From owner-freebsd-arch Mon Jun 26 3:25:26 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mail.bastard.co.uk (node16292.a2000.nl [24.132.98.146]) by hub.freebsd.org (Postfix) with ESMTP id 95D9B37BC7B; Mon, 26 Jun 2000 03:25:21 -0700 (PDT) (envelope-from adrian@bastard.co.uk) Received: from adrian by mail.bastard.co.uk with local (Exim 3.14 #1) id 136W4u-000DCb-00; Mon, 26 Jun 2000 12:25:20 +0200 Date: Mon, 26 Jun 2000 12:25:20 +0200 From: Adrian Chadd To: David O'Brien Cc: arch@freebsd.org Subject: Re: Disabling inetd? Message-ID: <20000626122520.U36017@zoe.bastard.co.uk> References: <20000626053525.U85886@argon.gryphonsoft.com> <20000626115146.S36017@zoe.bastard.co.uk> <20000626031547.J14265@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000626031547.J14265@dragon.nuxi.com>; from obrien@freebsd.org on Mon, Jun 26, 2000 at 03:15:48AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jun 26, 2000, David O'Brien wrote: > On Mon, Jun 26, 2000 at 11:51:46AM +0200, Adrian Chadd wrote: > > If I remember right, the telnet port isn't insecure by itself, only > > open telnet connections. So there really isn't anything to be said > > for killing telnet for 'out of the box security' - if people use > > telnet rather than ssh, they're going to enable it anyway. > > I cannot quite parse what you are saying. What does speaking about a > port's security mean? The telnet service open by itself poses no security risk. The telnet service *in use* is a security risk. I've had some feedback from people saying "why not use the internat crypto dist?" .. thats all nice and good if I'm installing a box that has internet connectivity. however, not all boxes have internet connectivity. Yes, I could toast a CDROM with the added internat crypto distribution and packages to make things work for us non-US people, but its a pain in the ass and sometimes I just want to get the machines -going- and then do remote work later. As to the people saying "You can just enable it after boot!" .. well, you could disable sshd and enable it after boot ... :-) I could validly argue that enabling remote access of any kind by default when non-security- conscious people are installing FreeBSD is a security risk. But then I'd be getting pedantic. :) Adrian -- Adrian Chadd Build a man a fire, and he's warm for the rest of the evening. Set a man on fire and he's warm for the rest of his life. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message