"Workstation" Product defaults to wide-open firewall
M. Edward (Ed) Borasky
znmeb at znmeb.net
Mon Dec 8 20:21:17 UTC 2014
As one who maintains a remix for journalists, I expect the default for
a workstation should be that you mus* explicitly know what you are
doing to open a port, and enable or start a service - the default
release should have a minimum attack surface by design. As a result of
this discussion I plan to modify my remix so that is the case - ports
open by default in Fedora 21 Workstation will be closed in OSJourno.
I'm on the fence over the ports below 1024, but I suspect those should
be closed as well.
On Mon, Dec 8, 2014 at 10:41 AM, Adam Jackson <ajax at redhat.com> wrote:
> On Mon, 2014-12-08 at 18:40 +0100, Reindl Harald wrote:
>> * vulnerable port open
> Yeah, see, this bit right here is the actual issue. Curiously, AV
> software on Other Operating Systems has had the ability to delegate this
> very policy decision to the user session for at least a decade, and yet
> nobody on this thread seems to have any desire to _write code_ to _fix
> the problem_.
> Instead we are treated to infinite spew about how nostalgic we are for a
> security model we learned in 1996. Sorry y'all, port-based security
> does not match reality's threat model. Let's be better than that.
> - ajax
> devel mailing list
> devel at lists.fedoraproject.org
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Twitter: http://twitter.com/znmeb; OSJourno: Robust Power Tools for
Digital Journalists https://osjourno.com
Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.
More information about the devel