Re: secure installation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> thus defeat the purpose). A default firewall simply can't work,
> even if we
> had some way to implement it perfectly for all packages (without
> breaking
> any, which we undoubtedly would).

It all depends on context - I agree that a default firewall for "debian" is stupid, but if you look at the way an OpenBSD box looks when the default install is done, that is my ideal. I happen to prefer the way thing generally are done in debian, but on the initial install, OpenBSD whips any other OS I've seen. It has pf on by default and only allows SSH connections. Ideal.

Would that be a good idea for a workstation? No - nightmare. Is it a good idea for a server? Yes absolutely. Servers, unless they are packaged appliance distros or subdistros, should always have the bare minimum of services and allow SSH only by default.

$.000002

_a

• -- alex black, founder the turing studio, inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGydOsAHZuLuydb2YRAuAsAJ4gdXkilHb7NNUBnC5uKpYoG6VIJACdFZTK Azi/tVYEPnuIAwLX/atPaE8=
=DJ5Y
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek