Mastering FreeBSD and OpenBSD Security


FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, ...

See more details below
Paperback (1st Edition)
$45.35 price
(Save 9%)$49.99 List Price
Other sellers (Paperback)
  • All (12) from $11.99   
  • New (7) from $27.61   
  • Used (5) from $11.99   
Mastering FreeBSD and OpenBSD Security

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$24.99 price
(Save 41%)$42.99 List Price


FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments—like Linux and Solaris—can find useful paradigms to emulate.Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

Read More Show Less

Product Details

  • ISBN-13: 9780596006266
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 3/28/2005
  • Edition description: 1st Edition
  • Edition number: 1
  • Pages: 466
  • Product dimensions: 7.22 (w) x 9.22 (h) x 1.13 (d)

Meet the Author

Yanek Korff graduated with a Bachelor's degree in Computer Science from the College of William and Mary and is currently a Certified Information Systems Security Professional (CISSP). Mr. Korff joined Bell Atlantic as a Systems Engineer where he played a major role in the strategy, design, and deployment of a key Northern Virginia test facility. He later joined Cigital, Inc., a software quality management company, where he played a central role in the design of their systems infrastructure. He is now an essential member of the Information Security division at America Online. During his career, Mr. Korff has been able to identify and mitigate information security risks particularly relating to host-based BSD security. By leveraging his experience, he has been able to apply security fundamentals to influence business and industry practices.

Paco Hope is a Technical Manager with Cigital. His areas of expertise software security, security testing, and casino gaming. He specializes in analyzing the security of software, software systems, and software development processes. Paco frequently speaks at conferences such as the Better Software Conference, STAR East, and STAR West. He conducts training on risk-based security testing, writing security requirements, and software security fundamentals. He can be reached at

Bruce Potter is a Senior Associate at Booz Allen Hamilton. Prior to working at Booz Allen Hamilton, Bruce served as a software security consultant for Cigital in Dulles, VA. Bruce is the founder of the Shmoo Group of security professionals. His areas of expertise include wireless security, large-scale network architectures, smartcards, and promotion of secure software engineering practices. Bruce coauthored the books 802.11 Security and Mac OS X Security. He was trained in computer science at the University of Alaska, Fairbanks.

Read More Show Less

Table of Contents

Assumptions This Book Makes;
Contents of This Book;
Conventions Used in This Book;
Using Code Examples;
Comments and Questions;
Safari Enabled;
Security Foundation;
Chapter 1: The Big Picture;
1.1 What Is System Security?;
1.2 Identifying Risks;
1.3 Responding to Risk;
1.4 Security Process and Principles;
1.5 System Security Principles;
1.6 Wrapping Up;
1.7 Resources;
Chapter 2: BSD Security Building Blocks;
2.1 Filesystem Protections;
2.2 Tweaking a Running Kernel: sysctl;
2.3 The Basic Sandbox: chroot;
2.4 Jail: Beyond chroot;
2.5 Inherent Protections;
2.6 OS Tuning;
2.7 Wrapping Up;
2.8 Resources;
Chapter 3: Secure Installation and Hardening;
3.1 General Concerns;
3.2 Installing FreeBSD;
3.3 FreeBSD Hardening: Your First Steps;
3.4 Installing OpenBSD;
3.5 OpenBSD Hardening: Your First Steps;
3.6 Post-Upgrade Hardening;
3.7 Wrapping Up;
3.8 Resources;
Chapter 4: Secure Administration Techniques;
4.1 Access Control;
4.2 Security in Everyday Tasks;
4.3 Upgrading;
4.4 Security Vulnerability Response;
4.5 Network Service Security;
4.6 Monitoring System Health;
4.7 Wrapping Up;
4.8 Resources;
Deployment Situations;
Chapter 5: Creating a Secure DNS Server;
5.1 The Criticality of DNS;
5.2 DNS Software;
5.3 Installing BIND;
5.4 Installing djbdns;
5.5 Operating BIND;
5.6 Operating djbdns;
5.7 Wrapping Up;
5.8 Resources;
Chapter 6: Building Secure Mail Servers;
6.1 Mail Server Attacks;
6.2 Mail Architecture;
6.3 Mail and DNS;
6.4 SMTP;
6.5 Mail Server Configurations;
6.6 Sendmail;
6.7 Postfix;
6.8 qmail;
6.9 Mail Access;
6.10 Wrapping Up;
6.11 Resources;
Chapter 7: Building a Secure Web Server;
7.1 Web Server Attacks;
7.2 Web Architecture;
7.3 Apache;
7.4 thttpd;
7.5 Advanced Web Servers with Jails;
7.6 Wrapping Up;
7.7 Resources;
Chapter 8: Firewalls;
8.1 Firewall Architectures;
8.2 Host Lockdown;
8.3 The Options: IPFW Versus PF;
8.4 Basic IPFW Configuration;
8.5 Basic PF Configuration;
8.6 Handling Failure;
8.7 Wrapping Up;
8.8 Resources;
Chapter 9: Intrusion Detection;
9.1 No Magic Bullets;
9.2 IDS Architectures;
9.3 NIDS on BSD;
9.4 Snort;
9.5 ACID;
9.6 HIDS on BSD;
9.7 Wrapping Up;
9.8 Resources;
Auditing and Incident Response;
Chapter 10: Managing the Audit Trails;
10.1 System Logging;
10.2 Logging via syslogd;
10.3 Securing a Loghost;
10.4 logfile Management;
10.5 Automated Log Monitoring;
10.6 Automated Auditing Scripts;
10.7 Wrapping Up;
10.8 Resources;
Chapter 11: Incident Response and Forensics;
11.1 Incident Response;
11.2 Forensics on BSD;
11.3 Digging Deeper with the Sleuth Kit;
11.4 Wrapping Up;
11.5 Resources;

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)