DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 25th May 2008
OzarkOsage OzarkOsage is offline
New User
 
Join Date: May 2008
Posts: 3
Default Need Some Help Please

Need Some Help Please

--------------------------------------------------------------------------------

Hello,

I found this Forum and Open BSD through a Ubuntu list.

Here's my question, although this is a very long story, I'll try to keep it short.

Like a lot of people, I started out on Windows (1999-2000), and I ended up using an I Mac G-5 with Tiger 10.4 OS on it too.

OK, I've had a hacker after me for FIVE YEARS, if you wanna know the whole story, you can write me a personal message, and I'll tell you the story.

Suffice it to say, that this hacker is really good at what he does, maybe a 9 or a 10, on a scale of 1 to 10.

He's killed off EIGHT of our Windows PC's, and one Mac (although it took him nine months to figure just how to hack a Mac though).

Then a friend convinced me to try Ubuntu OS 7.4, which I messed around with some, but then I heard last night, that Open BSD is the MOST SECURE Linux Operating System that one can install.

That it's harder to hack then Ubuntu OS, or even a MacIntosh.

All the Mac Fan boys brag that "Mac's CAN'T BE HACKED", but I have hard core proof that they CAN BE.

And I'm sure that all of you have heard of the 'Pwn to Own' hacking contest, in BC, a couple of months ago.

I'm a TOTAL newbie at Linux, and I'm fascinated with Ubuntu, but I know now that it's NOT as secure as Open BSD OS.

Is this all TRUE?

Secondly, I want to buy the best computer that I can buy to put Open BSD OS on, and I had thought of buying THIS computer that's manufactured with Ubuntu already on it:

http://system76.com/product_info.ph...&products_id=82

System 76 computers are MADE for Linux OS. Ingenious.

I've also thought of buying another Mac, cause they are built tough too, but if it was YOU, and your main computer needs were:

1. Listening to internet radio with it.

2. Burning music CD's with it.

3. Writing to several online forums like this one.

4. Browsing internet photos of the Southwest, where I used to live.

5. And goofing around at You Tube a lot.

These are the things that we do with a computer, will Open BSD OS do all of THIS?

We've spent upwards of $5000.00 fighting this hacker, and literally lost 8 COMPUTERS to him.

So, obviously, our MAIN NEED is SECURITY, that's what brings me to this list.

I really NEED your help.

I'm rather slow technically, and I'm a total newbie at Linux as I said, although I got down how to operate a Mac in about 9 months time.

So, if you write back to me, could you please not use technical computer language that I might NOT understand. Thank you.

Secondly, I found THIS book at Amazon.com:

http://www.amazon.com/Absolute-Open...=pd_sim_b_img_1

Do you think that a total Linux newbie might be able to understand it?

Thirdly, if YOU were going to buy a TOUGH computer, that's well made, and could handle a fight, and run Open BSD OS, what kind of computer would YOU buy?

Besides internet security, THIS might be the most important question that I have.

The Ubuntu folks say that Ubuntu is really secure too, but it was *they* who told me that Open BSD OS is the *MOST secure Linux OS* that is made!

I know that I've asked a lot of questions here, especially for a newbie, I hope not too many!

Thanks so much for your help! we really appreciate it!

Ozark Osage
Reply With Quote
  #2   (View Single Post)  
Old 25th May 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

OpenBSD is not Linux, BSD is not Linux..
Reply With Quote
  #3   (View Single Post)  
Old 25th May 2008
OzarkOsage OzarkOsage is offline
New User
 
Join Date: May 2008
Posts: 3
Default Mistakes Corrected

Hello,

I found this Forum and Open BSD through a Ubuntu list.

Here's my question, although this is a very long story, I'll try to keep it short.

Like a lot of people, I started out on Windows (1999-2000), and I ended up using an I Mac G-5 with Tiger 10.4 OS on it too.

OK, I've had a hacker after me for FIVE YEARS, if you wanna know the whole story, you can write me a personal message, and I'll tell you the story.

Suffice it to say, that this hacker is really good at what he does, maybe a 9 or a 10, on a scale of 1 to 10.

