Re: Please enable firewalls by default on Linux distributions
From: Erik Aronesty (erik@zoneedit.com)
Date: 03/08/03
- Previous message: Torsten Kaiser: "Re: Viruses in linux?"
- In reply to: John SMith: "Re: Please enable firewalls by default on Linux distributions"
- Next in thread: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Reply: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: erik@zoneedit.com (Erik Aronesty) Date: 8 Mar 2003 07:34:53 -0800
That's silly.
You too can join class action contributory negligence lawsuits for fun
and profit.
Hving default security settings for software is like having seat-belts
in cars or safetys on guns. It was the cost - not the technology -
that kept them from being installed until it became a crisis.
Plus, safe guns and cars aren't as cool as unsafe ones.
I can't imagine that that's the case for Linux.
Most of Linux comes with dozens of resource-limits turned on. Why?
To keep the O/S from being too easily compromised.
An unskilled user can't exceed the max-filehandles, or whatever, and
cause the O/S to crash. A skilled user can increase these limits and
"push" his machines performance-edge, etc.
Only the network comes with "allow everying" as the default
distribution.
I imagine it was left out, not because it's a good idea to leave it
out, but just because no one thought if it.
John SMith <Jsmith@hotlink.com> wrote in message news:<3E694DBB.1040601@hotlink.com>...
> Get real.
>
> It will likely not happen, also do not assume every install of a piece
> of technology is on the internet to get DOS attacks.
>
> Most non-windows O/S take the approach of making the system modular
> enough to unload or load whatever you need - just look at Linux
> /etc/rc.d, Cisco's show config, or Netware's autoexec.ncf.
>
> Any one configuring anything exposed to untrusted networks needs to RTFM
> and know what is going on under the hood. If not, DOS attacks will be
> the least of thier worries.
>
> Erik Aronesty wrote:
> > DDOS attacks are on the rise.
> >
> > Most distributions of Linux ship with powerful firewalls that are
> > completely turned off when you install them, allowing the systems to
> > be easily used as staging areas for DDOS attacks.
> >
> > Nearly every other piece of network software in the world has "default
> > settings" that contain restrictions on usage, except our most
> > important ones. For example: email servers come with rate filtering
> > defaults and are closed to relaying by default.
> >
> > Router vendors should be selling products that are "default
> > restrictive", unless you are an advanced user who knows how to unlock
> > more powerful features - not the other way around.
> >
> > Rather than begging 200 million clueless users to reconfigure their
> > OS'es and routers after installing them, we should simply call
> > attention to the security vulnerabilities inherent in the default
> > settings of the software.
> >
> > Filters that are within the capabilities of the O/S and are reasonable
> > defaults for a majority of the users should be enabled by default.
> >
> > At some point, failure to do this could even be seen as negligent on
> > the part of the vendors.
> >
> > At the very least, egress filtering, syn flood prevention, basic port
> > filters should be enabled by default.
> >
> > Any thoughts on how to get the consumer router vendors to do this?
- Previous message: Torsten Kaiser: "Re: Viruses in linux?"
- In reply to: John SMith: "Re: Please enable firewalls by default on Linux distributions"
- Next in thread: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Reply: al_dav: "Re: Please enable firewalls by default on Linux distributions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
