[lug] Security

[Kyle Moore]

I'm fishing for opinions on default security. Our company just spent a
ton of money on a security audit so it got me thinking about security on
other systems as well as the ones I am responsible for.

Do you think it would be good if the installer (of whatever OS you are
installing) prompted you for at least two different kinds of security.
Maybe it gave you a screen that said 1)Would you like to set your system
up to be more secure or 2)Would you like default security. I am from the
school of "install as little as possible to do the job" but I know many
people don't. I just think it is a joke that some people have NIS, NFS,
Samba, Sendmail, Apache, a database, a proxy server, dns, a news server,
snmp, etc. running on a machine and they don't even know it. I think at
the very least it should install the product but not start it at boot
until it is configured. 

With DSL and cable modems becoming more popular, I think it would be
great if the OS made it easier for someone without much knowledge to
have a somewhat secure system. Maybe this means the first choice of an
install is beginner or expert. The expert side would leave you alone to
shoot yourself in the foot. The beginner install would as you about
security and explain what the packages you have selected actually do.
When you have a Linux box that you use for internet access and you
select NIS and NFS, the install says what they are for and they allows
you to change your selection.

Just kicking around some ideas...thought I would share them with the
group.

-kjm