Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

1140203352
Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

42.99 In Stock
Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems
Add to Wishlist
Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

Mastering FreeBSD and OpenBSD Security: Building, Securing, and Maintaining BSD Systems

Overview

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

Product Details

ISBN-13: 9781449369576
Publisher: O'Reilly Media, Incorporated
Publication date: 03/24/2005
Sold by: Barnes & Noble
Format: eBook
Pages: 466
File size: 2 MB

About the Author

Yanek Korff graduated with a Bachelor's degree in Computer Science from the College of William and Mary and is currently a Certified Information Systems Security Professional (CISSP). Mr. Korff joined Bell Atlantic as a Systems Engineer where he played a major role in the strategy, design, and deployment of a key Northern Virginia test facility. He later joined Cigital, Inc., a software quality management company, where he played a central role in the design of their systems infrastructure. He is now an essential member of the Information Security division at America Online. During his career, Mr. Korff has been able to identify and mitigate information security risks particularly relating to host-based BSD security. By leveraging his experience, he has been able to apply security fundamentals to influence business and industry practices.


Paco Hope is a Technical Manager with Cigital. His areas of expertise software security, security testing, and casino gaming. He specializes in analyzing the security of software, software systems, and software development processes. Paco frequently speaks at conferences such as the Better Software Conference, STAR East, and STAR West. He conducts training on risk-based security testing, writing security requirements, and software security fundamentals. He can be reached at paco@cigital.com.


Bruce Potter is a Senior Associate at Booz Allen Hamilton. Prior to working at Booz Allen Hamilton, Bruce served as a software security consultant for Cigital in Dulles, VA. Bruce is the founder of the Shmoo Group of security professionals. His areas of expertise include wireless security, large-scale network architectures, smartcards, and promotion of secure software engineering practices. Bruce coauthored the books 802.11 Security and Mac OS X Security. He was trained in computer science at the University of Alaska, Fairbanks.

Table of Contents

Prefacevii
Part ISecurity Foundation
1The Big Picture3
What Is System Security?4
Identifying Risks6
Responding to Risk19
Security Process and Principles23
System Security Principles26
Wrapping Up30
Resources31
2BSD Security Building Blocks32
Filesystem Protections33
Tweaking a Running Kernel: sysctl44
The Basic Sandbox: chroot53
Jail: Beyond chroot60
Inherent Protections67
OS Tuning70
Wrapping Up73
Resources73
3Secure Installation and Hardening74
General Concerns75
Installing FreeBSD87
FreeBSD Hardening: Your First Steps93
Installing OpenBSD100
OpenBSD Hardening: Your First Steps103
Post-Upgrade Hardening107
Wrapping Up116
Resources116
4Secure Administration Techniques117
Access Control118
Security in Everyday Tasks129
Upgrading141
Security Vulnerability Response144
Network Service Security149
Monitoring System Health163
Wrapping Up168
Resources168
Part IIDeployment Situations
5Creating a Secure DNS Server173
The Criticality of DNS174
DNS Software183
Installing BIND189
Installing djbdns190
Operating BIND193
Operating djbdns201
Wrapping Up205
Resources205
6Building Secure Mail Servers207
Mail Server Attacks208
Mail Architecture211
Mail and DNS216
SMTP218
Mail Server Configurations223
Sendmail226
Postfix241
qmail255
Mail Access255
Wrapping Up258
Resources258
7Building a Secure Web Server260
Web Server Attacks261
Web Architecture265
Apache267
thttpd292
Advanced Web Servers with Jails295
Wrapping Up302
Resources303
8Firewalls305
Firewall Architectures305
Host Lockdown314
The Options: IPFW Versus PF314
Basic IPFW Configuration316
Basic PF Configuration325
Handling Failure331
Wrapping Up334
Resources335
9Intrusion Detection336
No Magic Bullets336
IDS Architectures338
NIDS on BSD345
Snort346
ACID353
HIDS on BSD354
Wrapping Up360
Resources360
Part IIIAuditing and Incident Response
10Managing the Audit Trails363
System Logging364
Logging via syslogd365
Securing a Loghost378
logfile Management381
Automated Log Monitoring386
Automated Auditing Scripts392
Wrapping Up394
Resources394
11Incident Response and Forensics396
Incident Response396
Forensics on BSD402
Digging Deeper with the Sleuth Kit408
Wrapping Up412
Resources413
Index415
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Operating Systems
Other Operating Systems
Computer Security
UNIX
Operating Systems - General & Miscellaneous
Operating systems (Computers)
Computers
Computers - General & Miscellaneous
Operating Systems
Other Operating Systems
Computer Security
UNIX
Operating Systems - General & Miscellaneous
Operating systems (Computers)

Customer Reviews