Book: Mastering FreeBSD and OpenBSD Security
First of all, a clarification here that this review is about the first edition (March 2005) which nowadays is outdated on some aspects. So, why am I posting this review? As some of my readers already know, from time to time I work as a system administrator and during 2006 I was working a lot with BSD systems (mainly FreeBSD). As a result I was reading many books, articles, tutorials, etc. about BSD system administration. One of the aforementioned books was this one. Now, since I recently used it as a reference I decided that it will be nice to write a review about it and here we are!
Part I. Security Foundation
Chapter 1: The Big Picture
This is a gentle introduction to numerous security concepts which apart from the common CIA triad and basic attacks classification, it goes through some nice introductory examples of well known software problems such as buffer overflows, SQL injections, etc. Following is a similar section dedicated to denial of service attacks and improper configuration based mistakes that have security implications. Next, numerous smaller paragraphs deal with every major security subject that an administrator should be aware of including network versus local attacks, physical security, incident response, security process from the initial configuration up to maintenance topics, etc.
Chapter 2: BSD Security Building Blocks
Continuing from the previous chapter, this one introduces some BSD specific security components. For example, after discussing the UFS filesystem flags, FreeBSD’s UFS access lists, secure levels etc. there is a nice section for SYSCTL security related kernel variables like random PIDs support, core dumps control, TCP and UDP black holes, etc. A detailed description of chroot sandboxes is next along with a step-by-step example for NTPd on FreeBSD. After identifying the limitations of chroot it goes to the FreeBSD jails implementation. Once again, authors discuss FreeBSD jails in detail along with actual working examples. Finally, we can find a few sections discussing in theory FreeBSD and/or OpenBSD protections including W^X, ProPolice, etc.
Chapter 3: Secure Installation and Hardening
Starting by identifying the general concerns such as what system you want to build, what’s its purpose, etc. It goes through basic security tips during installation like filesystem partitioning, checksums, updates, etc. Then, it provides a demo of a FreeBSD installation (including some basic system hardening) as well as a similar OpenBSD walkthrough. Finally, it deals with some post-installation configuration security related tricks on popular services such as SSHd, NTPd, etc.
Chapter 4: Secure Administration Techniques
After giving a brief introduction to access control subjects, authors discuss a couple of access control configuration options on both system as well as application level. The following section deals with data recovery in a theoretical level and next we have a section dedicated to upgrading and/or patching. Once again, you can next find a more extensive section regarding network security issues along with working examples. The last section of this chapter is about system monitoring.
Part II. Deployment Situations
Chapter 5: Creating a Secure DNS Server
Chapter five is the beginning of the second part which is more of a how-to/walkthrough guide of setting up and performing some hardening on some specific installations. After an introduction to DNS and common DNS attacks, it starts the server installation process. The installation guide is given for both BIND and djbdns DNS daemons.
Chapter 6: Building Secure Mail Servers
In a similar manner to the previous chapter, this one starts with a quick briefing of mail server setups as well as the most common attacks against such services. The guide provided is for the popular sendmail and postfix email servers.
Chapter 7: Building a Secure Web Server
Always after an introduction to the web server architecture and some web based attacks, the authors move to the actual guide which in this case is about Apache and thttpd web servers.
Chapter 8: Firewalls
Beyond the expected introduction and theory behind firewall design and policies, this chapter a nice starting point for the IPFW and the great PF for FreeBSD and OpenBSD respectively. Apart from designing, configuring and running firewalls using both IPFW and PF, authors provide a section dedicated to CARP.
Chapter 9: Intrusion Detection
The concept in this chapter is the same as in the previous ones of the second part of the book. This means that it begins with a theoretical part for various concepts regarding IDS architectures and moves to the example guide. Of course, the selected IDS software was Snort with ACID. In addition, a guide is also provided for Osiris.
Part III. Auditing and Incident Response
Chapter 10: Managing the Audit Trails
The third part of the book is about managing audits and incident response. Now, chapter ten goes through logging (using syslogd) and loghost securing tips. Then it moves to log monitoring and various system specific automations.
Chapter 11: Incident Response and Forensics
From the first steps of training staff and creation of document templates, it moves to the incident detection, assessment and finally response. This chapter also includes information about forensics on BSD systems providing some realistic cases on systems backdoored with some known rootkits. Furthermore, it demonstrates some well known forensics tools such as Autopsy.
Overall it’s a good book but definitely outdated. It’s very well written and I think it is still useful for people administrating BSD systems since some of the information provided is still applicable on modern installations. However, most administrators shouldn’t be limited to this for good setup of a BSD server. Anyway, in my opinion it’s still a informative book although it needs an update to include various security mechanisms and techniques that have been developed since 2005 when this was published.