Kurt Seifried looks at some new features in OpenBSD 2.7 and recommends it
as a platform for patrolling your network. He also gives a sampling of
the many security tools available for intrusion detection, vulnerability
analysis and network management, all available from the
-"Ports" collection.
-
Randy Lewis of RTMX explains why they picked OpenBSD and how their real-time
extensions will be folded back into the OpenBSD source tree in time for the
next release. Interview by Jeremy C. Reed.
-
David Jorm, no stranger to OpenBSD, gives a detailed tour of the basic steps for
setting up an OpenBSD system as a gateway with a LAN interface and a PPP connection.
He also points out the little differences that could trip up somebody just
arriving from the Linux world.
-
Michael Lucas reviews the state of the art for BSD-derived systems,
and finds much cause for optimism.
-"OpenBSD delves further into constructive paranoia", he writes.
+"OpenBSD delves further into constructive paranoia", he writes.
Agreed, security is a state of mind, but unless the rash of serious incidents
abates, it's not really paranoia.
-
-OpenBSD is one OS that's likely to be voted "Most Secure."
-So why not use it for all enterprise apps? Columnist Pete Loshin
+"OpenBSD is one OS that's likely to be voted "Most Secure."
+So why not use it for all enterprise apps?" Columnist Pete Loshin
looks at OpenBSD as a serious contender for secure Internet servers.
+
Noel continues his chronicle of a cracker attack on his LAN.
In part 4, he notes that even local user vulnerabilities cannot
@@ -107,46 +112,46 @@
he mentions he would like to explore OpenBSD for systems that
need user accounts. The first three parts also make for interesting
reading for all system administrators.
-
PGP 5.0 was found to have a serious coding error under Linux and
OpenBSD, where it replaced the random data obtained from /dev/random
with a string of '1' digits when generating key pairs under certain
conditions.
-
Sam Williams strikes again. He interviews OpenBSD lead developer Theo de Raadt
and Tom Vogt, a lead developer of Nexus, a "maximum security" Linux
distribution unveiled on May 9. This article contrasts two different
approaches to security.
-
Freelance writer Sam Williams captures the dynamics of the OpenBSD
development effort in OpenBSD, dubbing it "geeking out for perfection".
Williams also takes note of OpenBSD's business-friendly non commercial
stance -- no corporate backers, yet plenty of commercial products
with embedded OpenBSD.
-
"3 out of 2 people can't figure out statistics", the saying goes. In this light,
we'd like to present Security Focus's summary of vulnerabilities. Read
@@ -154,14 +159,14 @@
admit it makes OpenBSD look good compared to other widely used OSes.
We think the most important chart is the top one, total vulnerabilities.
The upward trend is disturbing; it means the industry still doesn't
-"get it", and the users who trade off security for feature
+"get it", and the users who trade off security for feature
creep are delivering the wrong message.
-
Kurt Seifried talks about what people can do to promote security and
protect themselves against the now-commonplace attacks. His first
@@ -172,134 +177,142 @@
think he gave up too easily: by accepting mudflaps in the place of
airbags, he is taking the heat off software vendors to clean up the
defects in their products.
-
-"Psssstt! Wanna a good, reliable operating system on the cheap? Thing is,
-you just can't tell your boss about it" Technology writer Peter Wayner
+"Psssstt! Wanna a good, reliable operating system on the cheap? Thing is,
+you just can't tell your boss about it" Technology writer Peter Wayner
tells of the techies who break the rules and sneak open source
systems on the job. He mentions the "security-conscious" OpenBSD as a
successful secure e-commerce server against an rival NT implementation,
as well as how Marcus Rannum embeds OpenBSD in the Network Flight Recorder
IDS appliance to sidestep NT vs. UNIX prejudices.
-
Another "how I installed OpenBSD" article. Jeremy C. Reed writes
-a blow-by-blow, prompt & response chronicle of how he installed OpenBSD
+a blow-by-blow, prompt & response chronicle of how he installed OpenBSD
2.6, to the point of setting up X, the blackbox window manager and
Netscape -- elapsed time, 4 hours and 38 minutes. Phew.
