DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Question What is security for average joe?

Hi,
My question revolves around what is security like for an average user like me and other people around the world

Let me introduce myself (my background with the OSs generally) since we don't know one another just to save time

I've been a windows user since 1995, I used to run most of my games from DOS so I'm familiar with boring black and white screens with many lines! Haha

I also used to play around with files of windows and stuff like that; for example, I tracked down every single file of a program called : system file checker on win me. Copied them and ran it on a win98 and made it scan the system with results on my friend’s computer, (btw I’m not saying that I’m genius or anything I’m just saying that I was a young kid who didn’t settle with clicking and right clicking!) anyways, he was an engineer, he liked what I did and told me about this thing called linux. “it imitates windows” he said. (of course he just wanted to simplify things for me ) I said ok, let me see. With qemu emulator and etc...

I liked it. So I searched, and found Ubuntu. But I didn’t stop there. I had more free time; so I tried xubuntu, kubuntu, lubuntu much earlier before, Now I just ran mint. But I’m not an expert with the shell and the terminal commands and such (yet! )

And finally I have downloaded like almost literally a dozen of isos and files of many distros of linux and BSDs to check out and settle on a specific one to take for a looong journey (haven’t install BSDs yet, but that’s another issue than my questions)

I also understand the BSD is somehow different than Linux, with the tools of the repositories and such.

Quote from wiki:

“FreeBSD is a complete operating system. The kernel, device drivers, and all of the userland utilities, such as the shell, are held in the same source code revision tracking tree. (This is in contrast to Linux distributions, for which the kernel, userland utilities, and applications are developed separately, and then packaged together in various ways by others.) Third-party application software may be installed using various software installation systems, the two most common being source installation and package installation, both of which use the FreeBSD Ports system.”

I understand the concept of the same source, but know actual/technical knowledge about it. All I’m saying is (and please don’t be offended by direct approach English is not my native tongue) I have a small idea about these “stuff”. I’m no techie here. But I plan to be.

So, now for the discussion I’m hoping I have:

Even after all this long introduction, I’m still an average joe. So I just want to understand what will the famous OpenBSD “security” will do to me as an average user (well, maybe if I liked/understood it, I might be not only an average user but an average user who’s willing to be a programmer someday)

You know, I read a lot about privacy online and security and programming languages, but, I still can’t put my finger on what is this “security” everyone is talking about.

Let’s talk practically here (giving practical examples that I need explanation/guidance for):

For example: (and sorry if I sounded so rookie to you guys, but people like me do exist! )

What about Firefox addons:

I actually use:

Noscript – Disconnect – Disconnect facebook – Disconnect Twitter – Disconnect google – DoNotTrack me – Adblock Plus – HTTPS Everywhere from the eff.org guys – and even: Google Analytics Opt-out Browser Add-on 0.9.6 (after some average-joe persistent search on the subject!)

I read things on prism-break.org

And I read somewhere on the internet that Addons reveal your ID or something other than that...(Maybe on a TOR-related article)

So,



1- Are these things what we’re talking about here? Just some Pre-set safety gadgets/features in OpenBSD?

Or

2- Is this “security” thingy related to the coding/programming programmy stuff that pros do on the system itself? (if it is, then it will be of course a whole different thing now)

(Again and again, I apologize if my imagination sounds childish or trivial to you guys. Well, I have to reasons for that: the first is that I’m doing this on purpose, because I really want to spread the message of the freedom of software and the tools with-which people can use to better their lives. I’m a total believer and want to learn, even if I sounded brashly annoying (sorry!). I could be the missing link between the pros and the amateurs here. I really wanna preach on the whole thing with the open-source software programming and the security/privacy thing. Think of me as that annoying/curious student who really wants to learn So encourage me, don’t scold me. I’m well intentioned and I like this programming world! I hope I can be part of it someday.
And the second reason why I sound childish and brash, is my vocabulary of English. It’s not much. So I tend to use simpler words.
And I ask you (please) to use simpler language (without cultural metaphors and stuff). Not baby language but just a simple/clear one.

