Chapter 30. Network Security

IN THIS CHAPTER

• Choosing a Security Model Based on Your Security Risks

• Security Models

• The Security Risks You Face

• Password Policies

• Avoiding Problems with Clear-Text Services

• Securing Terminal Traffic (SSH)

• Securing Email Services (POP3 and IMAP)

• Securing FTP

• Securing Apache

• System Security Profiles and Kernel Security (Securelevels)

• Using a Firewall

• Preventing Intrusions and Compromises

• Denial of Service (DOS) Attacks

• Physical Security

• Other Security Resources

System security is arguably the most important part of any administrator's job, whether it applies to a Windows server, a commercial UNIX system, Linux, or FreeBSD. More books have probably been written about security issues than about any other topicand with good reason. It's an immensely complex subject, but one that's crucially important to the success of a networked system. Although this chapter can't cover every facet of system security, it offers a good, general overview of the topic and includes information on all critical aspects of the topic.

This chapter helps you develop a security policy for your FreeBSD system based on the risk factors it faces in its role as a server or workstation. This chapter will give you the tools you need to monitor your system's perimeter, keep on top of alerts that are raised in the field, patch your system in response to those alerts, and make sure the services you provide to your users are not opening your system up to attack. It also gives you some idea of what you can do to recover whennot ifyour machine is hacked.