I am new to Unix based operating systems, however, I am fully aware of the vulnerabilities, holes/exploits, bugs and Windows systems have, they have so many holes that any real virus/worm/back-door and open ports can be used to not only wipe them out, but to also gain all types of personal information can be dug up and your phone number and complete street address can be dug up through a simple IP sniffer, let alone the most advanced hacking techniques. I am not sure if all that personal data can be dug up through a COX Internet Cable dynamic IP, but it probably is just as vulnerable to being traced and everything.

Linux is far superior to Windows when it is configured properly. Because Red Hat is inferior (I was told) I have been looking into SuSe 7.3 lately. It is the latest SuSe operating system. I look at SuSe because it seems to have a lot of tools included with it. Such as PGP mail and a built in virus scanner for email viruses. It also has Konqueror that can be used as a browser. It is well known that Netscape and Internet Explorer are full of bugs and possible exploits along with the annoyance and stuffing history, active x and cache on the disk, which is privacy, concern.

However, when I ask in chats, people say OpenBSD is the best operating system for those who want maximum security. I do want maximum security against all those multiple attacks that people constantly fall victim to on the Internet. Ranging from icmp/syn-flood/DoS and port scans done by robots/web-crawlers that hackers/governments/target telemarketers use to gather logs to later identify, stalk and target to IP spoofing techniques and other scans to break into your PC and/or use your PC to attack others and attempts to gain remote access. Is SuSe not the right operating system to get if you want safety from such attacks?

I also used IRC before until I shortly after using it found out all someone on it has to do to get your domain/ISP name and IP address is do a whois on your nick name. And it is infested with veteran hackers who often try to hack systems for no apparent reason. And bans/kills/auto-kills are far too common on IRC. Some dumb scrubs set their ChanServ to ban people for no apparent reason and when I go to cyber angels to get help, the Cyber Angels in it will actually threaten and unjustly ban you or even try to hack you if they do not like you or you anger them by just showing some views that do not coincide with their own.

So those scrubs turned out to be of no help in giving security advice. I think they want people to be vulnerable. I had to go dig information up on my own on the net through online guides and other chats. It took like a month. However, there are a lot of good uses for IRC chats. You can talk about almost anything on it in real time. Is there some kind of security tools for SuSe or OpenBSD that can be used to mask your domain and IP on IRC so if they try to whois they are in a desert if they wanted to target you and so they cannot permanently ban you or try to take you to court with some other coward's legal excuse? It is a free country I live in so I should be able to go on there without all this kind of crap.

I would appreciate any help you can give me. Thank you.

whoever told you all that crap about windows not being secure is a lying bastard. windows is a veritable fortress of an operating system, unlike the swiss cheese style security of *nix systems.

oh, wait... :D

I have read enough to know Windows is a house of wood 10 ten times over.

Unix Shell is something that can be used to hide your IP on IRC and change your domain when you want making bans impossible I heard but I know little about it or where to get it.

Not exactly sure what you are looking for, but have you had a look at the Security NHF's (http://www.linuxnewbie.org/nhf/intel/security/index.html).

Okay...about OpenBSD - yeah, it is pretty damn secure. However, it is no more secure than what you can make any other *nix installation.

The things to remeber:

1.) When you first install, be cautious. Do not install every daemon, server, and gadget that you think may be "an interesting thing to look at" because you could easily be opening some hole on your system.

2.) Get a book on security - the one I recommend (and, yes, I know it is old - but the same rules still generally apply) is Maximum Linux Security. Very good. Follow their guidlines. Some items may not apply due to the fact that the author also wrote the book for those running a webserver or a server base for a company...but...you can find some useful items there.

3.) Read. Read a lot about security. And, then, practice what you read.


I know 2 and 3 kind of coencide...but...reading is really very important.

And, you can really set up any system to be secure. The trick is staying on top of security updates, and making sure you don't have anything on your system that you don't really need. (Networking applications especially.)


Dark Ninja

The bottom line is, the security of your system depends on your system administrator's knowledge of security and his alertness to new security holes and fixes.

It doesn't matter whether you're running Linux or OpenBSD. If you don't customize the system and keep alert for security holes, your box is going to be as vulnerable as Windows. A well configured Linux system can be as solidly secure as OpenBSD. The benefit you get with OpenBSD is that the default install is already secure. Plus since it's developed in Canada, encryption restrictions don't apply.

Can OpenBSD be configured to be even more secure? I heard IPtables is bad on packet filtering and the Kernels seem to have easy exploits so its security is in great question. If OpenBSD does is not usable with PortSentry, Tripwire and snort, what defense does it have against virsus programs and remote access attempts all such other threats?

No encryption limits sound good though.

If you want to install OpenBSD on Windows 2000, do you have to delete Windows or can you safely partition it? Is VMWare also usable on OpenBSD? I do want maxiumum security, however, I do not want to loose functionality either.

