OpenBSD Journal

A closer look at OpenBSD

Contributed by Johan Berg on from the dept.

Found an article while reading at http://osnews.com about OpenBSD.

"OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX® and Linux® administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day. Maybe it's time to give the whole operating system a closer look."

And..

"In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."

Article can be found here

(Comments are closed)


Comments
  1. By tubbs (67.161.136.166) on

    Not too bad, as an overview. But one of the references to pf at the end says "For more information about using OpenBSD as a firewall, read through the information on this page by Hoang Q. Tran." which leads to an article describing 3.2, just slightly dated. Better to have referred to the pf section of the FAQ specifically.

    Which leads to another thought. What do the developers/users think of the Internet Storm Center and DShield in general? I have seen positive references to OpenBSD on ISC, don't know if any of the handlers have contributed or not.

    I think the DShield OpenBSD client for reporting firewall logs is broken, my first attempt produced a load of unparsable log entries. Has anyone cared enough to produce a port of the DShild reporting client? Seems like a good cause, and good publicity.

    Comments
    1. By Jan J (130.237.209.42) on

      For me personal DShield is crap.

      I think the idea is great and have submitted logs for several machines for long times.

      However the project is dead. No Feedback since Feb 8 2005? The windows client picks an IP address from my internal interface. How can a string conversion between two different log formats suddenly turn up another IP? I reported the bug several months ago and yet no fix or respons.

      It is just very badly run.

  2. By David Chisnall (213.105.224.17) on

    "In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."

    Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.

    Comments
    1. By Iruata Souza (muzgo) (201.52.20.57) on http://openvms-rocks.com/~muzgo

      > "In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."
      >
      > Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.

      this is best explained here:
      http://deathrow.vistech.net/defcon.txt

      Comments
      1. By Anonymous Coward (24.46.21.229) on

        > > "In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."
        > >
        > > Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
        >
        > this is best explained here:
        > http://deathrow.vistech.net/defcon.txt
        >
        >

        Maybe the idea came from this:
        http://www.vmsone.com/~opcom/defcon9.htm

        Comments
        1. By Anonymous Coward (24.46.21.229) on

          > > > "In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."
          > > >
          > > > Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
          > >
          > > this is best explained here:
          > > http://deathrow.vistech.net/defcon.txt
          > >
          > >
          >
          > Maybe the idea came from this:
          > http://www.vmsone.com/~opcom/defcon9.htm
          >
          hmm, PointSecure (OpenVMS security company) doesn't help either:
          http://www.pointsecure.com/
          From their site (main page)
          ""Highly recommended by HP, our solutions have been declared "virtually unhackable" and were banned from Defcon.""
          I severaly doubt that an OS would be banned simply because it is "unhackable"; It's more likely that no one had a clue what to do with something so Very Much Strange... Although VMS is solid as a rock (run the 'open' systems here: OpenBSD, OpenVMS & OpenSolaris).

    2. By Matt Van Mater (67.105.229.98) on

      I'm not sure about any of this, but I can tell you that OpenBSD was used as the firewall of choice in the NOC at defcon this year. They openly said that during the closing ceremonies.

      In recent years capture the flag has not been about a free for all hackfest like the early days, but rather "here is a system build, protect it and try to break everyone else's". This year was based on Solaris 10 i think. With that in mind, I don't think OpenBSD was banned per se, but it's avoided because its not as 'fruitful' a ground for hacking competitiions.

  3. By Chris (70.186.194.173) on

    "First, visit the OpenBSD.org download page (see Resources), choose any mirror on the list, and then go to /3.9/i386/. ..."

    It be nice if the author mentioned that the project is funded from CDROM sales before saying get the distribution from the download page. Oh well, at least he put the online ordering page link in the "Resources" section.

  4. By Great advocacy (69.246.68.23) on

    The OpenBSD users could care less about this. But I will print this out and highlight the features and hand it out to my pointy haired-bosses.

    We have thousands of machines acting as servers in my global corperation, and the only unix variants used are mainly AIX on IBM hardware and solaris on sun hardware.

    We are constantly frustrated with these unix vendors who are unable to compete and keep up with the competition, and constantly demanding new hardware in our already crammed facilities.

    With this article hosted on one of these vendors' website, it may provide a bit of a 'seal of quality' over what I have been trying to push as a solution since I've been hired.

    Comments
    1. By Anonymous Coward (151.188.0.249) on

      > The OpenBSD users could care less about this. But I will print this out and highlight the features and hand it out to my pointy haired-bosses.
      >
      > We have thousands of machines acting as servers in my global corperation, and the only unix variants used are mainly AIX on IBM hardware and solaris on sun hardware.
      >
      > We are constantly frustrated with these unix vendors who are unable to compete and keep up with the competition, and constantly demanding new hardware in our already crammed facilities.
      >
      > With this article hosted on one of these vendors' website, it may provide a bit of a 'seal of quality' over what I have been trying to push as a solution since I've been hired.


      Largely, but not entirely, true. If you're referring to users of, say, Web services being hosted on OpenBSD, then you're right. If, on the other hand, you're referring to someone (like me) who actually runs OpenBSD on his laptop, or someone who has a shell account on an OpenBSD server, then they probably do indeed care, especially that laptop user. There are some OpenBSD users who do care about security and cleanliness, and they therefore use and appreciate the operating system for what it is.

      I have an idea of your frustration, above. Working in a Microsoft shop like I do, I am hard-pressed to even get GNU/Linux in here, let alone something "unsupported" (senior management's words, not mine or my boss's) like OpenBSD. Yes, I've known for years that plenty of small firms out here can--and would gladly--do it, but, see, they're not a "Big, Reputable Company (TM)" like Microsoft. However, after years of work, the PHB's are starting to allow GNU/Linux into our data centre, and we even have some OpenBSD that is very, *VERY* low profile. Guess which servers don't require constant reboots? Right, the GNU/Linux and OpenBSD boxes. Just that fact alone scares the hell out of all the MCSE's in the Windows team, including their boss; they're afraid that "those Linux guys" will make them redundant. :-)

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]