Re: F21 System Wide Change: Workstation: Disable firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 15.04.2014 11:32, schrieb drago01:
>> do "we" really want to go the way of dangerous defaults without
> 
> ... "dangerous" ?
> 
> So install the workstation package set. Boot it up. Disable the firewall.
> Which kind of vulnerabilities are able to find? Which ports are
> accessible? 

Avahi at least

> What can you do with them?

that will the time tell you after there where security flaws nobody
expected before when it is too late - it is somehow pervert to
argue that way and make proposals to weaken the default security
exactly one week after "Heartbleed"

"what can you do with them" if it comes to security is the wrong
question - what can you not do with them and how do you prove
that would be the right question

not a single security flaw in the past yeas was expected and
now instead learn of them we disable security layers?

short ago it was proposed "drop tcpwrapper from the distribution
because there is a firewall and we should rely on a sinle layer
of defense" followed directly by "oh and now let us disable that
security layer in a default install"

to make it clear: myself is not affected by such things but it
scares me because i have to fight as server-admin with the
impact of dumb security decisions and the resulting botnets

and yes you have to be very careful with "but we are not vulerable
like this and that" because that's the first step to fall hard

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux