Dave Howorth said the following on 04/30/2013 11:44 AM:
Carlos E. R. wrote:
The default was the other way round some releases ago. Many people complained about this change at the time, but the decission was made and kept :-(
(they said something about home users not needing this. How about remote maintenance of home users, for instance? Sigh.)
I think the point is that you should not have open network services by default. You should have to explicitly open a weakness in your defences.
I keep saying Context is Everything but that usually the gap. When people pose the problems we have we ask them what system they are running, what revisions etc. We really should have asked Lynn about the context here; I suppose we - we certainly myself - assumed it was her normal system, the one she's posed questions about before. If she'd told us this was a school system to begin with we would have had a better understanding and perhaps more sympathy when she complained about the need to visit each seat. But Dave's assertion above is right in some contexts and "Duh?" in others. In my own context as I type its a nonsense statement. None of my machines, server, workstations, have firewall installed never mind enabled. As my laptop is plugged in here it has its firewall disabled. That's because the LAN is behind a nice big commercial firewall box :-) Context is everything. Now when it comes down to single home machines plugged directly into the Big Bad Wild Internet, yes I agree, they need the firewall ON! That was the great problem with the old Windows machines and the source of so many of the problems that persist to this day. But Context is Everything and some of that context is business needs. I've seen what I consider to be 'broken' high value applications at brokerage firms that require vast ranges of ports to be open on the firewall, so much so that some sites where this is used simply don't bother with a firewall, its too much of a hassle when it comes down to "business as normal". I've heard people in first tell regulatory auditors "Any one of our brokers makes more in a morning that your firm bills in a year to take your advice about security and stick it!". Risk management is about know what risks to accept. That is a matter of context. Perhaps Lynn will now tell us if these workstations at this school are each and individually connected to the Internet or if they are on a LAN and if the latter how the LAN connects to the Big Bad Wild Internet and if there is a firewall of any kind involved. And yes, right, there is the old issue about "academic freedom", which in some learning establishments lets the staff tell the IT people that security measures are an infringement of their rights and must all be disabled... Sorry, Dave, one size doesn't fit all. -- "In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org