ICMP 8 OPEN

Rob Weir rweir at ertius.org
Sun Oct 31 05:06:08 UTC 2004 

On Wed, Oct 27, 2004 at 07:23:50AM -0700, Hudson Delbert J Contr 61 CS/SCBN said
> 	to :listsysop, gurus and other s.a. types,,
> 
> 	i've posted in the past in regards to the number of queries i've
> 	seen on this list in regards to some of the security items. i
> 	think this points out that some of migration from winBlowzMe
> 	clients to open source platforms seems to really be occurring.
> 	a large portion of this migratory community appear not to have
> 	the most basic unix netsec. is there an ubuntu-howto-lockdown in
> 	progress. 

There doesn't seem to be one on
http://www.ubuntulinux.org/support/documentation/howto, but it'd be
great if you wanted to join the ubuntu-doc list and start work on one.

> 	i am never convinced the any OS vendor, maybe other
> 	than OpenBSD is CLOSE to being secure out of the box.

Ubuntu does do the obvious stuff "out of the box"...no daemons listening
on external interfaces, use of sudo, paranoid defaults for things...if
you have suggestions for how it could be made more secure, I bet they'd
love to hear about it on the -devel list.

> 	i want to see whats under the hood. also questions such as this
> 	could be directed to a platform specific (ubuntu) methodology
> 	without sending the newbs out to SAGE or SANS. i dont want to
> 	re-produce the dangerous WinDOZe security syndrome of set it and
> 	forget it.

This is a very good point, and another good reason why a security howto
would be a great resource for our many new users.

> 	ubuntu-user-security would be a good name.  this client can
> 	connectto a network. that makes it a target either now or later.

Everytime you split a list, you make it harder for everyone to
contribute to the discussion...it's not my decision, but the quantity of
security-related questions on the list hasn't seemed huge compared to
things like "k3b doesn't work!" ;-)

Another thing is that new users are less likely to subscribe to a
security list, and would thus miss out on the useful discussion that
would happen there.

> 	it seems to have been swept under the rug.

What has been swept under the rug?

-rob

-- 
Words of the day:     nuclear Compsec national information infrastructure Elvis

More information about the ubuntu-users mailing list