|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
what are your best practices to ensure privacy ?
Hi !
what are your best privacy-keeping practices in OpenBSD? * when surfing the www * when using ftp * when emailing please share and help us -beginners- learn from you .. :-) |
|
|||
Hi jgimmi ! and thanks for directives .. yes your assumption is right ..
your second question is challenging .. privacy is self-defined as far as a newbie is concerned .. keeping one's transmitted/received data (mail/http/ftp) private to oneself .. maybe I'm too dumb to think into this some other way deeper .. examples can help .. for instance listing some good practices or a pocket of tools that harden privacy or limit privacy-threatening risks .. Last edited by daemonfowl; 2nd April 2012 at 07:20 PM. |
|
||||
Privacy:
These must be defined differently because the applications are entirely different in their privacy implications: One at a time:
Email: Personally, I use mutt for my Email client (Mail User Agent) on OpenBSD. I used to use GnuPG or some similar encryption tool, but I never encrypted any outgoing Email, and no longer use it with Mutt. I don't send or receive private information in Email. (Links to secure applications, with authentication/authorization steps, are the most common way to transfer private information via Internet Email for me these days.) These days, my work is non-technical and I have a great deal of Email that must remain private between parties. These Emails do not transit the Internet directly. They go intra-company on secure networks or inter-company via VPN. OpenBSD is not used in MUA or MTA; my customer has chosen proprietary solutions.--- FTP: Due to plaintext authentication, I only use FTP configured for anonymous FTP for public file transfers of read/only files. As an example, the ISO images for my live media are transferred via FTP. For integrity, authentication, authorization, and privacy of data in transit, I use OpenSSH for file transfers, using either sftp(1) or scp(1) as appropriate. The former is "ftp command compatible" and the latter is easy to script. At one time I had a need to use FTP for file transfers from a machine incapable of using OpenSSH. (It was a Windows machine where neither Putty nor Cygwin were able to be downloaded and executed.) For this one, singular use case, I set up a userid on OpenBSD with S/Key authentication, for use with FTP. Using S/Key, authentication of the Windows FTP client was conducted with a one-time-pad of passphrases. For more info, see skey(1) and login.conf(5), and their SEE ALSO collection.--- Web Browsing: This is such a large can-of-worms, it could easily have its own thread, even its own subforum. I'll bet there are forums out there dedicated to discussing browsing privacy, since it is ever evolving. I'll leave it to others. --- Your defined scope is limited to a subset of OpenBSD environments where these three applications may be involved. There are a wide variety of environments you are not considering. On the client side, for example:
|
|
|||
@demonfowl
Another way to look at your question is that the base OpenBSD installation includes lynx, ftp and mail all of which have been through rigorous code reviews. These applications in part draw their security by being minimalistic. In lynx, you have to accept every cookie and do not have to worry about viruses embedded in flash or other pictorial content. The base mail client can be made to work (sendmail/fetchmail and other transfer agents) but you will not see images/html content. You can increase your security by using the base applications and encrypting as much content as you have time for. Last edited by shep; 2nd April 2012 at 07:56 PM. Reason: grammer |
|
|||
Jgimmi, thank you so much for taking the time and effort to post back .. I know the question is too general and is a subject of many threads .. but your post is very helpful to me at this stage ..
I'm concerned about how OpenBSD can be better used as a worksation with all security features minus server-specific features that may somehow encumber the OS .. I believe OpenBSD is neither bloated nor blobbish but just how can it be hardened for a workstation by disabling unneeded features and enabling others .. right choices .. for daily usage .. Shep , thank you ! I do .. lately I replaced sendmail with smtpd .. |
|
||||
Quote:
The applications you mentioned communicate outside your workstation. Therefore, you must consider the applications themselves. Ask questions such as:
OpenBSD may be able to provide "features" to help you manage network communication; and it may be able to provide "features" to help you manage built in applications or applications you elect to install and run. It cannot protect you from yourself. "IT Security" is not a product you install. It is an active process, and requires consideration of many aspects of your technology implementation choices. "Privacy" is not granted merely by having a secure workstation. Both require a great deal of thought. It is good that you ask questions. But now you need to begin asking the right questions, starting with obtaining an understanding of the applications you elect to run. How they work, how they communicate, how privacy can or can not be obtained, what security implications the use of these applications have for YOU. These are not BSD questions, and you should not have BSD questions until you are ready to configure one of these applications for use, after having a grasp of how they operate on the network. |
|
|||
Hi jgimmi !
I must thank you for your interesting directions and helpful notes and I've learnt much from your posts and Ocicat's .. since I'm still at odds with some concepts, some of my questions would sound ridiculous (because vague or irrelevent or badly phrased ..) .. I've been thinking that by knowing the experts daily practices I would start using the OS correctly and avoid unlearning bad habits later .. Quote:
The story goes : I advocated OpenBSD to a friend of mine who knows nothing much about computer science & engineering .. but he was informed that OpenBSD proudly carries the "Security first" motto .. so how can I materialize this to him ? by providing examples pertaining to{www-ftp-mail} .. (I helped with the first steps as installing,setting network,desktop setting, etc) but soon he started asking : what does OpenBSD offer than Mandiva doesn't ? (he once used Mandriva and loved the gui !!) I answered : security,cryptography,filesystem tidiness,audited software .. when he asked me further about secure practices, I came here .. :-) .. |
|
||||
Quote:
When you run a networked application, it is your responsibility to determine the capabilities of the application, and its limitations, and then its applicability to your needs. In some instances, there may be features of secure networking technologies that might permit you to use an otherwise insecure application in a secure manner. Before you can make that determination, you must understand the application. Quote:
------ I will once more repeat what I wrote above in an earlier post, and expand a bit. This is not specific to networked applications, but it is apropos: IT Security is not a product. IT Security is not a program. You cannot install Security. Security is a continual PROCESS, which involves the active participation of the OS administrator, the network architect, and the user. |
|
|||
Quote:
|
|
||||
@daemonfowl
I have to say this no matter how silly it might look, but I really enjoy your posts and so is the reply's you get as a matter of fact it makes a great reference for feature readings. Greetings
__________________
If 386BSD had been available when I started on Linux, Linux would probably never had happened." --Linus Torvald |
|
|||
Hi qmemo ! thanks !!
I know there is a few light years epistemic/cognitive distance between me and most of the folk here .. but I refuse to stop using/learning OpenBSD just because I'm a slow learner .. as I refuse to stop trying to shorten that epistemic distance ., maybe by 2013 I'll have stepped upward enough to consider asking smart & precise questions .. until then .. I go on trying to make this Daemon Journey (not a mere errand) enjoyable .. ( That guy was intimidated by cli & the {cli=hard} stereotype .. when I shew him how to install OpenBSD .. he felt released from cli-phobia .. then when he learnt in a few easy steps how to set gnome .. he got disillusioned and felt eager to learn more about the new OS .. I guess he learnt a new definition of 'user-friendliness' .. which totally disrupted the old one .. :-) .. ) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Does bridging reinforce privacy? | daemonfowl | OpenBSD Security | 8 | 1st April 2012 12:32 PM |
EFF concerned over AIM privacy | J65nko | News | 0 | 4th January 2012 06:14 PM |
Disaster recovery best practices | RandomSF | FreeBSD General | 8 | 7th December 2010 06:41 AM |
German Government Minister's Letter to Facebook about it's new privacy policy | J65nko | News | 0 | 5th April 2010 10:26 PM |