[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: secure installation

On Monday 20 August 2007 10:47, alex black wrote:
> > thus defeat the purpose). A default firewall simply can't work,
> > even if we
> > had some way to implement it perfectly for all packages (without
> > breaking
> > any, which we undoubtedly would).
> It all depends on context - I agree that a default firewall for
> "debian" is stupid, but if you look at the way an OpenBSD box looks
> when the default install is done, that is my ideal. I happen to
> prefer the way thing generally are done in debian, but on the initial
> install, OpenBSD whips any other OS I've seen. It has pf on by
> default and only allows SSH connections. Ideal.
> Would that be a good idea for a workstation? No - nightmare. Is it a
> good idea for a server? Yes absolutely. Servers, unless they are
> packaged appliance distros or subdistros, should always have the bare
> minimum of services and allow SSH only by default.
> $.000002
> _a
> --
> alex black, founder
> the turing studio, inc.

I apologize if what I meant was clear. I declined to include the word 'debian' 
here, because the context is clear from previous posts in the thread.

Excellent point, though. Workstations don't need a firewall. Servers probably 
do. I don't disagree (I wholly agree, actually). However, the typical server 
is set up by someone who knows what they're doing (not someone who would need 
help setting up a firewall), and has specific requirements.

My intention wasn't to say a default firewall can never work, but that it 
can't work for debian, given the community/ideology and existing user-base 
surrounding it.


My GPG Public Key can be found at:
https://www.theanythingbox.com/pgp.htm (top link is current)
I appreciate signatures, but if you only know me online,
please use the --lsign-key, not the --sign-key.
I appreciate trust -- but too much makes it less valuable.

Attachment: pgpN6tgBaPMqp.pgp
Description: PGP signature

Reply to: