On Mon, 2003-08-25 at 05:50, rhldevel(a)assursys.co.uk wrote:
Hi -
I've just done a "complete" install of Taroon on a scratch box, with
iptables firewalling disabled
Realize at this point you are NO longer talking about securing a "stock"
install.
You are now running a "custom" install, the responsibility now rests on
your shoulders. If you remove the installed-by-default air filter from
your automobile, that is your prerogative. Deal with the consequences.
The stock RH install is secure by default. The firewall created at
installation time prohibits ALL inbound connection requests except for
ICMP echo requests (ping).
The firewall created at install time allows ALL outbound connection
requests initiated by the host to work with no problems (this was not
the case in previous RHL versions).
There is an extremely simple UI for the user to manually ENABLE selected
inbound connection requests while leaving the rest of the firewall
intact.
I strongly disagree with claim that very few small and medium business
Linux environments use NFS and instead use Samba.
Leave my daemons required for client-side NFS running by default please.
I'm all for security in-depth, however, a tunnel vision approach to this
results in the end game of setting your default runlevel to 0.
Dax Kelson
Guru Labs