I mean the best answer for me would be:

“Yes, “security” is what you said in number 2” or “Yes, It’s closer to number 1”

Peace out, people!

Last edited by HusseinMoussa; 17th April 2014 at 10:45 PM. Reason: changing the formatting
Reply With Quote
  #2   (View Single Post)  
Old 17th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Default

Could someone from the moderation move this topic to OpenBSD. Please? Sorry I wanted it to be in the OpenBSD section. Thanks in advance

Last edited by J65nko; 17th April 2014 at 07:28 PM. Reason: Per request moved to OpenBSD section ;)
Reply With Quote
  #3   (View Single Post)  
Old 17th April 2014
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

You might want to read this:
http://www.openbsd.org/goals.html

I guess based on your incorrect binary view of "security" the answer you're looking for is something akin to "Yes, "security" is what you said in number 2."

Please refrain from the colors and the obnoxious formatting in the future. It's unproductive and makes people not want to answer an otherwise thoughtful and useful question.

Last edited by ibara; 17th April 2014 at 09:02 PM. Reason: Soften.
Reply With Quote
  #4   (View Single Post)  
Old 17th April 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Hello, and welcome!

The "TL;DR" answer is 2.

Security is not a program or add on plugin that you install. Security is not an application you run. Security is not an OS that you use. Security is a process. It does not have a beginning, nor does it have an end.

The OpenBSD Project has a focus on security for the OS and the "built-in" applications and utilites. The majority of that focus comes through careful, deliberate software development practices, and continual proactive audits of the code base. According to the Project, security features of the OS are:
  • Full disclosure of any discovered security problems
  • Continuous auditing of the delivered code
  • Deploying new technologies that improve security or simplify security management
  • "Secure by default" installation configurations
  • Integrated cryptography
Third party applications are not audited; however they may benefit from the security technologies that were developed for OpenBSD, such as memory protection and privilege separation technologies.
Reply With Quote
  #5   (View Single Post)  
Old 17th April 2014
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 408
Default

Hi and welcome on-board.

Quote:
Originally Posted by HusseinMoussa View Post
sorry if I sounded so rookie to you guys, but people like me do exist!
So You're hacking at the right place : there's a lot of skilled guys here, ready to help noobs like You & Me


Quote:
Originally Posted by ibara View Post
Please refrain from the colors and the obnoxious formatting in the future. It's unproductive and makes people not want to answer an otherwise thoughtful and useful question.
I agree : "Don't do anything that affects anything. Unless it turns out that you were supposed to do it; in which case, for the love of God, don't not do it !" (Hubert Farnsworth, Roswell that ends well.)
__________________
ThinkPad W500 P8700 6GB HD3650 - faultry
ThinkStation P700 2x2620v3 32GB 1050ti 3xSSD 1xHDD
Reply With Quote
  #6   (View Single Post)  
Old 17th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Default

Quote:
Originally Posted by ibara View Post
You might want to read this:
(My membership is still new, Not allowed to add links. I had to replace the link with this sentence)

I guess based on your incorrect binary view of "security" the answer you're looking for is something akin to "Yes, "security" is what you said in number 2."

Please refrain from the colors and the obnoxious formatting in the future. It's unproductive and makes people not want to answer an otherwise thoughtful and useful question.
Thanks for the link
Reply With Quote
  #7   (View Single Post)  
Old 17th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Default

Quote:
Originally Posted by jggimi View Post
Hello, and welcome!

The "TL;DR" answer is 2.

Security is not a program or add on plugin that you install. Security is not an application you run. Security is not an OS that you use. Security is a process. It does not have a beginning, nor does it have an end.