-
Alison describes how she gave in to the geekier side of her nature and
rescued a castaway PC and put OpenBSD on it. "Contrary to popular
opinion, however, I think it's not just a matter of reliability," she
writes, "but also of clarity and simplicity - two very important and
oft-overlooked characteristics of computer software.".
+
In this interview by Daniel De Kok, lead developer Theo de Raadt comments
on the BSDI/FreeBSD merger, OpenBSD as an embedded OS, and future plans for
OpenBSD.
-
This bulletin discusses security concerns raised by recent reports of
vulnerabilities in commercial software such as backdoors and automatic
-registration forms. The article quotes Jerry Harold, president & co-founder of
+registration forms. The article quotes Jerry Harold, president & co-founder of
Network Security Technologies Inc. "This is why NetSec builds its products
on an operating system (OpenBSD) that has made security its number one goal."
-
In another FUD-fighting article, security writer Kurt Seifried and
Bastille Linux project leader Jay Beale refute a recent well-circulated
article saying open source software is more vulnerable because the
black hats can find bugs just by reading the source. If this were the
case, they argue, OpenBSD could not have achieved its security record.
-They counter the claim by demolishing "security through
-obscurity", the myth that just won't go away.
-
+They counter the claim by demolishing "security through
+obscurity", the myth that just won't go away.
+
Elias Levy of BUGTRAQ fame discusses the security of open- vs. closed-source
software. OpenBSD developers are mentioned first among a few groups of people
who care about auditing code for security vulnerabilities.
-
Slamming some recent press which had said that Open Source (and in particular
-Linux) leads to more software security problems, Clifford Smith states
+Linux) leads to more software security problems, Clifford Smith states "If there is ONE definitive proof that the source code being opened up for
review provides the opportunity to create secure operating systems, OpenBSD
is that proof." (his emphasis)
-
Columnist Kurt Seifried uses OpenBSD's code audit as an example to
refute a FUD piece on a major computer industry website that claims
that Linux is a security risk because the bad guys can find the holes
simply by reading the source code.
-
Open source software: Ready for Credit Union Primetime, March 6, 2000
-
+
An article explaining the trade-offs of using open source software, how it
might be applied to credit union enterprises and some caveats about the
@@ -320,12 +333,12 @@
written for credit union IS managers. Unfortunately, it's on the
subscription-only portion of CUES
Tech Port, a web site for member credit unions.
-
Rich Morin puts the 80's UNIX history of fragmentation in perspective by
examining the creative tensions between the five operating systems derived
@@ -334,381 +347,416 @@
projects and companies cooperate even though they have diverging goals. And
now that Sun has cautiously moved to open source some of its source, how
will the open source world react, he asks.
-
UNIX columnist Jeffrey Carl continues his survey of the freenix alternatives
for ISPs with an interview with Louis Bertrand. The author also discusses
the relative merits of OpenBSD and how ISPs might want to use it for a
competitive advantage.
-
Seán Boran wraps up his look at SSH with an article devoted to OpenSSH
running on OpenBSD and other OSes, mentioning problems porting OpenSSH to
platforms without good crypto support.
-
Kurt Seifried, author of the Linux Administrators Security Guide, explains
how to set up packet filtering with
-ipf. His examples are based on OpenBSD 2.6
+ipf. His examples are based on OpenBSD 2.6
even though his article isn't aimed at any specific OS.
-
Kurt Seifried reviews OpenBSD 2.6 and finds new features like
OpenSSH, Apache
DSOs, and new device drivers. He also finds comfort in an old friend, the
-"secure by default" installation.
-
-We really like Simson when he writes "But if you're trying to get the
+We really like Simson when he writes "But if you're trying to get the
most for your money or if you want a higher level of security, take a look at
-the BSDs. The rewards can be considerable." But he misses the point
+the BSDs. The rewards can be considerable." But he misses the point
about strong crypto because of the fuss over 128-bit browsers. The RSA patent
has been a more effective muzzle on innovation than the export prohibitions.
Also note OpenBSD and FreeBSD also integrate IPv6 in their current codebase.
