Thread: OpenBSD The insecurity of OpenBSD
View Single Post
  #6   (View Single Post)  
Old 22nd January 2010
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503

Nowadays applications are becoming the biggest security issue
From a discussion on the openbsd ports mailing list about "ethereal/wireshark" at
Originally Posted by Marc Espie
]People, wake up. Network security was enough a few years ago. It's all about
applications and secure development these days. At least if you want to
matter 5 years from now...
Just look at the Internet Explorer fiasco, both the French and German governments advise people to use another browser/application. We all have read about web servers being cracked, using flaws in the CMS. SQL injection, cross site scripting attacks, all at the applicaton level.

I myself, although I am 57, take a very radical stand. I don't think that keeping renovating the Unix/Linux/BSD building, an ACL here, a MAC there will bring us much further. I rather would see a new building, designed from the ground up with security as one of its leading design principles.

Just look at sendmail, still a design from the time when the Internet was a friendly place where scientists exchanged information. Off course sendmail could be an open relay at those times, no problem at all. Spam still was some kind of meat, and not junk you find in your trash mail folder.

Under pressure of the popularization of the internet, all kind of extra security measures had to be added to sendmail.

As a reaction you see Bernstein come up with qmail, postfix by Venema both designed with security in mind. IMHO we need architects like Bernstein and Venema but then for a new secure OS.

But just like you I still expect to use OpenBSD for a long time as network firewall and router
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote