< Day Day Up > Mastering FreeBSD and OpenBSD Security By Paco Hope, Yanek Korff, Bruce Potter ............................................... Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00626-8 Pages: 464 Table of Contents | Index | Errata FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non- profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure. FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems. Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real- world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate. Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments. < Day Day Up > < Day Day Up > Mastering FreeBSD and OpenBSD Security By Paco Hope, Yanek Korff, Bruce Potter ............................................... Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00626-8 Pages: 464 Table of Contents | Index | Errata Copyright Preface Audience Assumptions This Book Makes Contents of This Book Conventions Used in This Book Using Code Examples Comments and Questions Safari Enabled Acknowledgments Part I: Security Foundation Chapter 1. The Big Picture Section 1.1. What Is System Security? Section 1.2. Identifying Risks Section 1.3. Responding to Risk Section 1.4. Security Process and Principles Section 1.5. System Security Principles Section 1.6. Wrapping Up Section 1.7. Resources Chapter 2. BSD Security Building Blocks Section 2.1. Filesystem Protections Section 2.2. Tweaking a Running Kernel: sysctl Section 2.3. The Basic Sandbox: chroot Section 2.4. Jail: Beyond chroot Section 2.5. Inherent Protections Section 2.6. OS Tuning Section 2.7. Wrapping Up Section 2.8. Resources Chapter 3. Secure Installation and Hardening Section 3.1. General Concerns Section 3.2. Installing FreeBSD Section 3.3. FreeBSD Hardening: Your First Steps Section 3.4. Installing OpenBSD Section 3.5. OpenBSD Hardening: Your First Steps Section 3.6. Post-Upgrade Hardening Section 3.7. Wrapping Up Section 3.8. Resources Chapter 4. Secure Administration Techniques Section 4.1. Access Control Section 4.2. Security in Everyday Tasks Section 4.3. Upgrading Section 4.4. Security Vulnerability Response Section 4.5. Network Service Security Section 4.6. Monitoring System Health Section 4.7. Wrapping Up Section 4.8. Resources Part II: Deployment Situations Chapter 5. Creating a Secure DNS Server Section 5.1. The Criticality of DNS Section 5.2. DNS Software Section 5.3. Installing BIND Section 5.4. Installing djbdns Section 5.5. Operating BIND Section 5.6. Operating djbdns Section 5.7. Wrapping Up Section 5.8. Resources Chapter 6. Building Secure Mail Servers Section 6.1. Mail Server Attacks Section 6.2. Mail Architecture Section 6.3. Mail and DNS Section 6.4. SMTP Section 6.5. Mail Server Configurations Section 6.6. Sendmail Section 6.7. Postfix Section 6.8. qmail Section 6.9. Mail Access Section 6.10. Wrapping Up Section 6.11. Resources Chapter 7. Building a Secure Web Server Section 7.1. Web Server Attacks Section 7.2. Web Architecture Section 7.3. Apache Section 7.4. thttpd Section 7.5. Advanced Web Servers with Jails Section 7.6. Wrapping Up Section 7.7. Resources Chapter 8. Firewalls Section 8.1. Firewall Architectures Section 8.2. Host Lockdown Section 8.3. The Options: IPFW Versus PF Section 8.4. Basic IPFW Configuration Section 8.5. Basic PF Configuration Section 8.6. Handling Failure Section 8.7. Wrapping Up Section 8.8. Resources Chapter 9. Intrusion Detection Section 9.1. No Magic Bullets Section 9.2. IDS Architectures Section 9.3. NIDS on BSD Section 9.4. Snort Section 9.5. ACID Section 9.6. HIDS on BSD Section 9.7. Wrapping Up Section 9.8. Resources Part III: Auditing and Incident Response Chapter 10. Managing the Audit Trails Section 10.1. System Logging Section 10.2. Logging via syslogd Section 10.3. Securing a Loghost Section 10.4. logfile Management Section 10.5. Automated Log Monitoring Section 10.6. Automated Auditing Scripts Section 10.7. Wrapping Up Section 10.8. Resources Chapter 11. Incident Response and Forensics Section 11.1. Incident Response Section 11.2. Forensics on BSD Section 11.3. Digging Deeper with the Sleuth Kit Section 11.4. Wrapping Up Section 11.5. Resources Colophon Index < Day Day Up > < Day Day Up > Copyright © 2005 O'Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O'Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc. Mastering FreeBSD and OpenBSD Security, the image of the fencers, and related trade dress are trademarks of O'Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. < Day Day Up > < Day Day Up > Preface Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offence. Something there is that doesn't love a wall, That wants it down. -Robert Frost "Mending Wall" FreeBSD and OpenBSD are often considered the "other" free operating systems besides Linux. However, in recent Netcraft surveys, the five most reliable web sites on the planet run FreeBSD. OpenBSD, too, is deployed on thousands of security servers around the world. These two BSD-based operating systems are rapidly gaining traction in educational institutions, non-profits, and corporations worldwide. Plenty of books exist to help you get a FreeBSD or OpenBSD system off the ground. All of them touch on security, but most only dedicate a chapter to it. In sharp contrast, we think it's worth spending an entire book on the subject. FreeBSD and OpenBSD are rife with security "building blocks" that you can use to really take security and "kick it up a notch." These operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities will leave you dizzy if you don't take things one step at a time. Mastering FreeBSD and OpenBSD Security complements existing books on FreeBSD and OpenBSD administration. Where others help you achieve functionality, we help you build security-minded deployments. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems. < Day Day Up > < Day Day Up > Audience This book is written by system administrators for system administrators. If you're looking for a complete idiot or dummy guide, this book is not for you. We're talking to administrators who have installed a Unix-like operating system before. Almost any will do, but this book is all about what sets FreeBSD and OpenBSD apart from other Unices. You'll get the most out of this book if you're comfortable administering BSD operating systems and want to take your experience one step farther. Administrators at various skill levels and in organizations of any size can benefit from secure BSD systems. Junior administrators who know how to get a Unix system off the ground can use this book to develop a sound foundation in systems security. Experienced administrators, like experienced cooks, will find new recipes that they can add to their existing repertoire.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages589 Page
-
File Size-