-
In a review of FreeBSD 3.4, the author, Clifford Smith, was impressed
-enough about OpenBSD to say "OpenBSD is probably the most secure
+enough about OpenBSD to say "OpenBSD is probably the most secure
distribution out of the box because it comes with a source code that has
been given a complete security audit. It also comes with KERBEROS enabled
out of the chute, OpenSSL and ssh is part of the distro now, too. IPFilter
-works immediately. Just Brilliant."
-
Pete Loshin surveys the state of the industry in Linux and UNIX-like
security. He highlights an emerging problem, novice Linux users
who may unknowingly leave installation holes, or inadvertently create some.
The OpenBSD sidebar explains the goals and purpose of OpenBSD, and highlights
its reputation among security experts.
-
OpenBSD gets a five-star rating in this reader contributed review by
Justin Roth. It's a short glowing article that focuses on the security
of OpenBSD. The reviewer cautions however that it's only secure if
the administrator is vigilant.
-
Linux columnist Evan Leibovitch notes a small victory for open source
-when the US government recognised it as being for "the
-Public Good" in the recently relaxed cryptography export rules.
+when the US government recognised it as being for "the
+Public Good" in the recently relaxed cryptography export rules.
He quotes Theo mentioning that the RSA patent has had a far greater
chilling effect on US-based cryptography than the export prohibitions.
-
The beastie sticker from OpenBSD 2.4 was spotted on Mudge's laptop cover
in a file photo for this story about L0pht joining with corporate heavyweights.
-
Security Portal founder Jim Reavis calls OpenBSD "Linux's Linux". We're not
sure what it means, but he was making the point that public scrutiny of
source code helps security, so it must be a compliment.
-
+
-
+
Giving
-Back, Sm@rt Reseller Online, January 4, 2000
+Back, Sm@rt Reseller Online, January 4, 2000
Linux columnist Steven J. Vaughan-Nichols writes mostly about VA Linux
creating a source repository for open source projects, but there's an
-interesting quote: "Whether an open-source program runs on OpenBSD,
+interesting quote: "Whether an open-source program runs on OpenBSD,
Palm or even Windows, so long as it's an open-source program it's game
-for SourceForge." OpenBSD, soon to be a household word!
+for SourceForge." OpenBSD, soon to be a household word!
+
Columnist Peter Galvin gives a recap of LISA '99, mentioning among others
Bob Beck's paper about securing public
-access Ethernet jacks on a university campus.
OpenBSD is featured in a year-end review of Canadian Open Source projects
in
-The Computer Paper.
+The Computer Paper.
Linux columnist Gene Wilburn gets it right. Unfortunately, the article isn't on
the Computer Paper's site, but it is available at the author's site.
-
Kurt Seifried
(seifried@seifried.org), security
analyst and author of the Linux Administrators Security Guide, discusses
the effort needed to create a Linux distribution. He mentions OpenBSD's
-code audit as a reference point for securing the OS.
+code audit as a reference point for securing the OS.
+
Vlad Sedach offers a detailed look at OpenBSD, its history, security stance
and cryptography. He notes the lack of
multiprocessor support
but rates the security as best available, especially compared to NT.
-
Security Watch columnists Stuart McClure and Joel Scambray say good things
-about OpenBSD's security stance. "As you've come to expect from us,
+about OpenBSD's security stance. "As you've come to expect from us,
our faith in vendors' attention to security is waning, but OpenBSD
gives us hope. OpenBSD is a group that has done it
-right -- or at least strives to".
-
Reviewer Matt Michie narrates his experience with an FTP installation
of OpenBSD 2.5 on an aging P-133. Despite trouble with the installation he
recommends it to experienced Linux users who wish to broaden their horizons.
Then the reader feedback flames him for his trouble.
-
Mick Morgan, of the UK's Central Computer and Telecommunications Agency,
answers Slashdot readers and talks about the design of a high profile
web site like the Royal Family's. In hindsight, he would have chosen
OpenBSD for its security aspects.
-
Linux columnist Evan Leibovitch tries to make sense of the byzantine
US crypto laws and offers some alternative crypto software and
-resources including OpenBSD and OpenSSH.
Boardwatch Magazine's UNIX columnist Jeffrey Carl surveys the freenix choices
for ISPs. We debate his conclusion that security and functionality are
mutually exclusive choices. If that were the case, security conscious users
would unplug from the Net and just send faxes.
-
Kurt Seifried
(seifried@seifried.org), security
analyst and author of the Linux Administrators Security Guide,
discusses setting up an OpenBSD firewall.
-
Peter Wayner takes a closer look at some consequences of the US government's
restrictions on the export of strong cryptographic software, and finds no
small amount of irony. OpenBSD is prominently featured, along with a picture
of Theo de Raadt brandishing CD-ROMs. (No charge registration required to
-read the NY Times on the web).
Technology reporter Matthew McClearn interviewed system administrators and
security specialists in Calgary and Edmonton who choose OpenBSD for its
-stability and proactive security audit. He also gives some project history.
+stability and proactive security audit. He also gives some project history.
+
-
+
Small town in Kentucky has Internet connectivity unlike the rest of
-America, MSNBC, Sept. 29, 1999
-
+America, MSNBC, Sept. 29, 1999
+
Jethro reports on the mailing lists that MSNBC aired a segment about a small
town in Kentucky with high-speed Internet connectivity. During an interview
with the town's teenage security guru, you could read the prompt on his
terminal:
-
-Connected to spanweb.glasgow-ky.com.
- Escape character is '^]'.
-
- OpenBSD/mac68k (spanweb.glasgow-ky.com) (ttyp0)
-
-
-
+
+
+ Connected to spanweb.glasgow-ky.com.
+ Escape character is '^]'.
-
Nice high profile mention of OpenBSD by Will Rodger:
"Yet backers say the speed and transparency with which open source
@@ -716,83 +764,91 @@
operations from traditional software shops. OpenBSD -- still another
open source operating system -- is often called the most secure
operating system in the world."
-
+
-
-Even better than Linux, Boston Globe, Sept 16, 1999
-
+
+Even better than Linux, Boston Globe, Sept 16, 1999
+
Technology writer Simson L. Garfinkel confesses he prefers the BSDs better
than Linux and explains why. He writes a nice paragraph or two about OpenBSD
and its security and cryptography goals. However, reading this, you'd think
all the developers were Canadian (hint: they're not). The article has moved
to the archives, free registration required.
-
Reporter Natasha David interviews lead developer Theo de Raadt, who notes that cross-UNIX
compatibility is losing ground in the rush for Linux applications. de Raadt
was a keynote speaker at the Australian Unix User Group (AUUG) meeting in
-Melbourne.
Michael Lucas explains the broad lines of the BSD development model and
how to keep *BSD systems up-to-date with CVS. The author takes most of the
examples from FreeBSD, but he takes the time to explain differences
between the three systems. (Most of this is technology was originally
invented by the earliest OpenBSD developers, as described in a
-paper presented at Usenix).
Sean Sosik-Hamor descibes how he built up his own Internet resource provider
(IRP) and web hosting business out of available hardware and freenix
software. He chose OpenBSD exclusively for his DMZ and describes the FTP
installation.
-
The article starts off as a personal story about lead developer Theo de Raadt,
but if you read carefully, it does explain a lot about the origins and goals
of OpenBSD.
-
"CCW is very pleased to name our five Technically Excellent Canadians,
who are significantly impacting on technology both at home and
@@ -801,104 +857,127 @@
The Computer Paper (September 1999) presented this award
to Theo de Raadt for his part in OpenBSD (the sub-article is half
way down the page).
-
"The OpenBSD group, which did a line-by-line security audit of BSD
code, and now has what is widely regarded as the most secure OS
available."
-
+
+
+
June, 1999
-
+
+
+
IPsec Tech Tutorial,
-Data Communications, June 1999
+Data Communications, June 1999
"IPsec may be an open standard, but that's no guarantee that different
vendors' gear will work together. To assess interoperability, we put an even
dozen products through their paces." OpenBSD 2.4 and commercial IPsec
implementations were tested by an independent lab for interoperability
and ease in setting up tunneling gateways.
