I wanted to share a list of hardening you can do on your OpenBSD workstation, and explaining the threat model of each change.
Feel free to pick any tweak you find useful for your use-case, many are certainly overkill for most people, but depending on the context, these changes could make sense for others.
Solène Rapenne
Writte by OpenBSD developer Solène Rapenne.
There are a couple of these that say “OpenBSD should have containers.”
Or create a dedicated admin account with doas privs to avoid logging in as the root account.
It’s odd OpenBSD doesn’t do this by default. I’m not sure there’s a good reason to only block the ports below 1024 by default.
This is probably more of a problem of userland controls being really bad, and probably something people should look into. Like maybe a security research OS. *cough* *cough*
I guess the other option would be to run something like Snort or Suricata to sniff the outgoing traffic. This seems like something better left to equipment on the network rather then a workstation.
When am I going to find a PS/2 mouse or trackpad?
This might be a little unrealistic. Or use super glue, whichever.
systemd-homed is working on this. Not that it matters for OpenBSD, but there are other projects working on this.
https://systemd.io/HOME_DIRECTORY/
Flatland_Spider,
PS/2 isn’t a realistic option for most any more, but now that USB4 is thunderbolt, external peripherals can now do DMA bus mastering. As a result the security risks of exposed USB ports have become significantly greater than exposing peripheral ports in the past did.
Even when using IO MMU to mitigate unrestricted memory access, reprogramming the IO windows per request is not viable due to performance considerations. As a result, a usb 4 peripheral can generally negotiate device profiles that grant it privileged access to things like kernel buffer space. And because thunderbolt was designed with the memory logic in the peripheral, this is not easily fixable from the host. There’s not much a user can do about it without disabling ports altogether.
The recommendation makes sense due to the reasons behind it, and it doesn’t make sense due to the practicality of finding PS/2 peripherals and ports.
You seem to have overlooked the introduction:
Context is key.
I didn’t.
Context: It’s 2024 and PS/2 peripherals are super rare. Also, ball mice were gross.
PS/2 peripherals have found a niche in the gaming sector as PS/2 runs at a lower level, with less latency, than USB does. As such, it’s actually much easier to find a PS/2 keyboard and mouse in 2024 than it was, say, 10 years ago.
The123king,
I am curious, is this still true with modern USB mice? Is the difference actually meaningful and perceptible? I’m reading contradictory information and I don’t know how much of it is down to the placebo effect. I’d like to read up on this if you’ve got any links.
This guy didn’t see a noticeable difference, but maybe a more accurate test would show a difference? I don’t know.
“PS/2 Vs USB Mouse – Input Lag – Still a VIABLE Option for PC GAMERS in 2018…?!”
https://www.youtube.com/watch?v=TAA1n_9cXrA
Here different keyboard polling rates are tested.
“Keyboard Input Lag 125, 250, 500, 1000Hz USB vs. PS/2”
https://www.youtube.com/watch?v=eEswl6kZq5k
His results show a usb keyboard beating a PS/2 keyboard. However the choice of specific PS/2 keyboard/mouse hardware could make a difference. I am very curious how the best PS/2 hardware would stand up next to the best USB hardware. Wikipedia says standard PS/2 mice operate at 100HZ with a max of 200HZ compared to USB 2 max of 1000HZ.
https://en.wikipedia.org/wiki/PS/2_port
I’m not sure there’s any keyboards/mice using USB3, but I think USB3 eliminates the need for host polling (to the extent that usb2’s 1000hz polling delay is even perceptible at all).
Even if you can find the PS/2 devices, the ports themselves are rare these days.
“4000Hz Polling Rate Tested EVGA Z15 & Z20”
https://www.youtube.com/watch?v=UmS_t3YYy8s
I didn’t even know 4000HZ was an option, but more data points are given and it shows the PS/2 keyboard being the worst performer even when compared to 1000HZ keyboards.
So although it seems plausible to me that PS/2 used to be better, all the data I’m seeing points to this no longer being the case. Do you know of any counterexamples?
Optical PS/2 mice existed before USB was even a thing. The optical mouse started really picking up around 1998, and (like other mice) was almost exclusively PS/2. The first commercially successful USB mice (most of which were roller ball) began rolling (ahem) out that same year. It wasn’t until the early 2000s that optical mice really took off as the price dropped dramatically and roller mice began to disappear from the market.
As I said: Context is key.