RH Taroon Beta Open Ports

rhldevel at assursys.co.uk rhldevel at assursys.co.uk
Tue Aug 26 10:15:37 UTC 2003


On Tue, 26 Aug 2003, Dax Kelson wrote:

> On Mon, 2003-08-25 at 09:27, rhldevel at assursys.co.uk wrote:
> > Which local processes? We've already heard about sgi_fam, and we already
> > know about NIS and NFS, but is this really worth leaving it listening on
> > external interfaces in a _default_ install?
> 
> Incorrect.
> 
> You are forgetting what you yourself stated in the message that started
> this whole thread.
> 
> You said, "I've just done a "complete" install of Taroon on a scratch
> box, with iptables firewalling disabled."
> 
> We/you are NOT talking about a _default_ install.
> 
> The whole premise for this entire discussion is flawed.

Read one of my later posts where I explain that I believe that a number of
inexperienced users will disable the firewall either fearing it will cause
unknown breakage, or leave it as "something to configure once I've got the
machine working".

Regardless, through experience, I'm a firm believer in defense-in-depth, and
nothing will change that belief.

I think I've said all I can on the topic now. Red Hat can choose to do
whatever they wish, and I'll continue to disable unnecessary services
regardless of whether they're firewalled. But if they continue to ship OSs
with unnecessary services running, they may end up regretting this
discussion... (not a threat, just a prediction - my hat is white!) 

> Dax Kelson

Best Regards,
Alex.





More information about the devel mailing list