[lug] Security

McIllece, Matthew W matthew.w.mcillece at lmco.com
Tue Feb 15 13:11:24 MST 2000 

This is something I'd sure like to see.  I'm tired of having to do all this
manually and sometimes discovering that I missed something because I just
didn't know about it.

The RPM idea mentioned in another post also would be more convenient.

	-----Original Message-----
	Date: Tue, 15 Feb 2000 09:44:21 -0700
	From: Kyle Moore <kmoore at trustamerica.com>
	To: BLUG <lug at lug.boulder.co.us>
	Subject: [lug] Security
	Reply-To: lug at lug.boulder.co.us

	I'm fishing for opinions on default security. Our company just spent
a
	ton of money on a security audit so it got me thinking about
security on
	other systems as well as the ones I am responsible for.

	Do you think it would be good if the installer (of whatever OS you
are
	installing) prompted you for at least two different kinds of
security.
	Maybe it gave you a screen that said 1)Would you like to set your
system
	up to be more secure or 2)Would you like default security. I am from
the
	school of "install as little as possible to do the job" but I know
many
	people don't. I just think it is a joke that some people have NIS,
NFS,
	Samba, Sendmail, Apache, a database, a proxy server, dns, a news
server,
	snmp, etc. running on a machine and they don't even know it. I think
at
	the very least it should install the product but not start it at
boot
	until it is configured. 

	With DSL and cable modems becoming more popular, I think it would be
	great if the OS made it easier for someone without much knowledge to
	have a somewhat secure system. Maybe this means the first choice of
an
	install is beginner or expert. The expert side would leave you alone
to
	shoot yourself in the foot. The beginner install would as you about
	security and explain what the packages you have selected actually
do.
	When you have a Linux box that you use for internet access and you
	select NIS and NFS, the install says what they are for and they
allows
	you to change your selection.

	Just kicking around some ideas...thought I would share them with the
	group.

	-kjm

More information about the LUG mailing list