In this chapter (pdf), the author defines system security, specifically for OpenBSD and FreeBSD systems, but also more generally. He looks at a variety of attacks so that you, as an administrator, will have some perspective on what you’re trying to defend against. He looks at risk response and describes how exactly you can go about securing your FreeBSD and OpenBSD systems. Also, the FreeBSD 5.4-RELEASE schedule has been published.
Mastering FreeBSD & OpenBSD Security
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
There are already a lot of material dealing with FreeBSD or OpenBSD. Beside Federico Lupi, it appears nobody seems interested in writing a NetBSD book (even Michael Lucas gave up). Anyway, I’m going to buy this new O’Reilly title as soon as it becomes available in stores.
I find that there isn’t as much of a community around Net as the other two “major” BSDs, DragonFly seems to be even more vibrant than Net of late.
Perhaps their users aren’t as inclined to writing as the Free or Open users.
> even Michael Lucas gave up
mmm, I know there was some delays but are you sure ?
http://www.absolutenetbsd.com
Recent research already shows that when security matters the BSDs are the top-notch choice. This book is a great idea because an excellent OS must always be matched with an adequately competent sysadmin.
THe first chapter is a great read about general security principles. Kudos to the authors and to O’Reilly!
But i hope the rest of the book will be more in depth. Because there are alot of books about security that are also applicable on *BSD. There are also online various articles that describe the security of the *BSDs.
I would like to see more information about security and production enviroments. Because that is a topic i can`t find enough information on. (someone got a link?
)
why does every textbook i read exclude Accountability from its definition of security.
the security of a system is compromised if events or changes occur whose origin and reason for being cannot be determined.
some might argue that a service (such as a web service) is not degraded if accountability is not maintained … but you can say the same about privacy – an eavedropper does not necessarily degrade a service.
FreeBSD 5.4 in April.
Ubuntu 5.04 also in April.
OpenBSD 3.7 in May (heck, even on my birthday).
Sounds very promising. 🙂
Good OSS year indeed.Though i hope FreeBSD x86_64 5.4 will boot on my AMD64 ASUS k8n mobo this time.
Speaking of FreeBSD security, I have been too busy to follow the mailing lists for awhile, does anyone know if WPA support will be backported from -CURRENT to 5.4? I’d feel so much safer if I could finally ditch WEP, and setting up a WLAN with IPSEC or SSL is too much of a hassle, to be frank. It reminds me of the endless steps one had to take to get printing on Unix/Linux working a few years ago as compared to using CUPS today.
Anyways, I’ll probably buy this book. Would be nice if some of the money flowed back to support the FreeBSD and OpenBSD projects, like with Lucas’ BSD books. I don’t know if O’Reilly has a policy regarding that.
You might want to try OpenVPN, its extremely easy to set up:
http://openvpn.net/
HaltbareAlpenmilch
A solution would be to not allow your wireless clients any routeable traffic unless they are logged into your VPN–hence you can ditch the weak WEP/WPA encryption and just use the encrypted traffic of your VPN connection.
This is good for someone who doesn’t work in the IT field for an introduction. Anyone with any security training in this field will find the book moot. Granted this in only one chapter, I want to see speicific examples of hardening techniques. If you are looking at buying a book for security buy “absolute openbsd” by Michael Lucas. It not only goes over the OS as a whole, but adds multiple sections that highlight the secruity aspects of openbsd and how to use them. Buying another book that states the same thing is a waste of money.
WHile I like Oreilly, I hope the content of the book does get better.
too much of security today is product led, not policy or needs led.
just becuase you have a firewall doesn’t mean you should deploy it.
FreeBSD boots fine on k8n if you disable apic in the bios or add hint.acpi.apic.0.disabled=”1″ to /boot/loader.conf after you have booted with acpi disabled from the freebsd bootmenu.
I came across this tutorial a while ago, tis nice:
http://www.wi-fiplanet.com/tutorials/article.php/3484186