Linux Today: Linux News On Internet Time.

Building an OpenBSD Gateway - Part 1

Nov 21, 2008, 01:03 (0 Talkback[s])
(Other stories by Shagbag)

""But why OpenBSD?" Truth be told, there are many operating systems you could use as a gateway. Most will do the job and most can be 'hardened' to provide very secure installs - provided you know what you're doing. With OpenBSD, however, you don't need to be an expert in computer security to have a hardened install. The base install is already hardened. The OpenBSD developers spend a lot of time auditing code. Hardware design errors aside, most security 'vulnerabilities' come down to poor software design or poor software implementation, ie. bugs. A security bug is just a software bug that can be exploited to have unintended consequences.

"The classic 'buffer overflow' attack is simply an exploit of the original programmer's failure to ensure the data input by the user does not exceed the size of the buffer as defined in his C/C++ code. Rigorous auditing of code, like the OpenBSD project does, ensures that such bugs are corrected so that the OpenBSD package of an application has these bugs removed. However, it needs to be understood that not all packages that run on OpenBSD undergo such rigorous audits. The Base install of OpenBSD gives the user this assurance. Installing software from the Ports collection may represent an increased risk. I say 'may' because it presupposes there are bugs remaining that can be exploited. OpenBSD typically ports older, mature applications which are more likely to have had their bugs 'ironed out' than the latest version of an application. This, of course, may have a negative impact on functionality and while OpenBSD can be used as a desktop OS, you'll soon find that it's better as a server. Others may disagree, it's just my opinion and you can have yours."

Complete Story

Related Stories: