Secure Architectures with OpenBSD

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $14.95
Usually ships in 1-2 business days
(Save 62%)
Other sellers (Paperback)
  • All (10) from $14.95   
  • New (4) from $16.00   
  • Used (6) from $14.95   

Overview

"This book works in tandem with the OpenBSD's manual pages. As a result, it will help many users grow and get the most from the system."—Theo de Raadt, OpenBSD project leader.

"The OpenBSD system intimidates many administrators who would benefit from using it. This book lets people start much higher up on the curve. Secure Architectures with OpenBSD not only presents the hows, but also shows some of the whys that only insiders know."Mike Frantzen, NFR Security

"Secure Architectures with OpenBSD explains all of the tasks an administrator has to know about to successfully maintain an OpenBSD server. It helps the reader save time by condensing the vast amount of information available in man pages into a compact form, reducing unneeded information, and explaining other things in much more detail and prose than a man page can afford."Daniel Hartmeier, the OpenBSD Project

"This book will become the de facto text for OpenBSD administration. Unix and BSD books abound, but none cover OpenBSD with the clarity and expertise of Palmer and Nazario. They explain the optimal way to configure and administer your OpenBSD machines, with a keen eye to security at all stages."Brian Hatch, coauthor of Hacking Exposed Linux and Building Linux Virtual Private Networks

Descended from BSD, OpenBSD is a popular choice for those who demand stability and security from their operating system. No code goes into OpenBSD without first undergoing a rigorous security check, making it a terrific choice for Web servers, VPNs, and firewalls.

Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.

After getting readers started with OpenBSD, the authors explain system configuration and administration, then explore more exotic hardware and advanced topics. Every chapter of the book addresses the issue of security because security is integrated into almost every facet of OpenBSD. Examples appear throughout the book, and the authors provide source code and system details unavailable anywhere else. This goes well beyond the basics and gives readers information they will need long after they have installed the system.

Key topic coverage includes:

  • Installation and upgrade details
  • Basic system usage in OpenBSD versus other Unix systems
  • Third-party software via packages and the ports tree
  • SMTP services in OpenBSD
  • Web services with Apache
  • Using OpenBSD as a firewall
  • OpenBSD as a Kerberos V client and server
  • Use of Ipsec
  • Configuration and use of IPv6
  • Network intrusion detection

Secure Architectures with OpenBSD takes you inside OpenBSD, giving you the insights and expertise no system manual can provide. The companion Web site tracks advances and changes made to the operating system, and it contains updates to the book and working code samples.

Read More Show Less

Editorial Reviews

From The Critics
Slashdot.org
One nice feature of this book is that its authors refer to Linux equivalents where appropriate, e.g., in terms of configuration and system file locations and names. This makes it an ideal text for a Linux sysadmin who wants to take OpenBSD for a test drive on the public network. Two chapters covering the OpenBSD packet filter (pf) and IPSec are the gems of this text and even advanced Linux users will likely benefit from alternative approaches to solving the same problems in the alternate universe of a different operating system.
Read More Show Less

Product Details

  • ISBN-13: 9780321193667
  • Publisher: Addison-Wesley
  • Publication date: 4/2/2004
  • Pages: 544
  • Product dimensions: 6.80 (w) x 9.10 (h) x 1.20 (d)

Meet the Author

Brandon Palmer is a member of Crimelabs Security Research Group, a think tank and consulting firm, and has performed security audits and penetration testing for networks and systems.

Jose Nazario is a senior software engineer at Arbor Networks, an Internet security company. As a member of the OpenBSD project, he has written ports, made bug notes, and contributed to the code. Jose also runs the community forum at www.deadly.org and serves as a consultant and researcher at Crimelabs Security Research Group.

Read More Show Less

Read an Excerpt

Chapter 1: Introduction

The OpenBSD operating system (OS) is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many mainstream applications and also offers great hardware support. Because OpenBSD doesn't face many of the business pressures to increase sales and employ trendy gimmicks that Linux and other BSD systems have to deal with, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18, 1995, at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD2.0, became available in autumn 1996. Release dates have been every six months since then, with the most recent version, 3.4, being released on November 1, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install only some systems. A huge number of installations are done over the Internet. The user base is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not encounter. The i386 architecture is used for most of the examples as that is where most users first encounter it. Note, however, that OpenBSD works almost the same on all architectures.

The book is broken down into the following sections:

  • Introduction This chapter.
  • Overview of OpenBSD A quick overview of what OpenBSD is and some of its main features.
  • Installation A walkthrough of an installation detailing what various options mean, why one should make certain decisions, and what's really happening in the background. This up-to-date discussion applies specifically to the OpenBSD 3.4 installation, but also to most other versions.
  • Basic Use Basic system usage and some of the major usage differences between OpenBSD and other UNIX systems.
  • Basic Default Services Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources Descriptions of the "man," GNU Info, and "perldoc" facilities for online help.
  • X Window System Information regarding the XWindow system on an OpenBSD host.
  • User Administration Addition and deletion of users and management of the space that these users will work in.
  • Networking Setting up basic networking, advanced networking topics, and bridging.
  • inetd Function and configuration of services that are run from inetd.
  • Other Installed Services Additional information about services that are installed on a default system, but not enabled on start-up.
  • Precompiled Third-Party Software: Packages Use of the precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-Party Software from Source Use of the ports tree and compiling applications from source.
  • Disks and Filesystems The creation and care of filesystems and disk devices.
  • Backup Utilities Tools and techniques for system backup.
  • Housekeeping Regular system housekeeping chores.
  • Mail Server Operations SMTP services in OpenBSD.
  • The Domain Name Services The domain name system setup and use.
  • Web Servers with Apache Web services with the Apache and mod ssl servers.
  • OpenSSH The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment Languages and software development tools.
  • Packet Filtering and NAT Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS: The Network Filesystem Setting up and using an OpenBSD NFS server and client.
  • NIS and YP Services Configuration of an NIS server and clients.
  • Kerberos Configuration and operation of OpenBSD as a Kerberos V client and server.
  • Authentication Methods The numerous login methods for OpenBSD, including S/Key.
  • IPsec: Security at the IP Layer Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6 (IPv6) Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection While not a standard part of OpenBSD, use of tools in the ports tree to allow OpenBSD to be used as a network security monitor.
  • Upgrading Upgrading an OpenBSD system.
  • Kernel Compilation The GENERIC kernel, the few reasons to compile a new kernel, and tweaks to the kernel without compilation.
  • Bug Reports with OpenBSD Checking for and reporting system bugs.
  • CVS Basics Use of CVS on OpenBSD to access the kernel source and for system deployment.
  • Applying Source Code Patches Ways to apply system and application patches.
  • Tuning the Kernel with sysctl Tunable kernel parameters.
  • A dmesg Walkthrough Information available from dmesg and how it applies to system use.
  • Core File Evaluation Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just as in OpenBSD, security is everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Whom Is This Book For?

This book targets both the user who is new to OpenBSD and the user who has been using the system for a while. It is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD or looking to expand his or her knowledge base. In addition, given that networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit his or her own files. Finally, this book concentrates on the use of server-end tools; it will not cover the clients being used to access these services, except in terms of how that might change decisions during server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.

