Quote:
Originally Posted by J65nko
You first could use it a "personal" firewall in your home and you experience by yourself what the bad guys are doing in order to "get in".
|
I'm familiar with some of the techniques, taking OSCP course.
Quote:
Originally Posted by J65nko
Another good method is to rent a cheap VPS system for a month. For 10 euro a month, and often discounted to 5 for the first month you could get one at /www.transip.eu/vps/
Then install OpenBSD on the VPS and configure a webserver to host a temporary website. Secure the server with a suitable pf.conf and inspect the firewall and webserver logs. These logs will show you how the site is being bombarded with efforts and probes to get in. Then you really will understand the need for pro-active security measures
|
This is what I'll definetly do.
To summarize: I now that OpenBSD is secure out of box, and as
TronDD wrote, vulnerabilities come from unpropriate configuration of system, services.
jggimi I found interesting the talk by Theo de Raadt about management of entropy, that is kind a stuff I need in my thesis.
I started enumerating and there is so much new stuff to me, I need some time to catch it.