On Wed, Feb 25, 2009 at 3:08 PM, Jean-Francois <[email protected]>wrote:
> Hi All, > > I actually built the following system : > > - OpenBSD running on a standard AMD platform > - This box is actually used as firewall > - This box is also used as webserver > - This box is finally used as local shared drives via NFS file but only > open to subnetwork through PF > > Assuming that subnetwork computers might be hacked or infected by any > threat > Assuming that there is no mistake in PF rules > Assuming that there is nothing of a third party installed on the box > (basically it's only a tuned system) > > -> Would you please confirm that hacking is almost impossible ? > -> Would you confirm any personnal datas hosted on server are safe as > long as the (subnet is not compromised by false manipulation of course) > Assuming that your system is secure, then yes, I can confirm that your system is secure. If your real question is, is a properly configured OpenBSD system likely to be somewhat more secure than other systems, most people on the OpenBSD list would probably say probably. But asking about "almost impossible" is asking to be lied to - no responsible security expert would make such a claim. Impossible for whom? The NSA? What are the stakes? If you're talking about Osama's web server, then I expect it would be hacked. The best you can hope for is a high degree of confidence relative to other possible solutions. -gregg