Read More Show Less

Table of Contents

1 Introduction 1
I Getting started 7
2 Overview of OpenBSD 9
3 Installation 17
4 Basic use 45
5 Basic default services 65
6 Online help resources 73
7 X window system 83
II System configuration and administration 93
8 User administration 95
9 Networking 111
10 Inetd 133
11 Other installed services 141
12 Precompiled third-party software : packages 151
13 The Ports Tree : third-party software from source 159
14 Disks and filesystems 169
15 Backup utilities 187
16 Housekeeping 207
17 Mail server operations 215
18 The domain name services 227
19 Web servers with Apache 243
20 OpenSSH 253
III Advanced features 267
21 The OpenBSD development environment 269
22 Packet filtering and NAT 285
23 NFS : the network filesystem 313
24 NIS and YP services 319
25 Kerberos 325
26 Authentication methods 339
27 IPsec : security at the IP layer 347
28 IPv6 : IP version 6 381
29 Systrace 405
30 Network intrusion detection 417
31 Upgrading 425
32 Kernel compilation 435
33 Bug reports with OpenBSD 443
IV Appendixes 451
A CVS basics 453
B Applying source code Patches 461
C Tuning the Kernel with sysctl 465
D A dmesg walkthrough 469
E Core file evaluation 475
F Other OpenBSD tools and resources 481
G IPsec m4 487
Index 493
Read More Show Less

Preface

Chapter 1: Introduction

The OpenBSD operating system (OS) is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many mainstream applications and also offers great hardware support. Because OpenBSD doesn't face many of the business pressures to increase sales and employ trendy gimmicks that Linux and other BSD systems have to deal with, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18, 1995, at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD2.0, became available in autumn 1996. Release dates have been every six months since then, with the most recent version, 3.4, being released on November 1, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install only some systems. A huge number of installations are done over the Internet. The user base is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not encounter. The i386 architecture is used for most of the examples as that is where most users first encounter it. Note, however, that OpenBSD works almost the same on all architectures.

The book is broken down into the following sections:

  • Introduction This chapter.
  • Overview of OpenBSD A quick overview of what OpenBSD is and some of its main features.
  • Installation A walkthrough of an installation detailing what various options mean, why one should make certain decisions, and what's really happening in the background. This up-to-date discussion applies specifically to the OpenBSD 3.4 installation, but also to most other versions.
  • Basic Use Basic system usage and some of the major usage differences between OpenBSD and other UNIX systems.
  • Basic Default Services Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources Descriptions of the "man," GNU Info, and "perldoc" facilities for online help.
  • X Window System Information regarding the XWindow system on an OpenBSD host.
  • User Administration Addition and deletion of users and management of the space that these users will work in.
  • Networking Setting up basic networking, advanced networking topics, and bridging.
  • inetd Function and configuration of services that are run from inetd.
  • Other Installed Services Additional information about services that are installed on a default system, but not enabled on start-up.
  • Precompiled Third-Party Software: Packages Use of the precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-Party Software from Source Use of the ports tree and compiling applications from source.
  • Disks and Filesystems The creation and care of filesystems and disk devices.
  • Backup Utilities Tools and techniques for system backup.
  • Housekeeping Regular system housekeeping chores.
  • Mail Server Operations SMTP services in OpenBSD.
  • The Domain Name Services The domain name system setup and use.
  • Web Servers with Apache Web services with the Apache and mod ssl servers.
  • OpenSSH The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment Languages and software development tools.
  • Packet Filtering and NAT Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS: The Network Filesystem Setting up and using an OpenBSD NFS server and client.
  • NIS and YP Services Configuration of an NIS server and clients.
  • Kerberos Configuration and operation of OpenBSD as a Kerberos V client and server.
  • Authentication Methods The numerous login methods for OpenBSD, including S/Key.
  • IPsec: Security at the IP Layer Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6 (IPv6) Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection While not a standard part of OpenBSD, use of tools in the ports tree to allow OpenBSD to be used as a network security monitor.
  • Upgrading Upgrading an OpenBSD system.
  • Kernel Compilation The GENERIC kernel, the few reasons to compile a new kernel, and tweaks to the kernel without compilation.
  • Bug Reports with OpenBSD Checking for and reporting system bugs.
  • CVS Basics Use of CVS on OpenBSD to access the kernel source and for system deployment.
  • Applying Source Code Patches Ways to apply system and application patches.
  • Tuning the Kernel with sysctl Tunable kernel parameters.
  • A dmesg Walkthrough Information available from dmesg and how it applies to system use.
  • Core File Evaluation Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just as in OpenBSD, security is everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Whom Is This Book For?

