On Friday 13 February 2015 14:42:09 Chris Murphy wrote: > Do you not see how your password policy defend hinges on grandiose > assumptions? I have many devices lying around without any information > on them, they're used strictly for testing, so there isn't anything > but an OS and some cache files for ycombinator and cnn, BFD. Oh but I > need to use strong passwords because someone ELSE might be an idiot > and have sensitive information on their laptop. So you are drawing me > into becoming responsible for other people's behavior too. Everyone is > baby sitting users who don't give a crap. you should take a look at traffic laws, they all are about "someone ELSE might be an idiot" If you know you will be using the device for testing then just change the password post-install to something simple. The vast majority of people won't be using the installations just for testing. > First, sshd is not a security feature, it's a remote connection > service and increases the attack surface. Disable that. It has a lower > burden on more people, and it's also an expected burden for anyone > come from other enterprise cultures. The idea a Windows Server would > have remote services enabled by default? I think most any hard core > Windows sysadmin who also doesn't make bad excuses for Microsoft would > admit this could be a liability lawsuit waiting to happen if they were > to do that. That's how bad an idea it is. but they do you can certainly run commands remotely on a Windows Server system as soon as you connect it to a domain, just because the remote GUI login is disabled doesn't make remote services and administration disabled -- Regards, Hubert Kario
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security