[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Thu, Apr 19, 2001 at 03:33:23AM +0200, Eloi Granado wrote:
> On Thursday 19 April 2001 01:57, Nathan Dabney wrote:
> > For those of you who do not like PARANOID, what would you suggest without
> > reducing the protection?  Does ALL: ALL with some commentary explaining
> > where the user can go for more information sound good?
> Well, and some blinking message lines at boot time warning the new user that 
> his machine is blocking all possible networking, absolutely ISOLATED? What 

You seem to think that:

a.  Anyone installing Debian wants people to connect to their "server".

b.  Pure desktop users who want email, netscape and word perfect don't exist.

c.  Isolation is a bad thing in some way.

In my experience, security is first and functionality is second.  You try and 
balance, you don't give up #1 just in case someone should perhaps want #2 in
a certain way.

> about to remove all networking support by default? So the user will have to 
> learn ALL networking risks before connecting/accepting connections from 
> anywhere (oh yes, he will learn a lot in the way).

This makes as much sense as saying Debian servers first ship with the power off
and are hence unhackable until the User does something.

> What about to ask it at installation time? Wouldn't it be as secure as today 
> and user friendly at the same time?

Bingo.  Install questions that are non-technical for the easy install is 
exactly what we need.

> Be serious, what type of system do we want? One both for users and for 
> servers, or a openbsd alike firewalling (user unfriendly) system?

There is the miscommunication, I don't want to mandate either for the user.  I 
want the user to be able to choose how their system will be.



Reply to: