From owner-freebsd-security  Mon Oct 18 10: 0:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from s8-37-26.student.washington.edu (S8-37-26.student.washington.edu [128.208.37.26])
	by hub.freebsd.org (Postfix) with ESMTP id 9BDE614F31
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Oct 1999 10:00:10 -0700 (PDT)
	(envelope-from jcwells@u.washington.edu)
Received: from localhost (jcw@localhost)
	by s8-37-26.student.washington.edu (8.9.3/8.9.3) with ESMTP id VAA82229;
	Mon, 18 Oct 1999 21:56:52 GMT
	(envelope-from jcwells@u.washington.edu)
X-Authentication-Warning: s8-37-26.student.washington.edu: jcw owned process doing -bs
Date: Mon, 18 Oct 1999 21:56:52 +0000 (GMT)
From: "Jason C. Wells" <jcwells@u.washington.edu>
X-Sender: jcw@s8-37-26.student.washington.edu
Reply-To: "Jason C. Wells" <jcwells@u.washington.edu>
To: Paul Hart <hart@iserver.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: General securiy of vanilla install WAS [FreeSSH]
In-Reply-To: <Pine.BSF.4.10.9910180940240.50020-100000@anchovy.orem.iserver.com>
Message-ID: <Pine.BSF.4.10.9910182148580.82193-100000@s8-37-26.student.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 18 Oct 1999, Paul Hart wrote:

>I feel that the vanilla install strikes a delicate balance between
>security and usability.  Inexperienced users will have enough running to
>see how FreeBSD works without undue exposure, and experienced users have
>only a few things to turn off if they're worried about them.

I agree with Paul. Compare FreeBSD's approach to OpenBSD and Redhat.
OpenBSD is nothing on by default. Redhat has the entire free software
universe on by default. I happen to like FreeBSD's approach but so what?

In all three cases, it takes me a few minutes to return each system to the
correct configuration for my use.

Certainly the number of services running can be used as a first look
metric when securing a system. How many are turned on by default from "out
of the box" is pretty meaningless. :%s/^/# / can secure inetd on any box
really quick. :)

Thank You, 	| http://students.washington.edu/jcwells
Jason Wells	| "Those who would trade freedom for security deserve neither
		| freedom nor security." - Benjamin Franklin



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message