The OpenBSD Project has a focus on security for the OS and the "built-in" applications and utilites. The majority of that focus comes through careful, deliberate software development practices, and continual proactive audits of the code base. (new membership, can't post links in my posts), security features of the OS are:
  • Full disclosure of any discovered security problems
  • Continuous auditing of the delivered code
  • Deploying new technologies that improve security or simplify security management
  • "Secure by default" installation configurations
  • Integrated cryptography
Third party applications are not audited; however they may benefit from the security technologies that were developed for OpenBSD, such as memory protection and privilege separation technologies.
Great, thanks

Do you think there's some kind of a website that offers a course to understand OpenBSD better for users like me or something similar like a free ebook library that has sources to learn about it?

And another question, regarding the security field, What type of programming languages should I start with?
Reply With Quote
  #8   (View Single Post)  
Old 17th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Default

Quote:
Originally Posted by LeFrettchen View Post
Hi and welcome on-board.

So You're hacking at the right place : there's a lot of skilled guys here, ready to help noobs like You & Me



I agree : "Don't do anything that affects anything. Unless it turns out that you were supposed to do it; in which case, for the love of God, don't not do it !" (Hubert Farnsworth, Roswell that ends well.)
haha I guess you're right. If they're not here, where will they be!?!? haha

And yeah; I changed the formatting it anyway
Reply With Quote
  #9   (View Single Post)  
Old 18th April 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by HusseinMoussa View Post
Do you think there's some kind of a website that offers a course to understand OpenBSD better for users like me or something similar like a free ebook library that has sources to learn about it?
There are a few unofficial websites devoted to OpenBSD education, but I cannot recommend them. We're unofficial, too. The majority of us are just users of one or more of the BSD family of OSes, each with a variety of skills and experience.

Most of the OpenBSD "How-to" documents you find from unofficial sources on the Internet are out of date, incorrect, or incomplete. Most. If you use any -- including those you find here on this site -- please keep that in mind and use them with caution, knowing this.

The OpenBSD FAQ is the only official "How-to" documentation. It contains tutorials which supplement the excellent man pages, and is constantly maintained to align with the most up to date release.

Michael W. Lucas has written an excellent book, Absolute OpenBSD, which I frequently recommend. It is not free, but is well worth the investment. Michael writes for an audience with widely varying degrees of skill and experience, and his book is helpful to the newbie as well as to those with years of experience.

Edited to add: The OpenBSD Journal is a news and tutorial site managed by Project members. Tutorials are juried, and accurate at the time of publication.
Quote:
And another question, regarding the security field, What type of programming languages should I start with?
As with systems, where there is no product that equals "security", the choice of programming language doesn't suddenly make applications secure, either. If you are interested in learning about code quality, you might look for a copy of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Dowd, McDonald, and Schuh. The OpenBSD Project recommends it, among others. Amazon sells it, and you may be able to find it elsewhere.

Last edited by jggimi; 18th April 2014 at 01:02 AM. Reason: clarity, addition of Journal and its link.
Reply With Quote
Old 18th April 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by HusseinMoussa View Post
Do you think there's some kind of a website that offers a course to understand OpenBSD better for users like me or something similar like a free ebook library that has sources to learn about it?
As a newcomer, the best use of your time now is to learn how to effectively use Unix. While developing proficiency, also begin learning:
  • man(1) to read the manpages installed with a complete base installation. Reading & understanding the afterboot(8) manpage is essential for newbies.
  • As mentioned by others, reading the project's FAQ document is the best overview of the latest official release. Books such as:...can help provide more complete information. Both of these books are in their second editions.
Other tools & topics such as mail, packet filtering, & Web servers will come in time. First learn how to use & administer a basic system.
Quote:
And another question, regarding the security field, What type of programming languages should I start with?
There isn't a single language used, & I would not recommend getting too fixated on programming languages. Much of the primary concerns of security is to understand what an application is to do, & verifying that the code fulfills this need. Recognize that it can take years to effectively learn to program well. We can help recommend directions as your knowledge grows & your questions become more focused.

