"Workstation" Product defaults to wide-open firewall

Tue Dec 9 19:10:51 UTC 2014

On Tue, 2014-12-09 at 16:04 +0100, Reindl Harald wrote:
> Am 09.12.2014 um 15:57 schrieb Christian Schaller:
> > Well I think it is hard for anyone to guess what would be reasonable defaults for
> > you specifically, any default is by its nature just targeting an generic
> > person, which might or might not be a lot like you.
> >
> > But if you are aware and understand the finer details here then it isn't that
> > big a job to change it, you should be able to go into the network manager, choose your
> > connection, choose 'identity' (should probably be moved to be under security?) and change
> > the zone for your network to whatever suits you better.
> 
> and why can't you do the same if you want it open instead start 
> wide-open and expect from people to secure their system
> 
> how long do you think does it take until someone is so audacious and 
> installs mysql and apache with the intention just to develop some 
> webscripts on his workstation *beause* he want only play around with it 
> not imaging that his mysqld is open to the world and not just localhost?
> 
> the same applies for *any* other service in /etc/services with a port 
> number above 1024 - ship unsecure defaults and expect users to secure 
> their machines is pervert - that won't happen, sooner or later damage 
> will happen and nobody feels responsible
> 
> 

Well said Reindl.

I don't know if this is the issue or it is just coincidence, but since
Microsoft has been injecting Linux with their engineers, there appears
to be a slide in security, efficiency, and a general ignoring of the
Unix roots of Linux.  I know Linux is not unix... but the influence was
there and was a great contributor to the stability, usability and
security of the system.  The switch to systemd, is but one very strong
example of this slide.  Now open ports?  Really, with the world under
threat of cyber attack, this is reasonable?  I can see from the many
posts that  I am not the only one with concerns.  My own background is
deep, going back to the 1970's.  I can tell that many of those defending
this don't realize the issue.  So, maybe a bit of a wake up call would
point to the Sony debacle, and the potential of Worm's.  Or the issues
of man in the middle where once you initiate a connection, those open
ports become a door into your system?  The software is out there on the
dark net, and most of the server folks on here know that.  Please
rethink this process.  Revert to text control software, rely on
encryption and net control as the first phase of system defense.  Then
layer it with secure routers, filtering, and possibly dual
authentication.  Make the bad guys work for it.

Just my opinion.