Sebastopol, CA--FreeBSD and OpenBSD are often considered the "other" free operating systems--other than Linux, that is. However, these two BSD-based operating systems have increasingly gained traction in educational institutions, nonprofits, and corporations worldwide. The reason? They provide significant security advantages over Linux. In fact, security is the primary reason that most system administrators use these two platforms. Oddly enough, books that focus specifically on the security aspects of these two operating systems are rare.
"It's about time that FreeBSD and OpenBSD--operating systems that tout security as one of their greatest assets--have a book on security," says Yanek Korff, coauthor with Paco Hope and Bruce Potter of Mastering FreeBSD and OpenBSD Security (O'Reilly, $49.95). Korff adds, "Deploying these systems without a firm understanding that security must be thought of in advance is folly."
There are plenty of books to help users get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information needed to keep systems secure. Coauthor Potter agrees, citing, "a complete lack of coverage of security in the BSD arena."
FreeBSD and OpenBSD are rife with security building blocks that can be put to use by knowledgeable administrators. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities needs to be tackled one step at a time. "Host-based security is more than just host-lockdown," Potter explains. "Ongoing administration is the key to the overall security of a host."
Many people view security in terms of black and white: either a system is secure or it is not. Korff, Hope, and Potter take another approach, describing security as a journey--a product of ongoing risk management. "Rather than trying to make your system secure, you continually evaluate your exposure to risks and keep the system as secure as it needs to be," they tell readers.
Mastering FreeBSD and OpenBSD Security introduces readers to the wide range of security tools that BSD systems offer so they'll be able to choose which tools apply to their particular situations. "Security is all about matching your defense to the threats you face, not making your system 'go to eleven,'" says Hope. "We show the risks, explain why an administrator cares, and offer a variety of mitigations that the administrator can choose from."
By imparting a solid technical foundation as well as practical know-how, Mastering FreeBSD and OpenBSD Security enables administrators to push their servers' security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate. The book covers the installation of hardened operating system, the installation and configuration of critical services, and the ongoing maintenance of the systems.
Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how to secure the most critical systems. Where other books on BSD systems help readers achieve functionality, this book will help them more thoroughly secure their deployments.
- Chapter 1, "The Big Picture"
- More information about the book, including table of contents, index, author bios, and samples
- A cover graphic in JPEG format
Mastering FreeBSD and OpenBSD Security
Yanek Korff, Paco Hope, and Bruce Potter
ISBN: 0-596-00626-8, 445 pages, $49.95 US, $69.95 CA
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.