OpenBSD will perform best for low-traffic Web sites requiring strong protection. The key theme here is small and secure — therein lies the strength of OpenBSD, says ServerWatch.
Protecting the Perimeter With OpenBSD
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
Haven’t tried openBSD myself, are there any companies, businesses out there using it in the real world, or users with openBSD at their primary desktop OS?
Yes, there are many businesses (Fortune 500) using OpenBSD. Just to note, OpenBSD is not targeted at being a primary desktop OS. Use something else.
I use FreeBSD. I think it’s a little less complicated. This is just an idea.
Charles.
what about netbsd? Can it be used as a desktop OS?
Well they say small and low-traffic, but how high can OBSD scale? Any one with first hand experiance.
-Yousef
While OpenBSD is quite good I believe NetBSD, FreeBSD and Linux all scale better.
I use OpenBSD for several low-traffic sites and it works beautifully. It is easy to set up, easy to patch, and easy maintain.
At my work we use 2 OpenBSD boxes running dnscache to do recursive lookups for our customers. Last time I checked, one machine was up for 101 days (3 downtimes in the last 2 years because of power outages), and it has answered 73.3 million queries in those 100 days. It’s a P200 with 128MB of ram.
what about netbsd? Can it be used as a desktop OS?
Oh, yes. You can use NetBSD practically for any task you like, server or desktop. NetBSD is secure and stable, it has good overall performance and the fastest TCP/IP stack around:
http://www.netbsd.org/Changes/#internet2-landspeed2
Here is a list of apps that are natively packaged for NetBSD:
ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/README.html
If some of the apps you need seem to be missing, you can also install non-native packages in NetBSD using FreeBSD or Linux emulation.
one of the top ISP’s are using OpenBSD.. some for webhosting.. Doesn’t this count for something.. I thought so.. get the facts.
one of the top ISP’s is using OpenBSD.
yes one of the top isp’s give away all their service for free. yea look at the silly claims i can make!
that is besides the point..
I use OpenBSD for a rather large webserver (unless of course you call approx 30gb/month “small”) with lots of dynamic content. So I’m inclined to think that it works quite nicely on “larger” sites as well.
The only time it goes down is when I upgrade or when someone unplugs the PC. Yes, it’s primarily a server OS. Works great as a firewall.
I’d have to say this OS is best used for a primary DNS or secondary DNS, a firewall, to host your database on, or even your ssl credit-card transaction server due to the fact security is its main purpose of being. Use something else for your desktop (linux, fbsd, etc…) and something else for your main high-volume website os that scales well with a heavy load…
OpenBSD does not scale well. That doesn’t mean you can’t use it for low traffic web or mail server. It is easy to maintain and patch. I would never use it for a desktop. I sometimes wonder about its long term potential in light of the almost rabid approach towards “non-free” software. They make Debian look absolutely friendly by comparison. But I digress. I suppose it has more to do with OpenBSD’s resident dictator Theo.
Sean
I’ve used it on large and small networks, even a few in between.
I use it as a desktop, and can’t imagine using anything else. Others may be considered better by many, but they aren’t me. I use it because I’m comfortable with it.
I’m not an uncle. Is there a joke there I’m not getting?
OpenBSD works well as a desktop OS. I have it in my old 233 MHz box which also has Win95 and WinNT4.
Already installed OpenBSD 3.5 on one box, going to install 3.6 on the other just as soon as I order em cd’s.
Is it a desktop OS? what is a desktop OS? it fits all my requirements that a desktop OS be just fine
Best not to pigeon hole things, everyones different and as such their desktop preferences are to.
The real selling point for me is the ease at which I can set up a encrypted /home and swap.
OpenBSD can be used as a desktop depending upon your needs. I’ve used it as my primary desktop running KDE for the past 6 months. It has left me little to complain about. Perhaps an Open Office port would be nice but that’s about it.
If you require every little whizz-bang bell and whistle on your desktop then OpenBSD is not for you. There are adequate desktop utilites in its 2,500 app ports tree but this seems limited in comparison to FreeBSD’s 10,000+ or even by what is offered by most linux distros.
If speed is your primary demand from an OS then OpenBSD is not for you. OpenBSD places security high in its development goals. Being the fastest is not a development goal, although speed improvements do come. The OpenBSD philosophy is that if you want more speed then buy faster hardware. Speed at the cost of security and/or stability is not an acceptable trade-off under any circumstance. Many outside of the OpenBSD community will disagree and fortunately for them there are other OS’s available to meet their needs.
Are you a “security freak” or particularly “anal” about code correctness or licensure issues? If yes, then OpenBSD may be a good match for you. Personally, I sleep better knowing that my single pathetic desktop is protected by strong integrated security and the best packet filter available natively in any OS.
