Building an OpenBSD Gateway – Part 1

“”But why OpenBSD?” Truth be told, there are many operating
systems you could use as a gateway. Most will do the job and most
can be ‘hardened’ to provide very secure installs – provided you
know what you’re doing. With OpenBSD, however, you don’t need to be
an expert in computer security to have a hardened install. The base
install is already hardened. The OpenBSD developers spend a lot of
time auditing code. Hardware design errors aside, most security
‘vulnerabilities’ come down to poor software design or poor
software implementation, ie. bugs. A security bug is just a
software bug that can be exploited to have unintended
consequences.

“The classic ‘buffer overflow’ attack is simply an exploit of
the original programmer’s failure to ensure the data input by the
user does not exceed the size of the buffer as defined in his C/C++
code. Rigorous auditing of code, like the OpenBSD project does,
ensures that such bugs are corrected so that the OpenBSD package of
an application has these bugs removed. However, it needs to be
understood that not all packages that run on OpenBSD undergo such
rigorous audits. The Base install of OpenBSD gives the user this
assurance. Installing software from the Ports collection may
represent an increased risk. I say ‘may’ because it presupposes
there are bugs remaining that can be exploited. OpenBSD typically
ports older, mature applications which are more likely to have had
their bugs ‘ironed out’ than the latest version of an application.
This, of course, may have a negative impact on functionality and
while OpenBSD can be used as a desktop OS, you’ll soon find that
it’s better as a server. Others may disagree, it’s just my opinion
and you can have yours.”

Complete
Story