SECURITY : OPENBSD VS FREEBSD

This blog post by

openBSDOpenBSD and FreeBSD are both great OS that I admire and use. OpenBSD is considered more secure since it is its main goal, but FreeBSD can be tweaked to be pretty well hardened as well. Depending on the forums or to who we ask, we will have different opinions. But what are the facts? Which OS is more secure and why?

I am not asking the question about which one is globally better, as “better” has a different meaning depending on the context and the needs (ISP routers, datafreebsd-logo-largebase servers, home gateway, desktop system, storage server or appliance, etc…). On some enterprises doing a major OS upgrade every 6 months or every year is doable, on others, it’s not possible at all. Also, it depends if one needs performance for streaming (Netflix), or if security is a top priority for a redondant firewall. Everyone needs is different, and both OS are highly useful.

If we strictly focus on security, how FreeBSD compares to OpenBSD security wise? In what follows, we will dig into memory protection, system and network security features, and default “out of the box” security. The purpose is to give unbiased facts, to compare point by point both OS. I am not trying to find the “best” OS and discredit the other, I love and use both :-) Let us try to find out the integrated security features of both OS, the visit continues below!

Check out the full comparison here – http://networkfilter.blogspot.com/2014/12/security-openbsd-vs-freebsd.html

Linux vs FreeBSD – a comprehensive comparison

bsdnixIn this article by the Brio Team, Linux and FreeBSD are compared in terms of its developers, security, licensing, and compatibility with hardware and software. The author also explains which one may be a better fit for a specific user. In addition, it discusses the UNIX element of each kernel.

For most users, the difference between Linux and FreeBSD is not something significant, as the two operating systems frequently share even the same applications. Both of these Operating Systems are UNIX like, in their form and function; while they are developed mainly for non-commercial interests. However, on taking a closer look one can uncover more differences between the two.

Check out the full article here: http://brioteam.com/linux-versus-freebsd-comprehensive-comparison

PC-BSD vs. Ubuntu

PC-BSD Logoubuntu_logo_black-orangeThis article by Make Tech Easier discusses the pros and cons of both PC-BSD and Ubuntu as an open-source desktop operating system. The two operating systems are compared by the ease of use as a desktop, starting with the installation process, desktop environment, and ending with application support and installation.

To read the full article with graphics, check out the following link: http://www.maketecheasier.com/pc-bsd-vs-ubuntu/

FreeBSD or CentOS

FreeBSD or CentOS? FreeBSD or Linux, that is the question.

Well, the answer is: “It depends on what you need the operating system for and what your hardware requirements are”.

What I like about members of the FreeBSD community, they generally acknowledge that their is no perfect operating system and that Linux has some strong points over FreeBSD, and the other way round. Discussions about differences between FreeBSD and Linux are often level headed and based on facts, though not everything is always measurable (sometimes something just feels….)

A good example is a recent discussion (CentOS vs FreeBSD) on the FreeBSD Forums about whether one should use FreeBSD as server or CentOS, a Linux distribution entirely derived entirely from Red Hat Enterprise Linux (RHEL).

Some of the strong points in favours of FreeBSD mentioned in the discussion are:

  • Learning UNIX basics
  • Better on older hardware (low overhead)
  • Stable and secure
  • ZFS Snapshots
  • FreeBSD Jails
  • Better memory footprint
  • Preferred for VPS (RootBSD is a leading hoster FreeBSD VPS’s)
  • Can run some Linux apps faster than on Linux itself
  • Better control over software (ports)
  • Updates and upgrades without ending up reinstalling
  • Good documentation
  • etc

Strong points for  CentOS:

  • Experience handy as there are more CentOS related jobs
  • Security updates are easier
  • Beefier hardware preferred
  • Faster install and update times
  • Slow package patch processes
  • No compiling from source (FreeBSD has pkg though)
  • Better hardware support
  • etc

Note, these features were mentioned in thread, you may have different views. Please don’t start a flame here ;-)

Benchmarks: FreeBSD, Oracle Linux, UFS and ZFS

Some love benchmarks, others hate them, especially when ‘apples’ are compare with ‘pears’, when Linux is benchmarked against FreeBSD.

For what it’s worth there are some new benchmarks on openbenchmarking.org:

When looking at the FreeBSD vs Oracle Linux benchmarks, keep in mind that both operating systems are quite different kernels, FreeBSD 9 is an RC and that it’s easy to tweak some settings in FreeBSD to make it a lot faster.

 

 

FreeBSD or Debian Linux? FreeBSD or Linux?

This is an often asked question in newsgroups and forums. The reason for this, is that there is no easy answer. If a straight forward answer could be given, it could have been found on Wikipedia. The fact is, that it is not a yes-or-no-answer question.

Often you will see this ‘political’ answer “It depends”. It depends how you’re planning to use the operating system (desktop, server) and where (home, data center, server room, embedded etc).

