Poor security defaults

Bug #107616 reported by Sean on 2007-04-19
Affects Status Importance Assigned to Milestone

Bug Description

Security by default in ubuntu is not up to scratch at all, I understand that iptables in the kernel does the job but it's not acceptable and very basic for this day and age.

Please can we have Firestarter (frontend) installed by default or ICMP filtering enabled in iptables and or Firestarter. Even Windows XP SP2 has better default firewall security than Ubuntu and the fact that a cracker can ping your machine to get a response to say something is there is not good. We should not make the mistake (like Windows) with security defaults, just because we are low on the radar of crackers dont mean we can step back, after all thats what SELinux are in the kernel for.

David Symons (bimberi) wrote :

A default install will repsond to pings but that's basically it as far as network presence is concerned. If you do a 'sudo netstat -plunt' you'll see that it doesn't listen on any external ports.

Martin Pitt (pitti) wrote :

This topic is too broad to be handled through a bug report. We have some specifications and Summer of Code projects for this, so we are well aware of this issue. Thank you!

Sean (suseux) wrote :

OK, but can't you atleast have a iptables update with ICMP filtering enabled?

I'm not sure if everybody would like that. When I set up a new box, I want to be able to ping it before changing a configuration setting first. For that I'm willing to pay that small a dent in security, thanks very much.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers