On Mon, 2003-08-25 at 20:41, David T Hollis wrote:
Wrong. Security in-depth is the answer.
Good - IP ports are firewalled
Better - application is not running
Best - application is not even installed
I agree 500% ...
If we can:
1. We shouldn't even install portmap or nfs-utils
2. If we can't do 1, then disable portmap and nfs*
3. If we can't achieve neither 1 nor 2, make them bind to localhost
4. Else, enable firewall by default and get picky if the user tries to
disable it.