PhxBUG - Phoenix BSD User Group

Project home page: http://www.openbsd.org/

Community portal: OpenBSD Journal — http://www.undeadly.org/

First release: OpenBSD 1.2 / July, 1996

What distinguishes OpenBSD

Unparalleled focus on security

OpenBSD is renowned in many circles as the most security-conscious operating system available. From the beginning, the OpenBSD project has led the pack in integrating security into the base operating system and striving to enable security features without requiring user interaction to implement them. OpenBSD recognized long before many other operating system projects that an operating system which shipped with as few unneeded services enabled as possible carried less danger of being compromised. The OpenBSD project also developed and released under a BSD license the OpenSSH application suite, which was included with their operating system and enabled secure remote management of the system. Today, OpenSSH is used by nearly all open source Unix variants and a number of commercial OS vendors as well. Additionally, the OpenBSD project has proactively audited various parts of the base operating system, looking for potential code problems and repairing them before they turn into real vulnerabilities. For these and other reasons, they have earned the moniker Secure by default.

For more information on OpenBSD's security goals, innovations, and advisories take a look at http://www.openbsd.org/security.html.

Strong multiplatform architecture support

OpenBSD benefits from its early roots as a NetBSD fork and previously, 4.4 BSD-Lite, in terms of support for multiple hardware platforms. The 2.0 release saw support for the i386, amiga, sparc, mvme68k, and arc processor architectures. Since then, ports for amiga and arc are gone, but many others have been added, including alpha, amd64, cats, hp300, luna88k, mac68k, macppc, mvme88k, sgi, sparc64, vax, and zaurus.

Excels in networking applications

OpenBSD has been a very popular choice for networking specialists and developers of networking applications because of its wide protocol support and focus on security. Many users turn to OpenBSD for use in:

• Firewalls: The OpenBSD project developed and includes in the base system the popular PF packet filter. PF is a feature-rich firewall which supports advanced packet filtering, NAT, and bandwidth control/prioritization (QoS) capabilities at the kernel level. PF has been ported to other BSD OSes and provides a capable, intuitive interface and ruleset language. OpenBSD running PF is popular choice for home users and administrators of very large networks alike.
• Routers: OpenBSD is a common choice for those in need of a routing platform that can run on commodity hardware, or those that want an alternative to the overpriced appliance routers on the martket today. Support for many routing protocols is strong and under ongoing development. In particular, OpenBSD supports static routing, IP multicast routing via the mrouted(8) daemon, RIPv1 and RIPv2 via routed(8), and the project has developed their own implementations of the OSPF and BGP4 routing daemons in ospfd(8) and bgpd(8).
• VPNs: OpenBSD ships with a mature, featureful, and standards-compliant IPsec implementation, making it the perfect platform for deploying virtual private networks. In addition to the native IPsec stack, OpenBSD supports other popular VPN solutions such as PPTP (net/pptp), OpenVPN (net/openvpn) and the new VPN support via SSH tunneling in OpenSSH.
• IDS and traffic analysis: Because of its focus on security and general strength in networking, OpenBSD is a popular choice as a platform supporting IDS systems and utilities for protocol and traffic analysis. The base system ships with tcpdump, the popular network traffic sniffer, and has also modified it to provide log analysis with PF.
• Web, email, FTP, and other network services: OpenBSD includes in the base system the Sendmail Mail Transfer Agent, the Apache HTTP server, ISC's BIND DNS server, and several other utilities and servers to provide FTP, DHCP, POP3, TFTP and other popular network services.
• Shell hosting: OpenBSD has been a popular choice for ISPs and other organizations needing to support systems to provide shell accounts for users and service subscribers. OpenBSD is a complete operating system with a full set of utilities for software development, networking clients, and a large ports collection which allows administrators to provide numerous other third-party applications for local users. The project's focus on enforcing security on all levels of the operating system helps ensure that the security risk of local user accounts on a system is lessened.

Uncompromising values

The OpenBSD project has intended from the beginning to provide an operating system that could be freely developed, distributed, and used by anyone in the world. In this goal, they have been highly successful and more than 10 years after the project's inception, this firm value remains in place and in practice.

• The project's use of the BSD license or an equally unrestricted license for all code committed to the tree (with a few unfortunate exceptions) provides a high level of software freedom for users. It also ensures that no restrictive licensing clauses restrict the project's and users' ability to use OpenBSD in whatever way they desire.
• The project's origin in Canada has allowed them to be successful in their endeavors as well, avoiding crippling cryptography export laws that plague many other companies and projects based out of the US.
• Software projects that were once included in the base operating system under an open license but later changed to a restrictive, non-free license are promptly replaced. Licensing incompatibilities that have led to this occurred with Darren Reed's IPFilter, versions of the Apache HTTP daemon released under the Apache 2.0 license, and recent versions of XFree86.
• The project frequently chooses to not include new software applications, new features to existing in-tree applications, and other recent developments unless there is a certainty that the new application or features don't detract from the overall quality and security of the operating system. This is in direct opposite practice of many other operating systems (several of which are F/OSS projects) which focus on supporting any new feature or utility to come on the horizon. This steadfastness has been shown to pay off multiple times as other operating systems have fallen prey to code exploits in the new software.