Re: "Workstation" Product defaults to wide-open firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 08.12.2014 um 10:34 schrieb Michael Spahn:

We don't need open or preconfigured high ports.

What we really need is a user notification with options to allow or
deny like we do with SELinux.

That would be a appropriate solution for a workstation.


* you know that
* i know that
* the same applies for many options chosen at install
sadly the goal is to ask users as less as possible because they may be overwhelmed - the attitude "a user is a user and don't need to know anything because all can work magically" is wrong, proven dangerous and leads in users don't know anything after not beeing bothered with anything
*finally* they are trained to *rely* in sane and secure defaults but everybody working in the IT knows that you enevr can't have both: secure by default and all magically working by default
people switched to Linux systems to go in the "secure by default" direction, sadly this times seems to be gone 


On 08.12.2014 10:29, Reindl Harald wrote:


Am 08.12.2014 um 09:38 schrieb Paul Howarth:

FWIW, this is mentioned in the release notes:

http://docs.fedoraproject.org/en-US/Fedora/21/html/Release_Notes/sect-Products.html#Products-Workstation


2.3.3. Developer oriented firewall


Developers often run test servers that run on high numbered
ports, and interconnectivity with many modern consumer devices
also requires these ports. The firewall in Fedora Workstation,
firewalld, is configured to allow these things.

Ports numbered under 1024, with the exceptions of sshd and
clients for samba and DHCPv6, are blocked to prevent access to
system services. Ports above 1024, used for user-initiated
applications, are open by default.


WTF - "developer oriented firewall" on workstation?

i doubt it is smart that by default my running Eclipse accepts
incoming connections from the WAN (that i am paied for IT security
prevents that but only here)

tcp        0      0 0.0.0.0:20080           0.0.0.0:* LISTEN
8669/java

tcp        0      0 0.0.0.0:10137           0.0.0.0:* LISTEN
8669/java

tcp        0      0 0.0.0.0:9000            0.0.0.0:* LISTEN
8669/java

udp        0      0 0.0.0.0:4321            0.0.0.0:*
8669/java

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux