RH Taroon Beta Open Ports

Felipe Alfaro Solana felipe_alfaro at linuxmail.org
Mon Aug 25 19:42:19 UTC 2003


On Mon, 2003-08-25 at 20:41, David T Hollis wrote:

> Wrong.  Security in-depth is the answer.
> 
> Good - IP ports are firewalled
> Better - application is not running
> Best - application is not even installed

I agree 500% ...
If we can:

1. We shouldn't even install portmap or nfs-utils
2. If we can't do 1, then disable portmap and nfs*
3. If we can't achieve neither 1 nor 2, make them bind to localhost
4. Else, enable firewall by default and get picky if the user tries to
disable it.





More information about the devel mailing list