He's killed off EIGHT of our Windows PC's, and one Mac (although it took him nine months to figure just how to hack a Mac though).

Then a friend convinced me to try Ubuntu OS 7.4, which I messed around with some, but then I heard last night, that Open BSD is the MOST SECURE Unix Operating System that one can install.

That it's harder to hack then Ubuntu OS, or even a MacIntosh.

All the Mac Fan boys brag that "Mac's CAN'T BE HACKED", but I have hard core proof that they CAN BE.

And I'm sure that all of you have heard of the 'Pwn to Own' hacking contest, in BC, a couple of months ago.

I'm a TOTAL newbie at Linux/Unix, and I'm fascinated with Ubuntu, but I know now that it's NOT as secure as Open BSD Unix OS.

Is this all TRUE?

Secondly, I want to buy the best computer that I can buy to put Open BSD OS on, and I had thought of buying THIS computer that's manufactured with Ubuntu already on it:

http://system76.com/product_info.ph...&products_id=82

System 76 computers are MADE for Ubuntu OS. Ingenious.

I've also thought of buying another Mac, cause they are built tough too, but if it was YOU, and your main computer needs were:

1. Listening to internet radio with it.

2. Burning music CD's with it.

3. Writing to several online forums like this one.

4. Browsing internet photos of the Southwest, where I used to live.

5. And goofing around at You Tube a lot.

These are the things that we do with a computer, will Open BSD Unix OS do all of THIS?

We've spent upwards of $5000.00 fighting this hacker, and literally lost 8 COMPUTERS to him.

So, obviously, our MAIN NEED is SECURITY, that's what brings me to this list.

I really NEED your help.

I'm rather slow technically, and I'm a total newbie at Unix as I said, although I got down how to operate a Mac in about 9 months time.

So, if you write back to me, could you please not use technical computer language that I might NOT understand. Thank you.

Secondly, I found THIS book at Amazon.com:

http://www.amazon.com/Absolute-Open...=pd_sim_b_img_1

Do you think that a total Unix newbie might be able to understand it?

Thirdly, if YOU were going to buy a TOUGH computer, that's well made, and could handle a fight, and run Open BSD OS, what kind of computer would YOU buy?

Besides internet security, THIS might be the most important question that I have.

The Ubuntu folks say that Ubuntu is really secure too, but it was *they* who told me that Open BSD OS is the *MOST secure Unix OS* that is made!

I know that I've asked a lot of questions here, especially for a newbie, I hope not too many!

Thanks so much for your help! we really appreciate it!

All Linux mistakes changed to Unix......I'm really sorry, and really embarrassed too!

Thanks for pointing out that Unix is NOT Linux, as I said, I'm really NEW at all of this, and I mean't no harm, really.

Ozark Osage

Last edited by OzarkOsage; 25th May 2008 at 05:13 AM. Reason: mistakes
Reply With Quote
  #4   (View Single Post)  
Old 25th May 2008
OzarkOsage OzarkOsage is offline
New User
 
Join Date: May 2008
Posts: 3
Default Moderator(s) Please Read

Generally speaking, do you guys practise extreme censorship here, as they seem to at Ubuntu Forums?

I personally find censorship abhorrent, and it goes completely against the whole 'Open Source' way of life!

Ozark Osage
Reply With Quote
  #5   (View Single Post)  
Old 25th May 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Absolute OpenBSD is perhaps the best overview of OpenBSD for those new to the operating system. Note that you can also buy a PDF version of the same book at No Starch Press' Website.

As BSDfan666 has already mentioned, OpenBSD is not Linux, & there are stark differences between the directions of both projects & their communities.

You message identified a number of desktop-like activities that you want to do on whatever system you set up. Note that OpenBSD primarily has a server background, & while it can be used as a desktop (I do...), it will take time on your part to learn & configure the system, & desktop.
  • Note that OpenBSD doesn't fixate on Flash support, however I can view many YouTube videos through gnash found in the packages/ports system.
  • Likewise, 3D acceleration found on a number of video cards is not currently supported.
What OpenBSD excels at is security & stability. Most other operating systems cannot match it in these areas.

