Rico Secada wrote: > On Sat, 17 May 2008 06:42:57 +0530 > Raj Kiran Grandhi <[EMAIL PROTECTED]> wrote: > >> Rico Secada wrote: >>> Hi. >>> >>> Why is Debian not setup to be secure be default? >>> >>> Not everyone is a security expert so imho the system should be fully >>> secured out-of-the-box. >> Please elaborate on what you consider to be the insecure parts of a >> default installation. Describe a process by which an etch system can >> be compromised remotely. Obviously, the ability to become root by >> tweaking the boot parameters from the grub screen does not count as a >> vulnerability. >> > > All I am saying is that it shouldn't be needed to harden anything. > > http://www.debian.org/doc/manuals/securing-debian-howto/
Please consider the following about security 1. it's about risk management, not everybody has the same opinion about what security is worth, basically there is no one-size-fits-all when it comes to security 2. securing a system is a process, meaning that it's something ongoing not something that one does once and then is done with 3. often security and usability are opposed (but not always), it's possible to argue that server packages (e.g. SSH or lighttpd) are installed they shouldn't be enabled, after all it might be a mistake by the administrator to install it and disabled-by-default is more secure than the opposite So, while considering this, what concrete things would you suggest is done by default on a new Debian system? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus.therning@gmail.com http://therning.org/magnus What if I don't want to obey the laws? Do they throw me in jail with the other bad monads? -- Daveman
signature.asc
Description: OpenPGP digital signature
