Marcus Ranum’s “The Six Dumbest Ideas in Computer Security” (http://www.ranum.com/security/computer_security/editorials/dumb/index.html), from September 1, 2005, is a longtime favorite of mine. This article explores some common misconceptions about security and their unfortunate implications for real-world security efforts.

Randal L. Schwartz’s “Monitoring Net Traffic with OpenBSD’s Packet Filter” (http://www.stonehenge.com/merlyn/UnixReview/col51.html) shows a real-life example of traffic monitoring and using labels for accounting. Some details about PF and labels have changed in the intervening years, but the article is still quite readable and presents several important concepts well.

The Swedish user group Unix.se’s Brandvägg med OpenBSD (http://unix.se/Brandv%E4gg_med_OpenBSD) and its sample configurations such as the basic ALTQ configurations, were quite useful to me early on. The site serves as a nice reminder that volunteer efforts such as local user groups can be excellent sources of information.

The #pf IRC channel wiki (http://www.probsd.net/pf/) is a collection of documentation, sample configurations, and other PF information, maintained by participants in the #pf IRC channel discussions and another example of a very worthwhile volunteer effort.

Daniele Mazzocchio, an OpenBSD fan from Italy, maintains the website Kernel Panic, with a collection of useful articles and tutorial-like documents on various OpenBSD topics at http://www.kernel-panic.it/openbsd.html (in English and Italian). It’s well worth the visit for a fresh perspective on various interesting topics from someone who seems to be dedicated to keeping the material up to date with the latest stable OpenBSD versions.

Randal L. Schwartz’s blog entry for January 29, 2004 (http://use.perl.org/~merlyn/journal/17094) shows how he apparently solved an annoying problem via creative use of ALTQ and operating system fingerprinting.

Kenjiro Cho’s “Managing Traffic with ALTQ” (http://www.usenix.org/publications/library/proceedings/usenix99/cho.html) is the original paper that describes the ALTQ design and early implementation on FreeBSD.

Jason Dixon’s “Failover Firewalls with OpenBSD and CARP,” from SysAdmin Magazine, May 2005 (http://planet.admon.org/howto/failover-firewalls-with-openbsd-and-carp/) is an overview of CARP and pfsync, with some practical examples.

Theo de Raadt’s OpenCON 2006 presentation “Open Documentation for Hardware: Why hardware documentation matters so much and why it is so hard to get” (http://openbsd.org/papers/opencon06-docs/index.html) was an important inspiration for the note in Appendix B about hardware for free operating systems in general and OpenBSD in particular.