"Workstation" Product defaults to wide-open firewall
przemek.klosowski at nist.gov
Tue Dec 9 16:01:41 UTC 2014
On 12/08/2014 06:41 PM, Reindl Harald wrote:
> the security community is usually very clear:
> * forbid as much as you can by default
> * allow only what *really* is needed to get the work done
...and this is the tricky part---you want tightly defined functionality,
and other people want to install a photo-sharing that just works with
their off-the-shelf smart TV. In principle, both could be accomplished
with a combination of well-written, good-looking pop-up dialogs and a
smart, dynamic firewall, but the required software doesn't exit yet.
I think that we should start with the low hanging fruit and simplify the
firewall zones to two : a public, restricted one and a home/private with
more ports open; selected by user for each new interface.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel