Home > OpenBSD > Securing Small Networks with OpenBSD

Securing Small Networks with OpenBSD

OpenBSD 6 Comments

“Like almost all things in life, good security costs good money. It has to be that way, because there are simply not enough skilled security specialists to look after all of the networks that need their attention. An unfortunate result of low supply and high demand is the migration of highly skilled personnel to clients who can meet their salary requirements. This leaves a lot of small and underfunded networks in the hands of less experienced administrators, who might not know how to design, configure, and monitor these networks’ safety mechanisms, leaving them vulnerable to attacks from unscrupulous people looking for inside information, free warez storage, zombie hosts for DDoS attacks, or systems they can simply destroy for fun of doing it.” Read the rest of the article at O’Reilly.

About The Author

Eugenia Loli

Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.

Follow me on Twitter @EugeniaLoli

6 Comments

  1. 2002-03-02 4:49 am
    Anonymous

    OpenBSD seems like a good choice for securing small to medium sized networks. It is an excellent OS when security is the prime focus. ipfilter is simple to configure under OpenBSD and I believe the ruleset is fairly portable.

    I am surprised there was no mention of “FreeBSD” in the article, since ipf also works under it (although I am not sure if ipf supports bridging under FreeBSD).

    http://www.freebsdforums.org

  2. 2002-03-02 9:02 am
    Anonymous

    yes ipfw supports bridging under freebsd

  3. 2002-03-02 9:18 am
    Anonymous

    I would like to try this with FreeBSD – what is the minimum requirement on RAM, futher will a 486/66 do..?!

    Further, can this be achived with a linux boot floppy as well or does the Firewall eat up to much space? There are already basic FWs included with those linux floppy routers…

  4. 2002-03-02 10:49 am
    Anonymous

    Yup, why not, and especially with a self-made kernel containing patches from <a href=”http://www.grsecurity.net/“>http://www.grsecurity.net/ you are immune against a lot a exploit-techniques as those techniques plain don’t work as they are forbidden on the kernel-level.

    Turning on all of those anti-exploit-measures is of course not suitable for desktop systems but should be feasible on a server as on my firewall.

    I guess TrustedBSD has some similar features but I’m not 100% sure what it really includes. GrSecurity if by all means the best security patch you can apply to your Linux kernel.

  5. 2002-03-02 11:16 am
    Anonymous

    Uhh.. thanks I had a good laugh… :-p

    This Grsecurity-stuff sounds absolutely interesting, only, being a n00b, I wouldn’t even know about the first key stroke…. I think I’ll have to stay with Zonealarm behind my fli4l router (www.fli4l.de).

  6. 2002-03-02 12:27 pm
    Anonymous

    Laugh about what?

    Me using “moo” as a name and mail-addy?