This book targets both the user who is new to OpenBSD and the user who has been using the system for a while. It is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD or looking to expand his or her knowledge base. In addition, given that networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit his or her own files. Finally, this book concentrates on the use of server-end tools; it will not cover the clients being used to access these services, except in terms of how that might change decisions during server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.

Read More Show Less

Introduction

The OpenBSD operating system is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many main stream applications and also offers great hardware support. Since OpenBSD doesn't have many of the business pressures of increasing sales and trendy gimmicks that Linux and other BSD systems have, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18th, 1995 at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD 2.0 was roughly Autumn of 1996 and release dates have been every six months after that date, with the most recent being 3.4, released on November 1st, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install many systems and a huge number of installations are done over the internet. The userbase is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not. The i386 architecture is used for most of the examples since that is where most users first encounter it; however OpenBSD works almost the sameon all architectures.

The book is broken down into the following sections:

  • Introduction - This chapter.
  • Overview of OpenBSD - A quick overview of what OpenBSD is and some of its main features.
  • Installation - A walk through of an installation detailing what various options mean, reasons to make decisions and what's really happening in the background. This is up to date for the OpenBSD 3.4 installation, but it also applies for most other versions.
  • Basic Use - Basic system usage and some of the major usage di(R)erences between OpenBSD and other UNIX systems.
  • Basic Default Services - Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources - Descriptions of the 'man', GNU Info, and 'perldoc' facilities for online help.
  • X Window System - Information regarding the X Window system on an OpenBSD host.
  • User Administration - Addition and deletion of users along with managing the space that these users will work in.
  • Networking - Setting up basic networking, advanced networking topics and bridging.
  • inetd - Function and configuration of services that are run from inetd.
  • Other Installed Services - Additional information about services that are installed on a default system, but not enabled on startup.
  • Precompiled Third-Party Software: Packages - How to use precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-party Software from Source - Use of the ports tree and compiling application from source.
  • Disks and Filesystems - Cov disk devices.
  • Backup Utilities - Tools and techniques for system backup.
  • Housekeeping - Regular system housekeeping chores.
  • Mail Server Operations - SMTP services in OpenBSD.
  • The Domain Name Services - The domain name system setup and use.
  • Web Servers with Apache - Web services with the Apache and mod ssl servers.
  • OpenSSH - The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment - Languages and software development tools.
  • Packet Filtering and NAT - Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS - The Network Filesystem - Setting up and using an OpenBSD NFS server and client. NIS and YP Services - Configuration of an NIS server and clients.
  • Kerberos - Configuration and operation of OpenBSD as a Kerberos V client and server. Authentication Methods - The numerous login methods for OpenBSD are discussed, including RADIUS and S/Key.
  • IPsec: Security at the IP Layer - Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6, IPv6 - Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace - A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection - While not a standard part of OpenBSD, by using tools in the ports tree, OpenBSD can be used as a network security monitor.
  • Upgrading - Upgrading an OpenBSD system.
  • Kernel Compilation - The GENERIC kernel, the few re compilation.
  • Bug Reports with OpenBSD - How to check for and report system bugs.
  • CVS Basics - How to use CVS on OpenBSD for access to kernel source and system deployment.
  • Applying Source Code Patches - How to apply system and application patches.
  • Tuning the Kernel with sysctl - Tunable kernal parameters.
  • A dmesg Walk-Through - Usage of information from dmesg and how it applies to system use.
  • Core File Evaluation - Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources - Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 - m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just like in OpenBSD it's everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Who Is This Book For?

This book targets both the user who is new to OpenBSD , and the user who has been using the system for a while. This is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD, or looking to expand their knowledge. In addition, since networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit their own files. Fi will be concentrating on the use of server-end tools; it will not cover the clients being used to access these services, save in how that might change decisions in server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)