From owner-freebsd-stable Thu Aug 24 14:54:39 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mail.denverweb.net (xenu.denverweb.net [199.45.153.14]) by hub.freebsd.org (Postfix) with SMTP id 92DFF37B424 for ; Thu, 24 Aug 2000 14:54:37 -0700 (PDT) Received: (qmail 58224 invoked from network); 24 Aug 2000 21:52:34 -0000 Received: from fc-pm3-01.enetis.net (HELO denverweb.net) (208.168.188.160) by xenu.denverweb.net with SMTP; 24 Aug 2000 21:52:34 -0000 Message-ID: <39A59992.F42F03EC@denverweb.net> Date: Thu, 24 Aug 2000 15:54:26 -0600 From: blaine X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "Gooderum, Mark" Cc: freebsd-stable@FreeBSD.ORG Subject: Re: nuking "unsafe" protocols (was Re: Upcoming rc.conf changes not loading certain currently loaded daemons) References: <251BF6012D6B4A49A4109B1C3289A7B5BB78@purgatory.jumpweb.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Gooderum, Mark" wrote: > Interoperability is critical and although ssh has found its way into > FreeBSD 4.1 as standard, it certainly isn't standard on Windows or > most other Unixen and other OSes. Unless somebody wants to bite the > bullet (and I for one am _not_ interested in trying) and write a > "lockdown_freebsd" script that enables ipfw or ipfilter with some > reasonable defaults, turns off various insecure services (including > NFS...more implicit trust and/or cleartext PW's via pcnfsd) then just > blindly disabling rsh/telnet does little to really impove the security > of the box and does a lot to increase the confusion of the user and > increase the amount of manual configuration the _average_ user needs > to make the box function in the _average_ environment. Umm, why not just use openbsd if security is the primary concern? Blaine To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message