OpenBSD v3.6

OpenBSD has been released for quite a while now. [ Here ] is a nice summary of it from Newsforge.com

My personal impressions of it are:

  1. It’s number #1 OS if you’re concerned about security
  2. There are so much work going into this OS – hardened against buffer-overflow attack (even built into its compiler), arguably the most common type of attack. Also impressive use of cryptography, and how the system is set up securely in general – no initial root login via ssh, chroot-ed daemons, etc.
  3. OpenBSD team gives the best impression of a professional voluntary group. They set high standards, they set goals, and they meet them.
  4. An OpenBSD server, however, can be really difficult to setup and maintain. This is more to our lack of familiarity to various security process, instead of the fault with OpenBSD itself. Still, it tend to deter newcomers.
  5. Another problem is lack of newbie-friendly documentation. I tried to rectify that with [ this ], however note that I had to stop writing it when I changed my server before I can really sure that everything in there works.
  6. Package management is a serious omission in OpenBSD. But I heard that such thing (some kind of portupgrade) is already availabe in the bleeding-edge version of it.
  7. OpenBSD doesn’t yet comprehensively address the new rising threat – web-application security. Including mod_security in Apache by default could help to address this significantly

My own biggest issue with it is lack of effective package management solution (which is important when you want to spend as little time as possible administering your servers), so once this is addressed (in v3.7 I assume), then I think I’ll give this another go.

6 thoughts on “OpenBSD v3.6

  1. There are so much work going into this OS – hardened against buffer-overflow attack (even built into its compiler), arguably the most common type of attack. Also impressive use of cryptography, and how the system is set up securely in general – no initial root login via ssh, chroot-ed daemons, etc.

  2. OpenBSD doesn’t yet comprehensively address the new rising threat – web-application security. Including mod_security in Apache by default could help to address this significantly

  3. There are so much work going into this OS – hardened against buffer-overflow attack (even built into its compiler),

Leave a Reply

Your email address will not be published.