On Fri, Aug 20, 1999 at 11:18:16AM -0700, David Bristel wrote: > Another solution is to let those who are looking to remain ignorant to go use > Redhat. The real issue is that a standard UNIX type system will have telnet, > rlogin, rsh, as well as FTP and other remote access tools turned on by default. > For an enduser, this is a negative, since if they don't know what they are > doing, their system can be easily hacked and used to attack other systems. The > ease of use issue basically comes down to having a complete minimal system > without telnet, FTP, or anything turned on, with only the minimum needed to go > into xf86. I do NOT recomend that Debian go down this path, except as a > seperate "distribution" that aims for the enduser system. Even Redhat is more I disagree 100%. In fact, I think it's time to start shipping systems with _no_ remote access enabled by default. I think that it is irresponsible to ship systems with services turned on by default because we _know_ that these systems are installed by people who don't update them and let them become convenient havens for crackers andother miscreants. The reality is that someone who needs something like telnet will find it and turn it on. Someone who's ignorant of it _doesn't need it on_. And I think it's fair to say that the most clueful sites these days are going to _turn off_ most of what we enable by default. Unix has always shipped with this stuff turned on. And unix used to ship with passwordless accounts, + + in the .rhosts, etc. Times have changed. It's time for distributors & vendors to show some responsibility for the tools they're putting in the hands of people who don't know how to use them, and don't even know they exist. In most cases I'm strongly opposed to too much hand-holding. But in this case, it's not an issue of people screwing up their own systems... Mike Stone
Attachment:
pgpCwbNYK5w00.pgp
Description: PGP signature