[ 23 October 2001: Message edited by: Henrique Aliva ]

OPENBSD i really don't know, but one think i do know, if you computer is connected to the internet he is already vunerble, i use suse 6.3 i shutdown all the deamons that i didn't needed close may doors as possible, and use ipchains firewall(not compleat yeat,still building), my system could be well configured,im not sure, but i know that he is not secure. My advice is this, yes chose a secure system, even it doesn't seem you can make it secure, security is what we do not what is made, so chose a system you like, that you feel confident, and that it serve your needs, don't stick with a system that you don't like because you think he is more secure, that's rubish, there is no secure system, only those who are unplugged form internet. I hope that i made a diference.
Hasta

[ 23 October 2001: Message edited by: m3rlin ]

Originally posted by Henrique Aliva:
<STRONG>Can OpenBSD be configured to be even more secure? I heard IPtables is bad on packet filtering and the Kernels seem to have easy exploits so its security is in great question. If OpenBSD does is not usable with PortSentry, Tripwire and snort, what defense does it have against virsus programs and remote access attempts all such other threats?

No encryption limits sound good though.

If you want to install OpenBSD on Windows 2000, do you have to delete Windows or can you safely partition it? Is VMWare also usable on OpenBSD? I do not maxiumum security but do not want to loose functionality either.</STRONG>

The thing is, openbsd has the least amount of security exploits discovered because the entire openbsd codebase has been audited for security flaws, in comparison with other OS's. However, we're talking about a desktop system here, and openbsd is very much a server-class OS. I would suggest going with suse, as you were thinking, it's easy to install, and easy to use (my dad managed to get it running with zero linux experience). However, be cautious.

Be sure that you don't run anything that you don't know the purpose of. This means doing two things:
- in a terminal window, type "ps ax" and find out what everything does, and remove it if you don't need it (including mailserver and so on).
- in /etc/inetd.conf or /etc/xinetd.conf comment away everything you don't need
- Type "netstat -a --inet" in a terminal window, and look in the Local Address column. Find out what anything listening on the external ip or on "*" does, and remove it if you don't need it. This overlaps with the "ps ax" thing. But this will, instead of giving you a listing of all apps running, give you a listing of all apps listening on the network.

Do not depend on firewalls. It's like depending on your airbags to save you when you don't wear seatbelts. Airbags are good, but they must be used in addition to seatbelts if you really want to be safe.

And the most important thing is ofcourse to keep your system up to date.

Linux has it's security exploits, just like windows. The advantage is that in linux it's harder for a virus to infect the whole system, because normally you run everything as a regular user, which limits damage to just your own home directory, where your personal stuff is kept. Obviously, if you're the only user of the system, that's just as much of a problem as losing the entire system. But open source does help in making sure apps don't have outlook-style problems with security, where hole upon hole upon hole is discovered.

If I may advise you. I know it's not something I'm supposed to advise, but if it's just for the lack of security in windows that you're switching to linux, then I would reconsider. Linux has a steep learning curve, and you will lose functionality (most of it not really necessary, but that's another matter). Try it out on a seaprate partition, see if you like it. But you can make your windows system secure enough. Just don't run MS internet apps (no explorer, no outlook, no messenger, no iis) and you're already halfway there. On top of that, turn off smb file sharing. And keep up to date with windows update (and any other security fixes not found there). I ran windows for years on a cable link without any security problems. It's just what you run that matters.

Maybe in the end you'd be better off building a small firewall box and running freesco or one of the other minimal linux systems on it as a small masquerading firewall, which allows traffic from inside to outside, but not the other way around.

As far as the last questions you asked. Yes, you can install any partiion alongside of windows, but windows has to be installed first (which is not a problem in your case). Ask a separate question here for that if you can't find out how to do it. And I don't think vmware runs on openbsd, but I'm not sure of it.

There are projects out there that prevent a lot of security holes in the kernel. Check out http://www.openwall.com for instance. You get a kernel patch that adds additional security to your system. Like I said, if you want a good system, you need to keep it up to date, and you need to customize it. The default kernel is provided so that 95% of Linux users can run it on their hardware after installation. After that, it needs to be trimmed for maximum efficiency.

Vmware does not appear to be usable on OpenBSD. I looked on the site. So how does one use any Windows applications on OpenBSD? If you can use Windows application on SuSe with Vmware and even directx, there should be something for OpenBSD.

Is Unix Shell and IRCII usable on OpenBSD? I will not use IRC without a shell because there they do not have any business knowing my IP/ISP name.

SuSe has a lot of tools. It has anti-virus built in for email and PGP built in. Does this mean they just provide more security tools than OpenBSD or the SuSe system is much more vulnerable so it relies on tools?

Konqueror is a internet browser for unix systems and probably has less bugs than Netscape making it safer to use. Hopefully it can be used on OpenBSD.

I have a large computer. A Windows 2000 with Pentium 4 2.0GHz, 512MB PC800 RDRAM, 60GB 7200 rpm hard drive, nVIDIA GeForce 3 in it. So OpenBSD should not be too much of a resource hog.

If you after reading all this, still are paranoid about the level of security in *nix/bsd (or OS's in general), throw out all your computers and start using pen and paper.

Cheers :D