The most secure networking operating system on the planet, OpenBSD, has just hit version 3.7. OpenBSD's description (from their website): "The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX." Some people might say that a certain popular multi-billion dollar company has the most secure OS. To those, people, I pose only one question: How many operating systems do you know of that have had only one remote security hole in the default installation in over 8 years?
That got my attention! I was actually researching the best Linux distro to use for setting up a gateway/firewall for my home Slackware network. Do you use OpenBSD yourelf? If so, perhaps you could help me. I know nothing about the BSD Unixes, how much different are they to Linux and how easy would it be for someone with a decent working knowledge of Linux to get one set up and running on an older machine operating as outlined above?
The BSDs are awsome. Although they are much more like the commercial Unices than Linux, they do have some unique caveats that are specific to BSD (like the partitioning is a bit confusing). Bascially, OpenBSD uses the same Unix priciples of security that are found in Linux, Solaris, etc and really locks down their default install. They test the code rigerously, and have removed parts and ideas from the traditional Unix scheme that they didn't like. As a result, you basically have a pre-hardened OS that's very simple and easy to keep secure. It runs well on low-end hardware, and has a ports-like system to keep current. Although, with OpenBSD people usually upgrade when they want more features, not because of a vulnerability. That makes Open BSD ideal for routers, web & mail servers. That being said, I use Linux exclusively, including on my firewall. I've never had a single security breach because I remove features I don't need and lock-down everything I do need. IPCop makes a great firewall/router, and it's really easy to keep secure because its very simple. It's basically a very minimalistic LFS (Linux From Scratch) rollout, running a hardened kernel, IPtables, and a nice custom encrypted web-interface or SSH for administration. Very nice system, and there are tons of add-on binaries for it which can expand its default capabilities. Of course, it's a standard Linux, so you can add your own Linux binaries and scripts to it as well. If you want to run a BSD on your firewall, you might consider m0n0wall, which is an embedded-style BSD firewall that can either run from a bootable CD, flash RAM, or from a HDD. -AT
Actually the one that most interests me right now is Devil-Linux which runs a firewall entirely from CD! No hard-drive to be hacked into, no X-server to mess things up, runs on old hardware, bliss! I will have to try out at least one of the *BSD's some time just to say I did.
The *BSD line is definitely good for security. If you haven't heard of it, well, that's because it's not targeted at the desktop, much less the average consumer. It's not an OS that's used by most people, but then again, it's made for a specific function. If you want BSD that looks pretty, buy a Mac with OS X on it. Pretty close to FreeBSD as I understand it.
Yeah, to me BSD just doesn't feel like a desktop OS. OS X does have a FreeBSD-based foundation, but it doesn't really have very much in common with a traditional Linux/Unix system. No GCC, for one thing. And the approach to administration is very different. I like OS X better than Windows, sure. But I wouldn't say it's much like BSD overall.
