If you’ve done research looking for a highly secure operating system, Open BSD probably made your list. As the OpenBSD Project’s home page points out, the OS has had “Only two remote holes in the default install, in a heck of a long time!” In fact, some security professionals believe the Unix-like OS, which evolved from AT&T Unix through the Berkeley Software Distribution (BSD), may be the most secure OS of its type.
Joseph Wolff, founder and CTO of eRacks Systems, which has provided OpenBSD firewalls, laptops, system installs, and consulting since 1999, explains, “OpenBSD was and is written from the ground up, with a security-first mindset and goal — making security the first priority. The core OS and core packages are also security-audited, as well.” He says OpenBSD features a minimal attack surface, including minimal installed packages in the default installation and as few open ports as possible.
OpenBSD also integrates security technology suited to building firewalls and private network services. Wolff says, “eRacks installs OpenBSD by default on all firewall products and recommends OpenBSD for all hosts where security is a priority, such as firewalls, DNS servers, and any other bastion hosts connected directly to the open internet.”
Additional Benefits of OpenBSD
The OpenBSD project lists numerous other benefits to users, including:
- Support for a variety of hardware platforms
- Unix-like OS available in source and binary forms
- Ongoing development that integrates emerging technologies
- Designed to minimize the need for customization
- Free of charge
Additionally, OpenBSD is distributed with several third-party products, including:
- X.org, open source implementation of the X Window System
- LLVM/Clang, a language front end and tooling infrastructure for the C language family.
- GCC, the GNU compiler collection
- Perl programming language
- NSD DNS name server and Unbound caching DNS resolver
- Ncurses library of free software emulation curses in System V Release 4.0
- Binutils binary tools collection
- gdb, the GNU project debugger
The OpenBSD project community also points out that if you have used Unix, OpenBSD will feel familiar to you.
Wolff adds that the OpenBSD Project is also responsible for several widely used tools. “The most well-known is OpenSSH — arguably the backbone of the Internet — is written and maintained by the OpenBSD team,” Wolff says. OpenSSH, the connectivity tool for remote login with the SSH protocol, encrypts traffic, provides secure tunneling capabilities, and several configuration and authentication options.
He says other tools, which are available to other operating systems including Linux, Unix — and even Windows — include:
- OpenBGPD: a free implementation of the Border Gateway Protocol, v.4 that allows ordinary machines to be used as a router
- OpenNTPD: a free Network Time Protocol that syncs the local clock to remote NTP servers and can act as an NTP server itself
- OpenSMTPD: a free implementation of the server-side SMTP, allowing machines to exchange emails.
- LibreSSL: a version of TLS/crypto stack that helps modernize the code base and apply best development practices to improve security.
- mandoc: a tool suite that compiles mdoc, the commonly used roff macro language for BSD manual pages and man, the historical language for Unix manuals.
The OpenBSD Community
Wolff adds that OpenBSD has an active community, and resources, such as OpenBSD Journal, are available. You can also join mailing lists — including developer lists — where you can connect with users who can answer your questions — and maybe where you can help another user find answers as well.
The OpenBSD Foundation, which provides funding for OpenBSD and related projects, welcomes new supporters to donate funds and equipment, as well as their time and skills, to help continue their work.