-
-In a review of this year's event subtitled "USENIX
-and Unix -- then and now", writer Vicki Brown contrasts the first
+In a review of this year's event subtitled "USENIX
+and Unix -- then and now", writer Vicki Brown contrasts the first
conference in 1979 to the recent one in Montery, California. Although it
only mentions OpenBSD in the links section below the article, it's still
an interesting read.
-
Guest columnist Brett Arquette points out that Linux isn't the only alternative
PC OS out there, then describes why hardware drivers and end user support is
crucial to popularising an OS. He mentions OpenBSD and adds a link to this
-site.
This report compares the network monitoring performance of the
NFR (Network Flight Recorder) package at
@@ -906,266 +985,306 @@
Linux, and Solaris. OpenBSD comes out as a clear winner just for raw
performance; even before you consider the superior security of OpenBSD
which you probably would want for a network-monitoring station.
-
A system administrator debunks the myth that you must use NT as a file server
when you run Windows clients. Squeezing performance out of vintage hardware and
adding in some scripts to automate the setup of new projects won management
over to OpenBSD.
-
"Finally, we'd be remiss in ignoring OpenBSD in any discussion of top
open-source security products. It registered high in our e-mail
survey, and we promise to take a more active look at it in future
columns."
-
, SunWorld, January 1999
BSD veteran Greg Lehey notes the strong loyalty of SunOS 4 users and surveys the
BSD-derived OSes available on SPARC and PC hardware. The article also comes with
-a long list of useful links (some are stale).
A two-part article by Ejovi Nuwere focusing on OpenBSD's IPSec Development.
Part one is an introduction to OpenBSD's Photurisd and its current
Implementation, including a brief interview with
Photurisd creator Neils Provos.
-
+Wired Magazine, June 1998, page 96 (paper edition only)
A half-page description of what OpenBSD is, with a strange picture
of project founder Theo de Raadt (Wired loves Photoshop).
-
A glowing four-page description of OpenBSD emphasizing its use
as a server and an OS that ships with security in the box
(the SunExpert version is in PDF but includes their own
-graphic - a cross between Superman and the BSD Daemon, which
+graphic - a cross between Superman and the BSD Daemon, which
the WebServer version in HTML does not).
-
An article describing *BSD as the choice of the "very demanding".
OpenBSD is noted for its focus on security and cryptography.
-
+
-
+
November, 1998
-
-
+
+
+
-Datateknik, Nov 20, 1998
+Datateknik, Nov 20, 1998
An article on the swedish IPSec interop event
mentions OpenBSD as one of the successful participants, and has a
mini-interview with OpenBSD developer Niklas Hallqvist.
-
Two published letters talking about OpenBSD's role in MacOS X. The first
one has some misconceptions which are corrected by the second which
explains the licensing issues and points to our
copyright policy page.
-
ASCII Corporation is launching a Japanese language magazine that covers the
freenix BSDs, BSD/OS and related subjects. The magazine will also be
translating and reprinting articles from
Daemon News, the BSD ezine.
-
A paper on open source software in the German federal government,
published by the Federal Ministry of the Interior. The paper, which
gave reference to OpenBSD among many other OSes and applications, was
-posted then retracted on "orders from above" in the ministry.
+posted then retracted on "orders from above" in the ministry.
Giving way to
the pressure and protests of the open source movement the ministry
rerelased the document after cutting out some numbers.
(the Microsoft Licence fees, btw.!)
-
OpenBSD - ma same zalety?,
OpenBSD - Nothing but advantages?, LinuxNews Serwis Informacyjny,
January 2000
-
+
Bartek Rozkrut combines an overview of OpenBSD with a review of how to
download and install the system. He mentions Theo de Raadt's "craze"
@@ -1173,19 +1292,20 @@
mails like "the problem was fixed a year ago in OpenBSD".
The author spends some time explaining the disklabel partitioning scheme and
reassuring would-be users that the no-frills installation script actually
-works even though it doesn't have a fancy point & click interface. He even
-gives typical download times from the various national ISPs.
+works even though it doesn't have a fancy point & click interface. He even
+gives typical download times from the various national ISPs. Thanks to Vadim Vygonets, Wojciech Scigala and Tenyen for their help
with the translation. For the full text, see the
advocacy@openbsd.org
mail archives. Interpretation errors are mine --louis
-