F21 System Wide Change: Workstation: Disable firewall

Reindl Harald h.reindl at thelounge.net
Tue Apr 15 09:55:17 UTC 2014

Am 15.04.2014 11:32, schrieb drago01:
>> do "we" really want to go the way of dangerous defaults without
> ... "dangerous" ?
> So install the workstation package set. Boot it up. Disable the firewall.
> Which kind of vulnerabilities are able to find? Which ports are
> accessible? 

Avahi at least

> What can you do with them?

that will the time tell you after there where security flaws nobody
expected before when it is too late - it is somehow pervert to
argue that way and make proposals to weaken the default security
exactly one week after "Heartbleed"

"what can you do with them" if it comes to security is the wrong
question - what can you not do with them and how do you prove
that would be the right question

not a single security flaw in the past yeas was expected and
now instead learn of them we disable security layers?

short ago it was proposed "drop tcpwrapper from the distribution
because there is a firewall and we should rely on a sinle layer
of defense" followed directly by "oh and now let us disable that
security layer in a default install"

to make it clear: myself is not affected by such things but it
scares me because i have to fight as server-admin with the
impact of dumb security decisions and the resulting botnets

and yes you have to be very careful with "but we are not vulerable
like this and that" because that's the first step to fall hard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/dda6f256/attachment.sig>

More information about the devel mailing list