Date: Sat, 25 Mar 2000 02:11:22 +0100 From: Brad Knowles <blk@skynet.be> To: Bob Johnson <bobj@atlantic.net>, Garance A Drosihn <drosih@rpi.edu>, Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Warner Losh <imp@village.org>, audit@FreeBSD.ORG Subject: Re: Portmapper enabled, IPv6 circumvents FW Message-ID: <v0422080fb501c20b6d01@[194.78.234.186]> In-Reply-To: <3.0.6.32.20000324195712.009ab100@rio.atlantic.net> References: <v0421010fb5014bb01bc1@[128.113.24.47]> <Pine.NEB.3.96L.1000324083722.38246A-100000@fledge.watson.org> <v0421010fb5014bb01bc1@[128.113.24.47]> <3.0.6.32.20000324195712.009ab100@rio.atlantic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 7:57 PM -0500 2000/3/24, Bob Johnson wrote: > So, what _I_ would like to see (if something more elaborate is > not feasible) is an install process that includes two basic > choices: (1) set up a workstation, or (2) set up a server. I disagree. When you set up a server, it's usually for a particular service. So, an ftp server doesn't need sendmail, or much of anything else. Likewise, a mail server doesn't need ftp, or much of anything else. I think the "default to all services turned off, then allow the admin to turn on certain selected services" is the best overall way to go. There's just no way we can successfully second-guess what someone is going to want to do with these boxes when they set them up, and there's no sense in us trying to do so. > I'd move this discussion to another list, but I'm not sure > where it belongs. I'm pretty sure it no longer fits audit. Since we're talking about the overall security posture of the OS, if there were a freebsd-security list, than that would probably be it. However, I don't know of such a list that exists, and I think this is probably the next closest thing. If I'm wrong, I hope that someone will be kind enough to provide the correct information. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, <blk@skynet.be> || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v0422080fb501c20b6d01>