Mastering FreeBSD and OpenBSD Security

First Edition April 2005
ISBN 978-0-596-00626-6
Seiten 462
EUR48.00, SFR78.90

Weitere Informationen zu diesem Buch

Inhaltsverzeichnis | Index | Probekapitel | Kolophon | Rezensionen |

Buch weiterempfehlen

Inhaltsverzeichnis

	


Preface 

Part I. Security Foundation

1. The Big Picture

      What Is System Security? 

      Identifying Risks 

      Responding to Risk 

      Security Process and Principles 

      System Security Principles 

      Wrapping Up 

      Resources 

2. BSD Security Building Blocks

      Filesystem Protections 

      Tweaking a Running Kernel: sysctl 

      The Basic Sandbox: chroot 

      Jail: Beyond chroot 

      Inherent Protections 

      OS Tuning 

      Wrapping Up 

      Resources 

3. Secure Installation and Hardening

      General Concerns 

      Installing FreeBSD 

      FreeBSD Hardening: Your First Steps 

      Installing OpenBSD 

      OpenBSD Hardening: Your First Steps 

      Post-Upgrade Hardening 

      Wrapping Up 

      Resources 

4. Secure Administration Techniques

      Access Control 

      Security in Everyday Tasks 

      Upgrading 

      Security Vulnerability Response 

      Network Service Security 

      Monitoring System Health 

      Wrapping Up 

      Resources 

Part II. Deployment Situations

5. Creating a Secure DNS Server

      The Criticality of DNS 

      DNS Software 

      Installing BIND 

      Installing djbdns 

      Operating BIND 

      Operating djbdns 

      Wrapping Up 

      Resources 

6. Building Secure Mail Servers

      Mail Server Attacks 

      Mail Architecture 

      Mail and DNS 

      SMTP 

      Mail Server Configurations 

      Sendmail 

      Postfix 

      qmail 

      Mail Access 

      Wrapping Up 

      Resources 

7. Building a Secure Web Server

      Web Server Attacks 

      Web Architecture 

      Apache 

      thttpd 

      Advanced Web Servers with Jails 

      Wrapping Up 

      Resources 

8. Firewalls

      Firewall Architectures 

      Host Lockdown 

      The Options: IPFW Versus PF 

      Basic IPFW Configuration 

      Basic PF Configuration 

      Handling Failure 

      Wrapping Up 

      Resources 

9. Intrusion Detection

      No Magic Bullets 

      IDS Architectures 

      NIDS on BSD 

      Snort 

      ACID 

      HIDS on BSD 

      Wrapping Up 

      Resources 

Part III. Auditing and Incident Response

10. Managing the Audit Trails

      System Logging 

      Logging via syslogd 

      Securing a Loghost 

      logfile Management 

      Automated Log Monitoring 

      Automated Auditing Scripts 

      Wrapping Up 

      Resources 

11. Incident Response and Forensics

      Incident Response 

      Forensics on BSD 

      Digging Deeper with the Sleuth Kit 

      Wrapping Up 

      Resources 

Index

Zurück zu Mastering FreeBSD and OpenBSD Security


Themen

Buchreihen

Special Interest

International Sites

O'Reilly China O'Reilly France O'Reilly USA O'Reilly Japan O'Reilly Taiwan