Date: Thu, 24 Aug 2000 15:54:26 -0600 From: blaine <blaine@denverweb.net> To: "Gooderum, Mark" <mark@JUMPWEB.COM> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: nuking "unsafe" protocols (was Re: Upcoming rc.conf changes not loading certain currently loaded daemons) Message-ID: <39A59992.F42F03EC@denverweb.net> References: <251BF6012D6B4A49A4109B1C3289A7B5BB78@purgatory.jumpweb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Gooderum, Mark" wrote: > Interoperability is critical and although ssh has found its way into > FreeBSD 4.1 as standard, it certainly isn't standard on Windows or > most other Unixen and other OSes. Unless somebody wants to bite the > bullet (and I for one am _not_ interested in trying) and write a > "lockdown_freebsd" script that enables ipfw or ipfilter with some > reasonable defaults, turns off various insecure services (including > NFS...more implicit trust and/or cleartext PW's via pcnfsd) then just > blindly disabling rsh/telnet does little to really impove the security > of the box and does a lot to increase the confusion of the user and > increase the amount of manual configuration the _average_ user needs > to make the box function in the _average_ environment. Umm, why not just use openbsd if security is the primary concern? Blaine To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A59992.F42F03EC>