Re: Novice asks "OpenBSD best firewall?"

[Times Enemy <times () krr org>]

Greetings.

If this appears to be a flame, i have miscommunicated, and i apologize.

From the SmoothWall website:
"SmoothWall Express is an open source firewall distribution based on the 
GNU/Linux operating system. Linux is the ideal choice for security 
systems; it is well proven, secure, highly configurable and freely††† 
available as open source code. SmoothWall includes a hardened subset of 
the GNU/Linux operating system, so there is no separate OS to install. 
Designed for ease of use, SmoothWall is configured via a web-based GUI, 
and requires absolutely no knowledge of Linux to install or use."

I am not so sure this is enough to set OBSD aside, as was done.  I have 
not met many people who can say that OBSD is *not* a secure OS. 
Actually, i am unable to think of anyone ever telling me this.  What do 
you know that others don't?

SmoothWall seems to be a nice product.  I have not used it, yet.  It is 
based on a Linux ("hardened") kernel, so you will still want to watch 
for new vulnerabilities as they are published and patched.  This would 
go for any solution you choose, the difference being a little more 
peace-of-mind with OBSD.  :: shrugs ::

Tim, OpenBSD is an awesome OS that is secure by default.  OpenBSD is 
often recognized as the most secure OS available.  It installs, by 
default with little overhead, which allows you to customize it as a 
firewall with little effort.  I highly suggest going this route.

*IF* you are unfamiliar with linux or BSD, and you are not willing to 
spend a few brain processes on this, then OpenBSD may not be the best 
solution for you.  I personally am not familiar with many of the boxed 
applications that can be purchased, so cannot attest to their integrity. 
 However, you did take the time to post to the list, and to post about 
a nice solution, so you are probably more capable than most of figuring 
out what you must, regarding OBSD's crisp firewall (and more) capabilities.

Good luck!

FYI, if you are ordering an OBSD CD, they were taking a couple weeks 
when i ordered my most recent set, so you may want to order sooner 
rather than later.  ;)  Or you could do a network install ...

http://www.openbsd.org/

http://www.openbsd.org/faq/faq6.html

http://www.openbsd.org/faq/pf/index.html



ciao
.times enemy


Greg Tracy wrote:

> Hi,
>
> OpenBSD is an operating system, not a firewall. It's known for being
> particularly secure, but opinions vary... ;) If you're interested in running
> Linux or going open source, check out Smoothwall:
>
> http://www.smoothwall.org/
>
> Greg
>
>
> > From: Tim McGuigan <timst4 () hotmail com>
> > Date: 14 Jun 2004 18:37:53 -0000
> > To: security-basics () securityfocus com
> > Subject: Novice asks "OpenBSD best firewall?"
> >
> >
> >
> > Hi I am putting together a network in a large house/dormitory.  I am going to
> > be running some internet apps.  Is OpenBSD the best option to use for a
> > firewall?  Is there any purchaseable firewall software that I can buy that
> > works
> > well and will save time (I'm also not footing the bill for this, so price
> > isn't
> > as much of a factor)?  McAfee Firewall seems so gumby, but I'm not sure about
> > OpenBSD.
> >
> > Thanks for any help in advance.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------