And yes, I am a paranoid uncle but not very old yet.
I recently put OpenBSD on my Ultra 5 and I’m very happy with it. It’s the only non-Solaris OS I’ve found that will install and run without any coercion on that machine, and getting it configured to the point where it was doing something useful was a damn sight easier and quicker than under Solaris. It was mainly an educational exercise but I currently have my little Ultra running as a caching and authoritative DNS server for our house and also as a small webserver (haven’t seen how that bit performs yet because it’s not got anything to server at the moment). PacketFilter is fantastic – I just skimmed a howto to find out the right syntax and a couple of commands, and then within five minutes I had what should be a nice, solid firewall. Haven’t really put it to test, but nmap chokes on it so that’s a good sign…
The only problem I’m having is setting up Apache User Directories, but that’s probably due more to my lack of experience with Apache than to any flaw in OpenBSD.
I use OpenBSD on Big networks (i.e. serving big lines) as Firewalls and or Bridges (transparents) and it works perfectly. Some DNS´s, and MailServers (when it´s not a Lotus Domino, which doesn´t run under open bsd).
Good, simple and secure.
Need more stuff? Try other flavor. Or fix it and make it work.
I use OpenBSD on Big networks (i.e. serving big lines) as Firewalls and or Bridges (transparents) and it works perfectly. Some DNS´s, and MailServers (when it´s not a Lotus Domino, which doesn´t run under open bsd).
Good, simple and secure.
Need more stuff? Try other flavor. Or fix it and make it work.
unless of course you call approx 30gb/month “small
Great that OpenBSD works for you, but 30GB/MONTH? Yes, I would call this pretty small
From the article:
>> The Achilles heel of OpenBSD is its scalability. Detailed benchmarks demonstrate that under high loads in large scale network situations (e.g., a heavily trafficked Web server) OpenBSD performs significantly slower than comparable products, including those with NetBSD and the Linux distros, particularly those with the 2.6 Linux kernel. This is why OpenBSD is typically used to implement security (e.g., as a firewall/router configuration).
<<
If the writer of the article is going to make such a statement about benchmarks, where is the analytical proof this is the case?
This benchmark clearly shows that OpenBSD is to be used for other purposes.
http://bulk.fefe.de/scalability/
My own experience backs that up. OpenBSD probably isn’t the best choice for x86, Alpha, or PPC desktop machines, but it’s a lot better than the alternatives on the slightly older SPARCs.
The fefe benchmarks are flawed in some areas, and quite some performance/scalabillity improvements have been intgerated into OpenBSD in the meantime.
Yeah that just means they copied what NetBSD did to help be more scalable.
OpenBSD just tends to be going down hill since it choked on UVM. Not SMP.
Unchecked paranoia is more harmful than any hacker ever was.
OpenBSD is especially very good at handling all kinds of network traffic.For e.g. i have on site a transparant bridged pf firewall running on OpenBSD.
they copied what NetBSD did to help be more scalable.
This is not a bad thing at all. All *BSDs borrow good ideas from other *BSDs. It makes them all better and stronger. 🙂
@Jophn Deo
Tell me more about this tranasparent bridge thing with packet filtering.
I have read a bit about it, and I think it’s something that I’m interested in doing. Correct me if I’m wrong but basically it’s where you use OpenBSD to filter the traffic between two network segments using two NICs on the OpenBSD. So the packets only get copied from NIC to NIC if it’s allwed in the pf rules. Is this right?
Sounds like something I can do to keep some people in our Design department in check.
OpenBSD is great as a small server and unequaled as a firewall/router. I guess it is a little more difficult to install, simply because most want a GUI to install. Speed and scalability are not the primary goals, but it does a good job.
Anyone who says OpenBSD is easy to update and patch is crazy. It is a several step manual process.
“apt-get upgrade” is easy, manually downloading and applying patches and then recompiling is not easy.
I think OpenBSD security is only a myth. OpneBSD’s default instalation is secure because all daemos are disabled and installation is minimal. Many of linux installers do exactly the same. Using Debian, Gentoo or Slackware you can do the same.
For paranoid admins you can use security-enhanced linux distributions like
http://www.nsa.gov/selinux/index.cfm
All OpenBSD security will go down if you use any Apache, BIND, OpenSSH server, etc with known security flaws.
Its great that you think that…But have you actually tried it? Do you know and understand its features? Do you understand its security features like Pro-Police or integrated cryptography?
SE-Linux is an experimental OS, its intention is not for the production environment, but to introduce new security concepts.
Adamantix (hardened Debian-based distro) is the one you should be referring to.
In any case, you have clearly demonstrated that you don’t have a clue about either OS. Congratulations.
OpenBSD can be quite easy to patch: binpatch.
http://www.openbsd.org.mx/~santana/binpatch.html