| | Copyright |
| | Preface |
| | | Audience |
| | | Assumptions This Book Makes |
| | | Contents of This Book |
| | | Conventions Used in This Book |
| | | Using Code Examples |
| | | Comments and Questions |
| | | Safari Enabled |
| | | Acknowledgments |
| | Part I: Security Foundation |
| | | Chapter 1. The Big Picture |
| | | Section 1.1. What Is System Security? |
| | | Section 1.2. Identifying Risks |
| | | Section 1.3. Responding to Risk |
| | | Section 1.4. Security Process and Principles |
| | | Section 1.5. System Security Principles |
| | | Section 1.6. Wrapping Up |
| | | Section 1.7. Resources |
| | | Chapter 2. BSD Security Building Blocks |
| | | Section 2.1. Filesystem Protections |
| | | Section 2.2. Tweaking a Running Kernel: sysctl |
| | | Section 2.3. The Basic Sandbox: chroot |
| | | Section 2.4. Jail: Beyond chroot |
| | | Section 2.5. Inherent Protections |
| | | Section 2.6. OS Tuning |
| | | Section 2.7. Wrapping Up |
| | | Section 2.8. Resources |
| | | Chapter 3. Secure Installation and Hardening |
| | | Section 3.1. General Concerns |
| | | Section 3.2. Installing FreeBSD |
| | | Section 3.3. FreeBSD Hardening: Your First Steps |
| | | Section 3.4. Installing OpenBSD |
| | | Section 3.5. OpenBSD Hardening: Your First Steps |
| | | Section 3.6. Post-Upgrade Hardening |
| | | Section 3.7. Wrapping Up |
| | | Section 3.8. Resources |
| | | Chapter 4. Secure Administration Techniques |
| | | Section 4.1. Access Control |
| | | Section 4.2. Security in Everyday Tasks |
| | | Section 4.3. Upgrading |
| | | Section 4.4. Security Vulnerability Response |
| | | Section 4.5. Network Service Security |
| | | Section 4.6. Monitoring System Health |
| | | Section 4.7. Wrapping Up |
| | | Section 4.8. Resources |
| | Part II: Deployment Situations |
| | | Chapter 5. Creating a Secure DNS Server |
| | | Section 5.1. The Criticality of DNS |
| | | Section 5.2. DNS Software |
| | | Section 5.3. Installing BIND |
| | | Section 5.4. Installing djbdns |
| | | Section 5.5. Operating BIND |
| | | Section 5.6. Operating djbdns |
| | | Section 5.7. Wrapping Up |
| | | Section 5.8. Resources |
| | | Chapter 6. Building Secure Mail Servers |
| | | Section 6.1. Mail Server Attacks |
| | | Section 6.2. Mail Architecture |
| | | Section 6.3. Mail and DNS |
| | | Section 6.4. SMTP |
| | | Section 6.5. Mail Server Configurations |
| | | Section 6.6. Sendmail |
| | | Section 6.7. Postfix |
| | | Section 6.8. qmail |
| | | Section 6.9. Mail Access |
| | | Section 6.10. Wrapping Up |
| | | Section 6.11. Resources |
| | | Chapter 7. Building a Secure Web Server |
| | | Section 7.1. Web Server Attacks |
| | | Section 7.2. Web Architecture |
| | | Section 7.3. Apache |
| | | Section 7.4. thttpd |
| | | Section 7.5. Advanced Web Servers with Jails |
| | | Section 7.6. Wrapping Up |
| | | Section 7.7. Resources |
| | | Chapter 8. Firewalls |
| | | Section 8.1. Firewall Architectures |
| | | Section 8.2. Host Lockdown |
| | | Section 8.3. The Options: IPFW Versus PF |
| | | Section 8.4. Basic IPFW Configuration |
| | | Section 8.5. Basic PF Configuration |
| | | Section 8.6. Handling Failure |
| | | Section 8.7. Wrapping Up |
| | | Section 8.8. Resources |
| | | Chapter 9. Intrusion Detection |
| | | Section 9.1. No Magic Bullets |
| | | Section 9.2. IDS Architectures |
| | | Section 9.3. NIDS on BSD |
| | | Section 9.4. Snort |
| | | Section 9.5. ACID |
| | | Section 9.6. HIDS on BSD |
| | | Section 9.7. Wrapping Up |
| | | Section 9.8. Resources |
| | Part III: Auditing and Incident Response |
| | | Chapter 10. Managing the Audit Trails |
| | | Section 10.1. System Logging |
| | | Section 10.2. Logging via syslogd |
| | | Section 10.3. Securing a Loghost |
| | | Section 10.4. logfile Management |
| | | Section 10.5. Automated Log Monitoring |
| | | Section 10.6. Automated Auditing Scripts |
| | | Section 10.7. Wrapping Up |
| | | Section 10.8. Resources |
| | | Chapter 11. Incident Response and Forensics |
| | | Section 11.1. Incident Response |
| | | Section 11.2. Forensics on BSD |
| | | Section 11.3. Digging Deeper with the Sleuth Kit |
| | | Section 11.4. Wrapping Up |
| | | Section 11.5. Resources |
| | Colophon |
| | Index |