"Workstation" Product defaults to wide-open firewall

Przemek Klosowski przemek.klosowski at nist.gov
Tue Dec 9 16:01:41 UTC 2014


On 12/08/2014 06:41 PM, Reindl Harald wrote:
> the security community is usually very clear:
>
> * forbid as much as you can by default
> * allow only what *really* is needed to get the work done
...and this is the tricky part---you want tightly defined functionality, 
and other people want to install a photo-sharing that just works with 
their off-the-shelf smart TV. In principle, both could be accomplished 
with a combination of well-written, good-looking pop-up dialogs and a 
smart, dynamic firewall, but the required software doesn't exit yet.

I think that we should start with the low hanging fruit and simplify the 
firewall zones to two : a public, restricted one and a home/private with 
more ports open; selected by user for each new interface.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141209/78a3f0c2/attachment.html>


More information about the devel mailing list