Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Aug 2000 15:54:26 -0600
From:      blaine <blaine@denverweb.net>
To:        "Gooderum, Mark" <mark@JUMPWEB.COM>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: nuking "unsafe" protocols (was Re: Upcoming rc.conf changes not  loading certain currently loaded daemons)
Message-ID:  <39A59992.F42F03EC@denverweb.net>
References:  <251BF6012D6B4A49A4109B1C3289A7B5BB78@purgatory.jumpweb.com>

next in thread | previous in thread | raw e-mail | index | archive | help
"Gooderum, Mark" wrote:

> Interoperability is critical and although ssh has found its way into
> FreeBSD 4.1 as standard, it certainly isn't standard on Windows or
> most other Unixen and other OSes.  Unless somebody wants to bite the
> bullet (and I for one am _not_ interested in trying) and write a
> "lockdown_freebsd" script that enables ipfw or ipfilter with some
> reasonable defaults, turns off various insecure services (including
> NFS...more implicit trust and/or cleartext PW's via pcnfsd) then just
> blindly disabling rsh/telnet does little to really impove the security
> of the box and does a lot to increase the confusion of the user and
> increase the amount of manual configuration the _average_ user needs
> to make the box function in the _average_ environment.

Umm,  why not just use openbsd if security is the primary concern?

Blaine



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A59992.F42F03EC>