So if you are wanting a desktop environment full of bells & whistles, OpenBSD may be able to meet your needs, but you will need to put in time learning & studying in order to meet your goal. If you are wanting more of a pre-configured out-of-the-box type solution. you may want to look at PC-BSD or DesktopBSD which are both derived from FreeBSD.
Reply With Quote
  #6   (View Single Post)  
Old 25th May 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by OzarkOsage View Post
Generally speaking, do you guys practise extreme censorship here, as they seem to at Ubuntu Forums?
I don't know anything about how Ubuntu forums function, but here the core issue isn't censorship. It is simply that conversation split across multiple threads is hard enough for those involved to follow & even harder for those who later try to piece together the information contained.

It saves a lot of duplication & confusion. That's all.

Last edited by ocicat; 25th May 2008 at 07:46 AM.
Reply With Quote
  #7   (View Single Post)  
Old 25th May 2008
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Before you purchase anything, it would be wise if you took the time to peruse the official FAQ which contains a wealth of information pertaining OpenBSD:

http://openbsd.org/faq/index.html

Most general configuration issues are mentioned there, however, Absolute OpenBSD will provide more background information & perspective.
Reply With Quote
  #8   (View Single Post)  
Old 25th May 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

If using OpenBSD, I'd probably kiss YouTube goodbye without a bit of 'kicking about' -> never tried flash7 on OpenBSD but doubt it is much more pleasant then any system running flash.

Most youtube videos I've been sent can be downloaded as flv or mp4 and played locally, such as via MPlayer.


You could say PC-BSD is almost to FreeBSD what Ubuntu is to Debian, in terms of the ease of out of box desktop'ing the OS.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #9   (View Single Post)  
Old 25th May 2008
coyolxauhqui coyolxauhqui is offline
New User
 
Join Date: May 2008
Posts: 3
Default

OpenBSD is secured mainly because lot's of options (most of them useless in everyday use) are not activated by default.
Of course any wrong configuration can make a system unsecure, even the OpenBSD systems.
Yet, if you don't mess too much with the configuration files, OpenBSD is a must have if you have security concern, but as a desktop you'll have some sacrifices to make.
A good option is to have a small box running OpenBSD as a router-firewall-proxy-honeypot-lotsofthings in front of your connexion, and that way you can have any computer you like behind it (but of course keep that computer secure from any virus or trojan, and forget the wifi).
If you have problems with a craker (hacker has a different meaning to me), call the police.
The book of PF is a must read too

Last edited by coyolxauhqui; 25th May 2008 at 08:08 AM.
Reply With Quote
Old 25th May 2008
bienc bienc is offline
New User
 
Join Date: Apr 2008
Location: Brisbane, Australia
Posts: 8
Default

Quote:
Originally Posted by OzarkOsage View Post
Need Some Help Please
Alright, to get started, I'll admit that you have a considerable uphill battle coming from Windows to OpenBSD with only a little(?) Linux experience.

But it's well worth it. Here are some great places for you to start your reading. Be aware you will need to be doing quite a lot of it to run OpenBSD in the ways you want coming straight from the Windows way of doing things.

The official OpenBSD FAQ:
http://www.openbsd.org/faq/index.html

BSD for Linux users:
http://www.over-yonder.net/~fullermd...bsd4linux1.php

OpenBSD for beginners:
http://www.openbsd101.com/

That final site has a great detailed intro on getting, installing, configuring and securing OpenBSD. You should be reading those and following those sorts of guides to get hands-on experience. Be prepared to stuff up a bunch of installs and break things. In fact, I'd encourage that, it's often the best way to learn.

Quote:
I heard last night, that Open BSD is the MOST SECURE Linux Operating System that one can install.
OK, as mentioned, BSD is not Linux and Linux is not BSD. You'll need to check the link above "BSD for Linux users" to start to understand the differences between them.

Quote:
that it's NOT as secure as Open BSD OS.