Both Linux and FreeBSD have their strong and weak points, but overall, they can do almost anything you ask it to do, but when one wants an answer to the question “FreeBSD or (Debian) Linux?” one needs to find an answer to the following questions first to see which operating system suits one’s needs best:

1) Is your current hardware supported? If the purchase of new hardware is planned, is it supported by either/both?

2) Which operating system is supported by the third party commercial applications vendors that you use? If it is not supported, is there an acceptable equivalent available for the operating system your preference goes out to?

3) Are your current networking hardware (and appliances) supported by the O/S?

4) Are any new third party system management and monitoring tools required? If so, are they supported by the “new” OS?

5) Is  your storage hardware and servers supported by your preferred O/S? think of Network Attached Storage, SAN’s RAID, Fibre Channel over Ethernet (FCoE).

5) Is the IT department capable of maintaining (and further developing) the new system, or is there a need to hire new staff? Or, can you get consulting services and/or third party support for your operating system?

There are plenty more questions that can be asked before deciding whether it’s Linux or FreeBSD that fits your needs best.

Have you been in a (work / home) situation where you had to make the choice? It would be nice to find out about your experience. Please share via the comments.

FreeBSD quick news and links (04/08/2010)

PC-BSD Blog

Dru Lavigne has joined the PC-BSD team this month. The first thing she did, was setting up another blog: the PC-BSD Blog. She already posts BSD related posts on it.toolbox.com: A year in the life of  a BSD guru.

A new *BSD Planet Website

Edward launched AboutBSD recently as a new *BSD blogs agregating website. It won’t be a copy of blogs.freebsdish.org or news.bsdplanet.net, but it will also have some background info on the different BSD systems.

As for the goal for AboutBSD, I want to turn it into a planet website that aggregates how BSD system admins use BSD. So that new users or system admins can learn that BSD is flexible, powerful, and provides all the freedom one needs to deploy services on BSD.

FreeBSD/Linux Benchmarking (Phoronix)

PC-BSD Review: Strike that: now I’m a PC-BSD!

The review finishes with:

I would have no hesitation in recommending PC-BSD for desktop use. It has definitely been the best install experience for a desktop system I have had. It seems exactly tailored for someone like me, a developer in an office where we have tried to be operating-system-neutral as much as possible: most of our programmers do run PCs but we have weaned ourselves off any PC-only applications long ago (apart from specialist applications). As I mentioned in the previous blog, it is a smooth and pretty OS, and feels solid.

Whole review here

ZFS v15 imported into FreeBSD (head)

As announced before, ZFS v15 was successfuly imported into FreeBSD! For a time there was an option of importing just v15 or proceeding directly to v16 but the community has decided to first import the older version for reasons of stability and compatibility with Solaris 10 Update 8. (via)

Millions of home routers at risk.

According to new research delivered today here at the Black Hat security conference, millions of home routers may have a serious security flaw.

In his presentation at Black Hat, security researcher Craig Heffner detailed how an external attacker could gain full control of a user’s router and use that to gain access to the internal local area network (LAN). Though the implications are ominous, Heffner, also detailed a variety of steps users can take to protect themselves.

You should use pfSense instead:

Heffner also called on router vendors to build in DNS Rebinding mitigations into their routers directly.

“The only router software that I know of that does this now is pfSense

(Whole article here:  Millions of home routers at risk)

Foremay ships world’s largest 2TB SSD

This 2TB SSD should work on FreeBSD:

Foremay has introduced a 1TB 2.5? SATA solid-state drive alongside the industry-leading 2TB 3.5? SATA SSD, as the company expects to see an increased demand in SSD products for the enterprise.

The EC188 M-series model-V includes 200 MB/s read/write speeds, and can be used in the enterprise and workstation PCs.

Ideally, enterprise users will be able to utilize the EC188 M-series model-V, as it includes support for Microsoft Windows, Mac, several versions of Linux, OpenSolaris, Solaris, FreeBSD, HP-UX, Unix, and other operating systems…. Continues

Stopping SSH Brute Force attacks with PF on FreeBSD

Most people know that port 22 is used for SSH communication and due to this common knowledge, you get people using scripts to test for weak passwords. If you look into your /var/log/auth.log and you see tons of fails/errors from users not on your system or from invalid passwords for root, it means you have people trying to break into your system. Truthfully, anyone that puts a system online with port 22 open will see this happen to them.  It’s quite common and not direct attack against you, just scripts looking for IPs with port 22 open.

Now it goes without saying that you should make sure you have a strong password that take use of numbers, upper and low case letters and symbols. Doing this will go along way in preventing someone from breaking into your system. You should also ensure that people can’t remotely log in as root by making sure that you have ‘PermitRootLogin’ set to ‘no’ in your /etc/ssh/sshd_config file. This will ensure that no mater how many passwords they try for root they will never be able to log in.

Now you could just set your SSH server to run on a different port or have your firewall redirect a different port from the outside to the system, but what’s the fun in that when you can use a great tool like PF.

Read the whole howto: Stopping SSH Brute Force attacks with PF on FreeBSD

A Deadly Linux/UNIX Command in Action (Video)

The short and simple “rm -rf /” command is DISASTROUS.