Re: Advanced Firewall Techniques

From: David Ziggy Lubowa (ziggy@one2net.co.ug)
Date: 07/24/02


Date: Wed, 24 Jul 2002 11:03:02 +0300 (EAT)
From: David Ziggy Lubowa <ziggy@one2net.co.ug>
To: Eric Friedrich <limited@nycap.rr.com>


ummh well unfortunately for OpenBSD it does not have the flexibility of
FreeBSD i.e the ports where you can do a port upgrade with ease , IIRC you
have to download the tarballs and install them manually , i would not go
for OpenBSD just cause it is said to be secure i would also look at the
ease of upgrading and patching any running services. As for protecting
yourself from services which have vulnerabilities all i can suggest is
that you keep updating your box and have a tight firewall which shall only
allow what is needed and block the rest.

cheers

David Ziggy Lubowa
Systems Administrator
One2net (U)
7th Floor Workers Hse
Tel: +256 41 345466
Mob: +256 77 769064
Fax: +256 41 345468
Web: www.one2net.co.ug
-----------------------------------
A Network Of People And Technology |
-----------------------------------

On Sat, 1 Jan 2000, Eric Friedrich wrote:

> I've sucessfully set up a home LAN with NAT, OpenBSD firewall, and all
> the goodies. However, I'm wondering what the next step is. As far as
> system maintenance, I know that all OS's require constant patches, but I
> have no idea what that involves as far as OpenBSD goes, is there a
> program out there which will update the system for me?
> Also, I've heard of attacks using other protocols, and such, what
> other security measures can I implement aside from only opening the
> necessary ports with PF? Is there anything to protect against non tcp
> attacks, DOS attacks and other ones I'm not mentiong? Thanks,
>
> limited
>
>
>



Relevant Pages

  • Re: OpenBSD LiveCD -- public beta
    ... ports, instead of window manager, this really help who will use the ... I can't rescue anything with KDE. ... I've said I can fix OpenBSD problems also with the cd40.iso. ... There are many Linux LiveCDs that could be used with Linux environments, ...
    (comp.unix.bsd.openbsd.misc)
  • Re: BSD Newbie - install VIM?
    ... Partway through the installation there was an error and it failed. ... which is included in the base ports infrastructure system. ... of wsconsctl(from which the OpenBSD version was derived) and see ... jose nazario, co-author, "Secure Architectures with OpenBSD" ...
    (comp.unix.bsd.openbsd.misc)
  • RE: URL and Content Filtering Proxy
    ... I found privoxy in the ports web section on OpenBSD! ... URL and Content Filtering Proxy ...
    (Security-Basics)
  • Re: Advanced Firewall Techniques
    ... I wonder where you got the idea that OpenBSD does not have a ports tree. ... I just downloaded ports via CVS and to my knowledge, ...
    (Security-Basics)
  • Re: improving security on OpenBSD
    ... OpenBSD is relatively secure from remote attacks. ... all applications, which are listening on those ports, leave just sshd. ...
    (Security-Basics)