View Single Post
  #1   (View Single Post)  
Old 11th May 2019
bsdcord bsdcord is offline
Port Guard
Join Date: Apr 2019
Posts: 23
Default What's missing in openbsd

I think that openbsd is good in perimeter defense but not much in the inner defense.
For example there are few or none papers on forensics. There are few way to check the integrity of your system. I think this is a very important step in security because if you have been hacked your don't know. If you know, you haven't been hacked (defaces are not hacking...they are just pranks) .
Thus every user should periodically make a deep check of their system. In openbsd there a script called "security" that makes some check but, imho, it's rather ridiculous. Could be good in the 80' but not today.
One other thing is missing in openbsd is a memory forensics framework like "rekall" or "volatility". Today a memory forensics software is a necessity because some malware are much easier to detect them on memory rather than on the disk (maybe they are encrypted on the disk or very hidden). But of course they must be resident in memory to run.
Tools like aide, could be useful but not with kernel rootkit. If anyone is enough skilled to hack your openbsd box, it's rather sure he will not install a userland malware.
Reply With Quote