* Jussi Peltola <pe...@pelzi.net> [2008-12-11 20:52]: > On Thu, Dec 11, 2008 at 10:30:50AM -0800, Jeff_1981 wrote: > > Dear All, > > > > Please can you indicate me how to run Windows or Linux under OpenBSD ? > > Under Linux for example there is possibility to virtualize another OS. > > If the other OS is hacked from the web does it compromizes the security of > > OpenBSD ? > > Who cares; if your service gets hacked, it doesn't help to keep the > underlying OS clean, your service is still compromised.
if you run $random_crap_third_party_service on openbsd which is vulnerable there is still a good chance the security measures openbsd applies prevent successfull exploitation. it cannot be 100%, of course. > This list seems > to generally not recommend virtualization if security is important, and > is especially critical of any claim that virtualization is going to > improve (and not reduce) security, since it is a new, not-too-well-known > and complex technology. virtualization at its current state of the art (art? hah.) assuredly reduces security. actually, "reduces" is not a strong enough word, it is way worse. > > Another question is if I run a server under OpenBSD is this impossible to > > hack it from the web ? impossible is impossible. > > The standard install of OpenBSD has no security holes anymore the standard install of -current OpenBSD never had known exploitable holes for prolonged timeframes. the very few short timeframes can of course suffice for exploitation, and there might be issues we were or even are not aware of. > > if I > > understand, does this mean noone can hack it from the web ? what about an > > OpenBSD on which wa have activated one or more services, like mail server / > > web server and file sharing for within network (if used as NAS / server as > > example ? > Nobody has claimed OpenBSD has no security holes; it is quite possible > (almost certain) there are some that have not been found yet. it is far from "almost certain". nobody can give guarantees of course, and that is important to keep in mind. > Enabling services will, of course, make you more vulnerable. _potentially_ more vulnerable. > The OpenBSD > base services are well audited and should be secure, but nobody > guarantees they have no holes, and certainly nobody will claim it is > "un-hackable". There may be holes in OpenBSD or the software you run on > it, and if you use "kitty" for a root password there is nothing OpenBSD > can do to help you. yup. > That said, OpenBSD base services are extremely secure, compared to the > competition, when properly configured and patched. Note that no security > audits are done to software in the ports tree; you're on your own with > 3rd party software. many thing from ports are patched or otherwise modified for security reasons, and many things are deliberately NOT in ports due to security considerations. nontheless there is truth in your above statement; averaged things from ports are not on the same level as openbsd. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
