Even though OpenBSD is tightly secured, computers running OpenBSD are still broken into. That might seem contradictory, but in truth it means that the person running the computer didn't understand computer security.
OpenBSD has many integrated security features, but people frequently assume that these features handle security for everything that can be installed on the computer. A moment's thought will show that this really isn't possible. No operating system can protect itself from the computer operator's mistakes. An OS can protect itself from problems in installed software to a limited extent, but ultimately the responsibility for security is in the hands of the administrator.
Consider a web server program running on OpenBSD. OpenBSD will provide the server with a stable, reliable platform, and will do as the server program asks, within the permissions the systems administrator has assigned to it. If the systems administrator has set up the server in a careful and correct manner, something going wrong with the web server will not endanger the operating system. If the sysadmin has integrated the web server with OpenBSD or has
to let the web server run with unrestricted privileges, the web server can inflict almost unrestricted damage to the computer software. If an intruder breaks into such a web server, they can use that integration and high permissions setting to lever their way into the operating system itself.
If such a break-in happens, is it OpenBSD's fault? Obviously not. The systems administrator is expected to follow basic security
when installing and configuring programs. No operating system can protect itself from an ignorant or careless sysadmin.
Ultimately, security is the responsibility of the systems administrator. Throughout this book, we will discuss some of the basic security precautions you should be taking when installing and running programs. We will also discuss the advanced security features OpenBSD offers in order to protect itself and help in your systems administration
So, OpenBSD has all these nifty features,
, and strengths. Where does it fit into your "computing strategy"? That ultimately depends on what your strategy is and where you need it. OpenBSD can be used
you need a solid, reliable, and secure system. I recommend OpenBSD for any of three different uses: on the desktop, as a server, or as a network management device.
If you need a powerful desktop with all the features you'd expect from a complete UNIX-like workstation, OpenBSD will do
. Desktop GUIs, office suites, web browsers, and other programs an average
likes on a computer are available. OpenBSD supports a variety of development tools, application environments, network servers, and other features needed by programmers and web developers. If you're a network administrator OpenBSD supports packet sniffers, traffic analyzers, and all the other programs you might have come to rely upon.
If you're serving web pages, handling email, providing LDAP services, or offering any
of network services to
, OpenBSD can help you. It's a cheap and reliable platform. Once it's set up, it just works. Web servers, database servers, and more all work under OpenBSD. And, of course, it's secure, which you cannot underestimate on today's Internet.
OpenBSD makes an
firewall, bridge, or traffic shaper. You can use it to support intrusion detection software, web proxies, or traffic
. The integrated PF firewall provides state-of-the-art network connection management and control and
out many dangerous types of traffic before they even reach your servers. Of course, OpenBSD can do all this as cheaply and reliably as it can do anything else.