[NCLUG] Network configuration

J. Paul Reed preed at sigkill.com
Thu Oct 26 00:27:16 MDT 2000


On 26 Oct 2000 at 00:15:10, Quent modified my mailspool to say:

> You can build a decent, secure environment with Linux just as well
> as you can with OpenBSD. It's just that "out of the box" OpenBSD
> boots up in a pretty secure state.

I think it's a mistake to say this.

While you're correct that OpenBSD *does* boot up more secure than, say
RHAT, as soon as you start using it, if you don't know what you're doing,
then it really doesn't matter.

Case in point: someone was port scanning me via their cable modem on my
cable modem segment the other night; so, I returned the favor, and found
out they were running OpenBSD. BUT, because they had misconfigured Apache,
I had their home telephone number/address and personal email addy within
about five minutes of poking around on their "secure" OpenBSD box.

So, don't fall into that panacea.

BTW, someone mentioned BSD's dynamic firewall rules, which open/close TCP
stuff when you open a connection... I've heard that the 2.4 kernel supports
this... that's what one of the presentations is on for SYM.

Later,
Paul
  -----------------------------------------------------------------------
  J. Paul Reed                 preed at sigkill.com || web.sigkill.com/preed
  We're living in a world that's blowing itself to hell as fast as every-
  one can arrange it.       -- First Sgt. Edward Welsh, The Thin Red Line



More information about the NCLUG mailing list