Quote:
2).. PF -- OpenBSD's packet filter is in my opinion the best open source solution in existance.
It's a little tough to get your firewall rules right when first starting, but when you get the hang of it, you have more filtering options available then iptables. Also, the entire filtering mechanism is setup to run under restricted priviliges and this is a very good thing. The ability to tag layer 2 packets (When doing a bridge and using brconfig) and filter them according to complex rules in pf.conf is also very nice...
With what you said above, more options would equal less security. KISS.
Quote:
3).. Integrated Cryptography -- With support for some of the longest key spaces publically used, lots of choices for algorithms (Also this part of OpenBSD is reviewed hard-core, all in the open)...
SUSE comes out of the box with up to 4096 bit. DES, Blowfish and others are also right on the install CDs.
Quote:
Of course there's other 'little' things to numberous to mention (buffer overflow safeguards included by default **cough linux**cough**GRE/PAX, a little memory mapping randomization makes certain kinds of hostile code trickier to write and execute)...There really is a lot more, these are just the highlights...im just getting tired now :) Maybe later...