Is this all TRUE?
Granted, OpenBSD is often regarded as the most secure operating system out there, but that doesn't mean it's impossible to "hack".

OpenBSD is designed and written with security in mind, fom the ground up. You can check out the project's goals and security concepts here:

http://www.openbsd.org/goals.html
http://www.openbsd.org/security.html

By now you should be getting the feeling that OpenBSD is pretty well documented. And you'd be right. It is.

Quote:
Secondly, I want to buy the best computer that I can buy to put Open BSD OS on...
Again, the hardware that OpenBSD runs on is well documented. A little look around the website gives:

http://www.openbsd.org/plat.html

You probably want i386 or amd64, so click those and you'll see the supported hardware. No real recommendations here sorry.

Quote:
if it was YOU, and your main computer needs were:

Open BSD OS do all of THIS?
All of the answers as to whether the tasks you've listed are possible are in either the official home page, the FAQ or elsewhere. Again, you're going to need to hunt a lot of this down one by one and play with it until you get it right. But yes, what you've listed is possible. Opera does Flash on YouTube just fine under Linux emulation. I've had mixed success with gnash.

The available software for OpenBSD comes from ports or packages. You can find all the software available to be installed from ports here:

http://openports.se/

And you'll find that a heap of open-source projects/packages that run on Linux will also run on OpenBSD. Read the FAQ to understand ports/packages, how to install them, etc........... it's all there written waiting for you!

Quote:
Do you think that a total Linux newbie might be able to understand it?
I've read it and it's a good book, but in order to make such a dramatic change of operating systems and mindsets to UNIX land, and even to understand most of that book, you will need a basic grounding in UNIX and how it does things. Again, you can find all this for free on Google.

Again, I can't really make further hardware recommendations over what the link I gave you earlier says.

Also, don't be disheartened by all this. It's a steep learning curve ahead of you, but you'll be rewarded in turn by a simply fantastic operating system.

It's up to you how dedicated and keen you are. Read, play, break, read, break, fix.
Reply With Quote
Old 25th May 2008
corey_james corey_james is offline
Uber Geek
 
Join Date: Apr 2008
Location: Brisbane, Australia
Posts: 238
Default

Quote:
"It's up to you how dedicated and keen you are. Read, play, break, read, break, fix."
+1 man ... good suggestion
__________________
"No, that's wrong, Cartman. But don't worry, there are no stupid answers, just stupid people." -- Mr. Garrison

Forum Netiquette
Reply With Quote
Old 25th May 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

More than saying BSD is not Linux, I'd say, it's not Ubuntu. That's not a crack at Ubuntu. Their aims are different. Their stated number one bug is that Windows is more popular, so they aim at changing that.

The biggest difference that you'll find, I think, is that rather than using GUI (graphical) methods of configuration, you'll be editing text files. OpenBSD is known for being very well documented, and much of that documentation is easy to understand, even for a newcomer. For instance, in installation, you'll have to manually partition your disk with what seems an intimidating amount of typing text. However, once you do it once or twice, it becomes quite logical. The instructions on that are VERY clearly written.
The book you mention is also very good, and Mr. Lucas tends to explain things well, even for newcomers. However, as has been said several times, don't neglect the OpenBSD faqs, they are also written very clearly. Some of programs aren't that simple, such as pf, but they are well explained. (Also, there are various guides to pf around that explain it in simpler terms.)

As for these forums, having been around Ubuntu forums from time to time, I'm not sure of what you mean by being overly moderated. That's a huge and busy forum, and so the moderators may have to keep a tighter rein than our excellent moderators do. However, from what I've seen of those forums, there is very little cause for complaint.

Most of the time, the complaints I've seen, from both Ubuntu and another very busy, but well-moderated forum, Fedora's, come from people who are aggravating everyone else.

One difference between these forums and Ubuntu's also stems from the different objectives. Since Ubuntu considers Windows dominance of the desktop to be their number one bug, their forums will show great tolerance for newcomers. We also welcome newcomers, but are a bit more demanding of them. For example, a question showing that you haven't even looked at easily available documentation may be ignored, or, at best, answered with a terse statement that you should check the OpenBSD faq and come back and ask if there's something you don't understand.

