Mastering FreeBSD and OpenBSD Security

Description

Mastering FreeBSD and OpenBSD Security is the only book currently on the market devoted completely to BSD security. Dozens of practical examples help administrators of all stripes select, configure, and deploy these operating systems. By describing security solutions for real-life scenarios, this convenient guide lets administrators push their server's security to the next level. Full Description

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure. FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems. Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate. Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

Table of Contents

Security Foundation
1. Chapter 1 The Big Picture
  1. What Is System Security?
  2. Identifying Risks
  3. Responding to Risk
  4. Security Process and Principles
  5. System Security Principles
  6. Wrapping Up
  7. Resources
2. Chapter 2 BSD Security Building Blocks
  1. Filesystem Protections
  2. Tweaking a Running Kernel: sysctl
  3. The Basic Sandbox: chroot
  4. Jail: Beyond chroot
  5. Inherent Protections
  6. OS Tuning
  7. Wrapping Up
  8. Resources
3. Chapter 3 Secure Installation and Hardening
  1. General Concerns
  2. Installing FreeBSD
  3. FreeBSD Hardening: Your First Steps
  4. Installing OpenBSD
  5. OpenBSD Hardening: Your First Steps
  6. Post-Upgrade Hardening
  7. Wrapping Up
  8. Resources
4. Chapter 4 Secure Administration Techniques
  1. Access Control
  2. Security in Everyday Tasks
  3. Upgrading
  4. Security Vulnerability Response
  5. Network Service Security
  6. Monitoring System Health
  7. Wrapping Up
  8. Resources
Deployment Situations
1. Chapter 5 Creating a Secure DNS Server
  1. The Criticality of DNS
  2. DNS Software
  3. Installing BIND
  4. Installing djbdns
  5. Operating BIND
  6. Operating djbdns
  7. Wrapping Up
  8. Resources
2. Chapter 6 Building Secure Mail Servers
  1. Mail Server Attacks
  2. Mail Architecture
  3. Mail and DNS
  4. SMTP
  5. Mail Server Configurations
  6. Sendmail
  7. Postfix
  8. qmail
  9. Mail Access
  10. Wrapping Up
  11. Resources
3. Chapter 7 Building a Secure Web Server
  1. Web Server Attacks
  2. Web Architecture
  3. Apache
  4. thttpd
  5. Advanced Web Servers with Jails
  6. Wrapping Up
  7. Resources
4. Chapter 8 Firewalls
  1. Firewall Architectures
  2. Host Lockdown
  3. The Options: IPFW Versus PF
  4. Basic IPFW Configuration
  5. Basic PF Configuration
  6. Handling Failure
  7. Wrapping Up
  8. Resources
5. Chapter 9 Intrusion Detection
  1. No Magic Bullets
  2. IDS Architectures
  3. NIDS on BSD
  4. Snort
  5. ACID
  6. HIDS on BSD
  7. Wrapping Up
  8. Resources
Auditing and Incident Response
1. Chapter 10 Managing the Audit Trails
  1. System Logging
  2. Logging via syslogd
  3. Securing a Loghost
  4. logfile Management
  5. Automated Log Monitoring
  6. Automated Auditing Scripts
  7. Wrapping Up
  8. Resources
2. Chapter 11 Incident Response and Forensics
  1. Incident Response
  2. Forensics on BSD
  3. Digging Deeper with the Sleuth Kit
  4. Wrapping Up
  5. Resources

Colophon

Product Details

Title: Mastering FreeBSD and OpenBSD Security
By: Yanek Korff, Paco Hope, Bruce Potter
Publisher: O'Reilly Media
Print Release: March 2005
Pages: 464 pages
Print ISBN: 978-0-596-00626-6 | ISBN 10: 0-596-00626-8

About the Author

Bruce Potter

is the Manager of Network and Security Operations for VeriSign's Mass Market's division. He manages the security for over a hundred network devices and several hundred servers. He's the founder of the Shmoo Group (www.shmoo.com), a web site for security, cryptography, and privacy professionals, and NoVAWireless (www.novawireless.org), a community-based wireless network project in Northern Virginia.

View Bruce Potter's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Mastering FreeBSD and OpenBSD Security depicts fencers. Whether used for sport or for war, the art of fencing can be traced back to some of the earliest known civilizations. For example, fencers entertained Pharaohs in ancient Engypt. The Greeks and Romans, meanwhile, had systems of martial arts that included swordsmanship. The modern sport of fencing originated in the first Olympic Games, in 1896, and consists of three different weapons: foil, épée, and sabre. The lightest of these weapons is the foil. A foil fencer can only score hits by landing thrusts to the trunk of the body. A modern electrical scoring apparatus,worn by the fencer, will record a hit for any blow landed with a force of at least 4.90 newtons. Less flexible and heavier than the foil, the épée usually has a large hand guard. This bell-shaped guard is important because the épée fencer is not as limited in her targets--the entire body, including the hand, is considered a valid target to score hits. An épée fencer registers a hit with 7.35 newtons of force. The sabre differs from these first two swords in that it is an edge, rather than a point, weapon. A sabre fencer may land points to any part of the upper body (head, torso, and arms). A touch with the point, flat, or edge of the sword will register a hit. Adam Witwer was the production editor, and Nancy Reinhardt was the copyeditor for Mastering FreeBSD and OpenBSD Security. Linley Dolby proofread the text. Sarah Sherman and Claire Cloutier provided quality control. Lucie Haskins wrote the index. Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Karen Montgomery produced the cover layout with Adobe InDesign CS using Adobe's ITC Garamond font. David Futato designed the interior layout. This book was converted by Judy Hoer to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano, Jessamyn Read, and Lesley Borash using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Adam Witwer.

Mastering FreeBSD and OpenBSD Security

Security Foundation

Chapter 1 The Big Picture

Chapter 2 BSD Security Building Blocks

Chapter 3 Secure Installation and Hardening

Chapter 4 Secure Administration Techniques

Deployment Situations

Chapter 5 Creating a Secure DNS Server

Chapter 6 Building Secure Mail Servers

Chapter 7 Building a Secure Web Server

Chapter 8 Firewalls

Chapter 9 Intrusion Detection

Auditing and Incident Response

Chapter 10 Managing the Audit Trails

Chapter 11 Incident Response and Forensics

Colophon

Bruce Potter