On Fri, 6 Dec 2002, at 7:30am, [EMAIL PROTECTED] wrote: > obsd is more secure, but "in practice" fbsd is just as good, esp for the > situation discussed.
OpenBSD's security isn't due so much to superior software (a lot of it is the same code the other BSDs, and even many Linux flavors, use), but their better approach to configuring it. They apply the principle of "deny by default" to everything. They don't enable services to run by default. Services are configured "locked down" by default. They make extensive use of things like unprivileged processes, separate user accounts for different services, and chroot jails. So, a freshly installed OpenBSD box, rather than being open to the entire universe, is completely locked down. The admin just has to open the things he or she wants, rather then plugging all the holes the vendor installed for him. Microsoft, and most Linux vendors, could stand to learn a thing or two from OpenBSD. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
