Date: Mon, 18 Oct 1999 21:56:52 +0000 (GMT) From: "Jason C. Wells" <jcwells@u.washington.edu> To: Paul Hart <hart@iserver.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: General securiy of vanilla install WAS [FreeSSH] Message-ID: <Pine.BSF.4.10.9910182148580.82193-100000@s8-37-26.student.washington.edu> In-Reply-To: <Pine.BSF.4.10.9910180940240.50020-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Oct 1999, Paul Hart wrote: >I feel that the vanilla install strikes a delicate balance between >security and usability. Inexperienced users will have enough running to >see how FreeBSD works without undue exposure, and experienced users have >only a few things to turn off if they're worried about them. I agree with Paul. Compare FreeBSD's approach to OpenBSD and Redhat. OpenBSD is nothing on by default. Redhat has the entire free software universe on by default. I happen to like FreeBSD's approach but so what? In all three cases, it takes me a few minutes to return each system to the correct configuration for my use. Certainly the number of services running can be used as a first look metric when securing a system. How many are turned on by default from "out of the box" is pretty meaningless. :%s/^/# / can secure inetd on any box really quick. :) Thank You, | http://students.washington.edu/jcwells Jason Wells | "Those who would trade freedom for security deserve neither | freedom nor security." - Benjamin Franklin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910182148580.82193-100000>