Mastering FreeBSD and OpenBSD Security (Paperback)

Yanek Korff, Paco Hope, Bruce Potter

  • 出版商: O'Reilly
  • 售價: $2,020
  • 貴賓價: 9.5$1,919
  • 語言: 英文
  • 頁數: 350
  • 裝訂: Paperback
  • ISBN: 0596006268
  • ISBN-13: 9780596006266
  • 相關分類: BSD資訊安全
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Description:

FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms.

There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure.

FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems.

Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate.

Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.

Table of Contents:

Preface

Part I. Security Foundation

1. The Big Picture

     What Is System Security?

     Identifying Risks

     Responding to Risk

     Security Process and Principles

     System Security Principles

     Wrapping Up

     Resources

2. BSD Security Building Blocks

     Filesystem Protections

     Tweaking a Running Kernel: sysctl

     The Basic Sandbox: chroot

     Jail: Beyond chroot

     Inherent Protections

     OS Tuning

     Wrapping Up

     Resources

3. Secure Installation and Hardening

     General Concerns

     Installing FreeBSD

     FreeBSD Hardening: Your First Steps

     Installing OpenBSD

     OpenBSD Hardening: Your First Steps

     Post-Upgrade Hardening

     Wrapping Up

     Resources

4. Secure Administration Techniques

     Access Control

     Security in Everyday Tasks

     Upgrading

     Security Vulnerability Response

     Network Service Security

     Monitoring System Health

     Wrapping Up

     Resources

Part II. Deployment Situations

5. Creating a Secure DNS Server

     The Criticality of DNS

     DNS Software

     Installing BIND

     Installing djbdns

     Operating BIND

     Operating djbdns

     Wrapping Up

     Resources

6. Building Secure Mail Servers

     Mail Server Attacks

     Mail Architecture

     Mail and DNS

     SMTP

     Mail Server Configurations

     Sendmail

     Postfix

     qmail

     Mail Access

     Wrapping Up

     Resources

7. Building a Secure Web Server

     Web Server Attacks

     Web Architecture

     Apache

     thttpd

     Advanced Web Servers with Jails

     Wrapping Up

     Resources

8. Firewalls

     Firewall Architectures

     Host Lockdown

     The Options: IPFW Versus PF

     Basic IPFW Configuration

     Basic PF Configuration

     Handling Failure

     Wrapping Up

     Resources

9. Intrusion Detection

     No Magic Bullets

     IDS Architectures

     NIDS on BSD

     Snort

     ACID

     HIDS on BSD

     Wrapping Up

     Resources

Part III. Auditing and Incident Response

10. Managing the Audit Trails

     System Logging

     Logging via syslogd

     Securing a Loghost

     logfile Management

     Automated Log Monitoring

     Automated Auditing Scripts

     Wrapping Up

     Resources

11. Incident Response and Forensics

     Incident Response

     Forensics on BSD

     Digging Deeper with the Sleuth Kit

     Wrapping Up

     Resources

Index

商品描述(中文翻譯)

描述:
FreeBSD和OpenBSD在全球的教育機構、非營利組織和企業中越來越受到重視,因為它們相對於Linux提供了顯著的安全優勢。儘管BSD操作系統的穩定性、組織清晰度和穩定性都有很多值得稱道的地方,但安全性是系統管理員使用這兩個平台的主要原因之一。有很多書籍可以幫助您啟動FreeBSD或OpenBSD系統,並且它們都在某種程度上涉及安全性,通常會將一章專門用於該主題。但是,由於安全性通常被稱為當今系統管理員的主要關注點,單獨的一章無法提供您保持系統安全所需的深度信息。FreeBSD和OpenBSD充滿了可以利用的安全“構建塊”,《精通FreeBSD和OpenBSD安全》向您展示了如何使用這些構建塊。這兩個操作系統都具有超越傳統Unix權限和控制的內核選項和文件系統功能。這種強大和靈活性非常有價值,但是龐大的可能性需要一步一步地解決。本書將引導您完成強化操作系統的安裝、關鍵服務的安裝和配置,以及FreeBSD和OpenBSD系統的持續維護。本書採用了一種基於應用程序的方法,建立在您現有的知識基礎上,提供了有關FreeBSD和OpenBSD安全性的可靠技術信息,並提供了大量的實際示例,以幫助您配置和部署安全系統。通過提供堅實的技術基礎和實用的專業知識,它使管理員能夠將其服務器的安全性提升到更高的水平。即使是在其他環境中(如Linux和Solaris)的管理員也可以找到有用的範例來模仿。由擁有兩十年操作系統經驗的安全專業人員撰寫,《精通FreeBSD和OpenBSD安全》深入解釋了如何保護最關鍵系統的廣泛知識。與其他關於BSD系統的書籍幫助您實現功能不同,本書將幫助您更全面地保護您的部署。

目錄:
前言
第一部分:安全基礎
1. 大局觀
- 什麼是系統安全?
- 確定風險
- 回應風險
- 安全過程和原則
- 系統安全原則
- 總結
- 資源
2. BSD安全構建塊
- 文件系統保護
- 調整運行中的內核:sysctl
- 基本沙盒:chroot
- 監獄:超越chroot
- 內建保護
- 操作系統調整
- 總結
- 資源
3. 安全安裝和強化
- 一般問題
- 安裝FreeBSD
- 安裝OpenBSD
- 硬化操作系統
- 總結