On Tue, Feb 06, 2001 at 03:59:28PM -0800, Erik Hollensbe wrote: > On Tue, Feb 06, 2001 at 04:12:35PM -0600, Nathan E Norman wrote: > > On Tue, Feb 06, 2001 at 11:06:50PM +0100, Andreas Schuldei wrote: > > > * Hamish Moffatt (hamish@debian.org) [010206 23:02]: > > > > Is it still Debian if you replace the user space tools? > > > > Maybe so, but it's not something I would ever use. > > > > > > Wait untill you build a firewall... > > > > So it's your contention that debian is not suited for building > > firewalls? Care to back up this assertion with facts, or are you > > basing it on suppositions? > > I've made this point before, but debian comes installed with 3 very > unneeded services installed by default: > > 1) portmap > 2) mountd > 3) lpd > > These are well known security holes on any unix machine. If you want > debian secure 'out of hte box' then this stuff has to go. I think rpc.statd > is running as well. The whole RPC/NFS suite needs to go for default > installs. You just changed the parameters of the argument. I agree debian is not secure enough out of the box, but the original comment implied that debian was not sufficient for a firewall. Anyone who builds a firewall "out of the box" is probably asking for trouble. -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Inc. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgpwfQ_laemK0.pgp
Description: PGP signature