There are a few security issues I have noticed about debian's installation.
1) No firewall setup during the install process, as it would be a simple
matter to run lokkit at the end of the install I fail to see why this is not
2) Rpfilter and tcp syncookies are not enabled by default. Again this is a
simple correction, and indeed has been mentioned in several open source
linux guides for years.
3) Do we really need portmap, inetd, or nfs running by default on our