Chapter 14. Locking Down Security
Securing your BSD system means many things. To be secure, you need to restrict access to the user accounts and services on the system. However, after that, security means checking that no one has gotten around the defenses you have set up.
FreeBSD, NetBSD, OpenBSD, and other systems based on BSD distributions are designed in many ways to be secure by default. That means that there are no user accounts with blank passwords, that the firewall is restrictive by default, and that most network services (Web, FTP, and so on) are off by default (even if the service's software is installed).
As someone setting up a BSD system, you can go beyond the default settings to make your system even more secure. For example, by setting up services in chrooted jails you can prevent an intruder from accessing parts of the computer system that are outside the compromised service. By encrypting critical data, you can make it nearly impossible for someone to use stolen data.
Although many of the commands covered in this book can be used to check and improve the security of your BSD system, some basic BSD features are particularly geared toward security. For example, secure user accounts with good password ...