On the other hand, I've never seen anyone flamed for saying they read a man page and it's over their head. One difference you will find between some forms of Linux and the BSDs is that in general, the BSD (and this includes all of them) seem to take more pride in writing clear documentation, whereas many (though not all ) Linux man pages seems to be written by a coder with the attitude of, "I wrote the darn program, now I have to document it too? Oh, alright, let them use this."
In fairness, many distributions, including Ubuntu, provide their own, quite good documentation.

Like Corey_James, I want to my add my support to Bienc's statement. It should probably be a slogan. It will be a lot of a work and require a lot of studying to attain what you want with an OpenBSD desktop, but if the bug bites you, you'll enjoy it (sometimes).
Reply With Quote
Old 25th May 2008
tuck's Avatar
tuck tuck is offline
Shell Scout
 
Join Date: May 2008
Posts: 99
Default

OzarkOsage:
As coyolxauhqui mentioned before, don't waste your money to bring this cracker to his knees. Call the police that's it. They _are_ responsible for such things.

Btw. don't spend money on a shiny new pc if you just want to surf the web and listen to music. Get an old PC with hardware that's supported by OpenBSD (if you really want to use OpenBSD). A PC that's supported by Linux doesn't guarantees that OpenBSD supports all the chips in it.
Reply With Quote
Old 25th May 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

A little level-setting is in order. "Security" is an overused word, meaningless without context. In your case, you are interested in one context only:

The Internet and attempts to break into your computers:

The easiest way to protect your computers from the evil people of the Internet is to not give them direct access to them. The way most accomplish this, worldwide, is the same:
Place your computers on a private network, and carefully control access from and to the Internet for your private network.
This controlled access to and from your private network is done through something called a firewall. Note that this is not firewall software running on a workstation, this is a computer on your private network that manages and controls traffic being sent in and out, between the Internet and your computers.

There are many types of firewalls, with many different types of capabilities. For example: you could acquire a device called a "Small Office / Home Office" (SOHO) router from your local office supply store which has some firewall capability, as well as providing some level of small network infrastructure. Depending on how your connectivity to the Internet is configured, and your use of the Internet, this may suffice.

OpenBSD is widely used in network management: it has advanced firewall and routing capabilities that turn-key solutions such as the simple SOHO routers I mentioned do not. But you may not need or desire such features, and the management and administration of such features require technical knowledge and understanding of network protocols and their use by your applications, which it seems you do not yet have.
Reply With Quote
Old 25th May 2008
WeakSauceIII WeakSauceIII is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default

my 2 cents...

I have a small amount of security knowledge. security requires order, making order from chaos requires energy. Without effort all order will eventually return to chaos. You have to put the time into securing your system on a continuous basis. Even if you were to make it secure today, if you did nothing to update it for a year it would most likely become insecure as new exploits were found and new tools created. Using a complex new OS that you do not fully understand will probably make you less secure. OBSD has advanced firewall features but will you use them? Insecure protocols can be tunneled over SSH and IPSEC can be setup, but will you do that? You should really call the authorities or someone with security knowledge to help you or you'll probably wind up in the same boat. As bad as windows is it is possible to keep attackers out and catch them when they get in. I'm curious, what do you mean you 'lost' computers to him?
Reply With Quote
Old 25th May 2008
WeakSauceIII WeakSauceIII is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default

something to ponder. If you have a dynamic IP from your ISP (if you don't know then you almost definitely have a dynamic IP as static IPS cost extra) that means your IP changes every few months. Your IP is like your computers phone number so the question is how is this hacker finding out what your IP is? I assume you are not hosting a website. What I'm getting at, and this has been my experience with people I have known that had chronic pc security/spyware type issues is that you are going out and getting the 'hack'.
I knew a person that described the same symptoms, it turned out they liked a specific program that was spyware with a backdoor trojan installed. No matter how many times they reinstalled and changed OSes the first thing they did was download that program and started the cycle all over again.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:17 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick