On Mon, 25 Aug 2003, Chris Ricker wrote:
On Mon, 25 Aug 2003 rhldevel(a)assursys.co.uk wrote:
> There's always a trade-off between security and ease-of-use. What proportion
> of the installed base of Linux clients use RPC-based protocols? Not many I'd
> wager, suggesting that the trade-off can be biased towards security, with
> little-to-no impact on the majority of users.
Most Linux client systems, in my experience, are NFS clients and therefore
need portmap, statd, and lockd out-of-the-box.
For libraries, labs, schools and universities, that wouldn't surprise me.
Such organisations generally have good-to-excellent security awareness.
But for small-to-medium businesses (who have the least security awareness
and infrastructure) and home users (similarly), I'd categorically disagree.
If any file/print sharing is happening in these environments, it's usually
SMB based. Samba doesn't get enabled by default, so why the exception for
portmap and rpc.statd?
later,
chris
Best Regards,
Alex.