Securing Financially Sensitive Environments with OpenBSD

This thesis investigates the use of a free, open source<br /> UNIX-based operating system in providing security features<br /> to a financially sensitive business function such as a <br /> treasury.<br /> <br /> We start by examining some of the main security features<br /> (such as the pf firewall and systrace policies) which are <br /> included with the operating system, how they work and how <br /> such features can be used within a financial environment. <br /> We then examine possible problems with each feature and <br /> the introduction of such a feature into the business <br /> environment. We also explore some of the criticism that<br /> OpenBSD has received and additional features which could<br /> be useful to business.<br /> <br /> We then look at some examples of statutory and regulatory<br /> requirements, and how OpenBSD's features may be mapped to<br /> address such requirements. As part of this we examine how<br /> open source software in general can be utilised and some<br /> of the advantages and disadvantages of it against similar<br /> commercial offerings.<br /> <br /> We then see a case study based on a real-world treasury,<br /> and some of the serious security concerns which are faced<br /> by security officers responsible for such departments. We<br /> explore how OpenBSD can be applied within an infrastructure<br /> to provide key security services and address some of the <br /> specific concerns raised in the treasury security <br /> assessment.<br /> <br /> Finally, we provide conclusions and suggestions for future<br /> work.