Asking questions is encouraged. Learning how to ask questions after performing some preliminary research is both recommended & essential to growing your skills.

Last edited by ocicat; 18th April 2014 at 04:49 AM. Reason: clarity
Reply With Quote
Old 19th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Default

Quote:
Originally Posted by jggimi View Post
There are a few unofficial websites devoted to OpenBSD education, but I cannot recommend them. We're unofficial, too. The majority of us are just users of one or more of the BSD family of OSes, each with a variety of skills and experience.

Most of the OpenBSD "How-to" documents you find from unofficial sources on the Internet are out of date, incorrect, or incomplete. Most. If you use any -- including those you find here on this site -- please keep that in mind and use them with caution, knowing this.

The OpenBSD FAQ is the only official "How-to" documentation. It contains tutorials which supplement the excellent man pages, and is constantly maintained to align with the most up to date release.

Michael W. Lucas has written an excellent book, Absolute OpenBSD, which I frequently recommend. It is not free, but is well worth the investment. Michael writes for an audience with widely varying degrees of skill and experience, and his book is helpful to the newbie as well as to those with years of experience.

Edited to add: The OpenBSD Journal is a news and tutorial site managed by Project members. Tutorials are juried, and accurate at the time of publication.As with systems, where there is no product that equals "security", the choice of programming language doesn't suddenly make applications secure, either. If you are interested in learning about code quality, you might look for a copy of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Dowd, McDonald, and Schuh. The OpenBSD Project recommends it, among others. Amazon sells it, and you may be able to find it elsewhere.
Great! thanks a lot

I guess I'll be reading all the OpenBSD's Website then! haha. I've received many feedbacks to go back to the website itself. I think I should start there. plus the recommendations you've given me.

Thanks a million!
Reply With Quote
Old 19th April 2014
HusseinMoussa's Avatar
HusseinMoussa HusseinMoussa is offline
Real Name: Hussein Moussa
New User
 
Join Date: Apr 2014
Location: Cairo, Egypt
Posts: 7
Smile

Quote:
Originally Posted by ocicat View Post
As a newcomer, the best use of your time now is to learn how to effectively use Unix. While developing proficiency, also begin learning:
  • man(1) to read the manpages installed with a complete base installation. Reading & understanding the afterboot(8) manpage is essential for newbies.
  • As mentioned by others, reading the project's FAQ document is the best overview of the latest official release. Books such as:...can help provide more complete information. Both of these books are in their second editions.
Other tools & topics such as mail, packet filtering, & Web servers will come in time. First learn how to use & administer a basic system.

There isn't a single language used, & I would not recommend getting too fixated on programming languages. Much of the primary concerns of security is to understand what an application is to do, & verifying that the code fulfills this need. Recognize that it can take years to effectively learn to program well. We can help recommend directions as your knowledge grows & your questions become more focused.

Asking questions is encouraged. Learning how to ask questions after performing some preliminary research is both recommended & essential to growing your skills.

This is so much helpful to me

You're right I need to do more research on the issue

I think I can handle reading haha

Thanks guys for all the info, advice, & guidance. It really improved my insight on the matter now

I'll be on my way to start learning!
Reply With Quote
Old 19th April 2014
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Cool another reference

Welcome!

Try also reading "SSH Mastery" by Michael W. Lucas
(Tilted Windmill Press)
This book will give you some insight into SSH usuage and configuration.

The book will illustrate how-to set up and use server and host
keys to improve that security you were asking about. This is a
prime example of a feature of "OpenBSD" that enhances its
security and usefulness. (with cryptology)
Note: As mentioned by others, you may improve
your security further by utilizing Pf.conf, i.e. OpenBSD packet
filtering in conjunction with SSH. Take a look at their man pages
and their config files. (i.e. etc/ssh_config etc/sshd_config and
/etc/pf.conf

If your appreciate security and correctness then OpenBSD is the place.
Enjoy!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:08 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick