Mastering FreeBSD and OpenBSD Security Building, Securing, and Maintaining BSD Systems

Name: Mastering FreeBSD and OpenBSD Security Building, Securing, and Maintaining BSD Systems
Price: 34.91 USD
Availability: InStock
ISBN: 9780596006266

ISBN-10: 0596006268

ISBN-13: 9780596006266

Edition: 2005

Authors: Yanek Korff, Paco Hope, Bruce Potter

List price: $49.99

30 day, 100% satisfaction guarantee!

Buy new: $34.91

Marketplace

2 new & used from $38.32

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide…

Book details

List price: $49.99
Copyright year: 2005
Publisher: O'Reilly Media, Incorporated
Publication date: 4/19/2005
Binding: Paperback
Pages: 462
Size: 7.44" wide x 9.29" long x 0.98" tall
Weight: 1.826
Language: English

Paco Hope is a Technical Manager at Cigital, Inc. and co-author of Mastering FreeBSD and OpenBSD Security (April 2005, O'Reilly, ISBN 0596006268). Mr. Hope has also published articles on Misuse and Abuse Cases and PKI. He has been invited to conferences to speak on topics such as software security re-quirements, web application security, and embedded system security. At Cigi-tal, he has served as a subject matter expert to MasterCard International for security policies and has assisted a Fortune 500 hospitality company in writ-ing software security policy. He also trains software developers and testers in the fundamentals of software security. In the gaming and mobile communica-tions…



Preface



Security Foundation



The Big Picture


What Is System Security?


Identifying Risks


Responding to Risk


Security Process and Principles


System Security Principles


Wrapping Up


Resources



BSD Security Building Blocks


Filesystem Protections


Tweaking a Running Kernel: sysctl


The Basic Sandbox: chroot


Jail: Beyond chroot


Inherent Protections


OS Tuning


Wrapping Up


Resources



Secure Installation and Hardening


General Concerns


Installing FreeBSD


FreeBSD Hardening: Your First Steps


Installing OpenBSD


OpenBSD Hardening: Your First Steps


Post-Upgrade Hardening


Wrapping Up


Resources



Secure Administration Techniques


Access Control


Security in Everyday Tasks


Upgrading


Security Vulnerability Response


Network Service Security


Monitoring System Health


Wrapping Up


Resources



Deployment Situations



Creating a Secure DNS Server


The Criticality of DNS


DNS Software


Installing BIND


Installing djbdns


Operating BIND


Operating djbdns


Wrapping Up


Resources



Building Secure Mail Servers


Mail Server Attacks


Mail Architecture


Mail and DNS


SMTP


Mail Server Configurations


Sendmail


Postfix


qmail


Mail Access


Wrapping Up


Resources



Building a Secure Web Server


Web Server Attacks


Web Architecture


Apache


thttpd


Advanced Web Servers with Jails


Wrapping Up


Resources



Firewalls


Firewall Architectures


Host Lockdown


The Options: IPFW Versus PF


Basic IPFW Configuration


Basic PF Configuration


Handling Failure


Wrapping Up


Resources



Intrusion Detection


No Magic Bullets


IDS Architectures


NIDS on BSD


Snort


ACID


HIDS on BSD


Wrapping Up


Resources



Auditing and Incident Response



Managing the Audit Trails


System Logging


Logging via syslogd


Securing a Loghost


logfile Management


Automated Log Monitoring


Automated Auditing Scripts


Wrapping Up


Resources



Incident Response and Forensics


Incident Response


Forensics on BSD


Digging Deeper with the Sleuth Kit


Wrapping Up


Resources


Index