On Sunday 21 December 2003 14:15, Tom Brinkman wrote: > On Saturday 20 December 2003 07:16 pm, Kaj Haulrich wrote: > > Here's where msec comes in : I always wonder why the Mandrake > > default is "standard". First thing to do after a new > > install/upgrade is to set security level to "high". But that > > is only a matter of keeping the users privacy, not the > > system's. > > I believe 'standard' is the right choice, but you are given > the opportunity during the install to set it to whatever you > want. IMO, it's a good idea to leave it at standard till you > have used the system for a while before raising it. Even for a > multi user or server system. I also think it's a good choice for > users that don't bother to further explore Linux permissions and > security in general. They should leave it at standard. It's > especially suited to a single user desktop. Permissions do little > to protect from the outside world anyhow, for that you need > iptables and firewall rules. I think some users, specially the > new ones confuse the two, msec/permissions vs. firewall/ports > security. > > Another reason Mandrake's default is standard, is to tryin > reduce the "How come I can't _______________" support questions. > If I were to criticse Mandrake, it would be for not installing > iptables by default when a lan and/or Net connection is > configured during the install. I think a very simple firewall > rule generator like Guarddog would be a good default choice too. > Point'n click fairly intuitive setup for iptables, even for those > very new to Linux and security.
Well Tom, undoubtedly you are right. However, I've never noticed any limitations when having msec=high. The advantage is, that having multiple users on one machine, each one can have a "home" without fear of being disturbed by the others. For example, on my main machine I have a "guest" account used by neighbors without Internet. They can happily click around without doing any harm whatsoever to others. On the other hand, setting msec=higher, excludes me from doing a lot of things, can't even go outside my "home". Of course, all this can be accomplished "by hand", but I find msec quite reasonable. Now, if only I could find out how to "stealth" my ports :-( Kaj Haulrich. -- ** Sent from a 100 % Microsoft-free computer **
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com