[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 11:06:10PM -0700, Adam McKenna wrote:
> On Wed, Apr 18, 2001 at 04:57:50PM -0700, Nathan Dabney wrote:
> > I am sorry, I didn't mean to compare them in seriousness, I was thinking more 
> > along the lines of "having it secure by default is better than installing
> > a hackable system on purpose."
> 
> Yes, but that's assuming that PARANOID makes things more secure.  PARANOID
> can only be as secure as the DNS records it relies on, which is why it should
> be eliminated.

I don't have a problem with it being taken out, as long as something better
replaces it.  Just removing it would bother me.

> > I am a firm believer in the idea that we should aim for secure by default when
> > making decisions like this.  Do you agree?  
> > 
> > For those of you who do not like PARANOID, what would you suggest without
> > reducing the protection?  Does ALL: ALL with some commentary explaining where
> > the user can go for more information sound good?
> 
> No.  We should ask the user during installation what networks he wants to
> allow access from, and force him to enter IP addresses/CIDR blocks.

How about we first ask the user upon install if they want to be able to accept
outside connections at all.

I think this thread could be solved by designing a few types of installs and 
giving defaults for host.deny and host.allow and other security points for each
install scenario.

Example:
	Basic Install - Workstation (no access) 	
		host.deny: ALL: ALL
		
	Basic Install - Workstation (some access)	
		host.deny: ALL: PARANOID (or IPs)
		
	Basic Install - Server (some access)
		host.allow: ALL: ip list for accessible points
		host.deny: ALL: PARANOID (prompt user for preference)

	Expert Install - Asks user what they want, IP based or paranoid or none.

We *need* a "secure by default" install option for people that may want to use
it.  

What does everyone think of a /etc/security.policy file with a few security 
flags set upon install that packages can read during later installs or 
upgrades to see if they should be open or closed by default?

Nathan Dabney
Senior System Administrator
Open Source Development Lab

-=- Debian: 2.2.19 - Total of 8 processors activated (11190.27 BogoMIPS) -=-
Reply to: