Like any other operating system, a secure host starts with a secure kernel configuration. If unneeded devices or options are included in your kernel configuration, you will not only have a bloated and slower kernel, but you may also open yourself up to attacks. The kernel should be configured using the Principle of Least Privilege. In short, if you do not need something in your kernel, do not add it! Also, an OpenBSD kernel can be configured with special options that can lead to a more secure machine. These options should be added when possible to help keep attackers out.
In order to use wireless
NICs, the kernel must be configured to support your wireless
networking card. The process of compiling an OpenBSD kernel is
outside the scope of this book. For more information on compiling a
custom OpenBSD kernel, see http://www.openbsd.org/faq/faq5.html and the
options(4) manual page.
When compiling an OpenBSD kernel, there are two different files that
you may need to edit in order to add or remove all of the required
options. The first configuration file,
/usr/src/sys/conf/GENERIC, contains options that
are common across all the architectures OpenBSD can run on. OpenBSD
has been ported to many platforms, including i386, Sparc, PowerPC,
and VAX. Some options, such as firewalling and IPv6 support, are
shared between all the platforms, and therefore when you change an
/usr/src/sys/conf/GENERIC, it will be reflected in any kernel ...