabled by default, saying "Those that don't want the feature can easily turn it off, while newbies may not know how to do so - besides, I drive almost every car I buy across the median strip the moment I get it." (paraphrase). > Perhaps another strategy is just documentation. Add another section > into the security man pages, or even put a reminder in big letters > in the default MOTD reminding new users to understand the > implications of installing certain services on their boxes. > Especially these days when the majority of systems will be on some > sort of potentially hostile network. I think documentation is clearly necessary, but not as the only thing to do. However, I am fairly certain that I am outvoted (or at least outshouted) on the disable-network-services-by-default issue; this does not mean I won't keep giving my support to anybody that want to do this. > The security(7) man page is an excellent guide for somewhat experienced > users. However, for the class of user this thread seems to be talking > about, I think its generally over their heads no ? Would the participants > of this thread see merit in someone undertaking (e.g. me) writing a > security document for a more novice user? Definately! Go for it! Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message