- 论坛徽章:
- 13
|
Configure Security
Configure Stealth Logging Server – the collection of log files provides security administrators with the ability to have an audit trail for the behavior of an information system. In the event that a system is compromised, remote logging provides a forensic trail to determine what occurred on the system. Michael Shirk will also introduce you to security levels, which are one of the tools that can be used in order to maintain the state of the system when being deployed in production. Additionally, Edward Tan will teach you what is Puppet and how to deploy servers by using it.
Access Control & Authentication
Antoine Jacoutot wrote a quick, yet comprehensive overview of using Kerberos to manage user passwords and single-sign-on on OpenBSD. Erwin Kooi will show your how you can equip your CA with HSM for <50 Euros. The CA is used for identification and authentication of servers, clients and users. Together with author take a closer look at the security of Certificate Authority in his own network.
Intrusion Detection
One of the most annoying things a sysadmin can endure is a system intrusion. A script kiddie might only install an IRC bot, but a skilled intruder can carefully replace core system binaries so as to exploit more systems or extract more data. Learn more about the freebsdupdate as intrusion detection system from Michael W. Lucas! Gain the knowledge how to build a complete intrusion detection system with Snorby on BSD or go through the basic configuration of Snort in IPS mode on a FreeBSD server with Michael Shirk.
Firewalls
When servers got compromised web applications present themselves very often as the entry point. In most cases the reason is an outdated script with known or unknown vulnerabilities or an in-house development which is not properly validating submitted data. Well this is nothing new to you, I hope. The questions is what we can do to prevent this. By reading Benedikt Niessen's article you will learn how to set up a high performance, low maintenance Web Application Firewall in NGINX. Those who are less advanced Toby Richards will lead through a beginner’s understanding of how to use PF in OpenBSD – a built-in firewall called “Packet Filter”.
DDOS Attacks
DOS or DDOS, it is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to target a single system in attempt to make the system resources (cpu,memory,network) unavailable to its intended users and causing system to crash. Learn how to protect your webserver form those attacks and how to make advanced PF configurations against specifics threats from Matthieu Bouthors and Stavros N. Sheeles.
Protecting Dynamic Websites
In the last years there is a tremendous increment in dynamic website and CMS using php. A very large piece of the market of this websites are served by Apache Webserver using MySQL as database basically in Unix systems. Also this tremendous increment of php in dynamic website and Open Source CMS like joomla increase and hackers attacks in order to compromise a website or hack the server to use it in botnet. So someone can wonder, is there anything that can protect my websites except from backups and upgrading our system and software? The answer is yes – says Stavros N. Shales.
Network Security
Have you ever used a public wireless network that has a splash screen such that you have to agree to certain terms before going to the Internet? Toby Richards will show you step by step how to build one of those using OpenBSD’s Packet Filter (pf). You will also learn more about Load Balancers from Richard Batka.
Set up basejail with Qjail and Learn More About jail Management
FreeBSD’s jail system offers process isolation within a separate environment in order to secure the host system. In case of a compromised service, only the jail running that service is affected. In a similar fashion, ZFS allows the creation of a separate filesystem for each jail. Benedict Reuschling, in his article, explains how jails can be quickly instantiated using a third party wrapper script called Qjail. On the other hand, Kris Moore will teach you about jail management named Warden on PC-BSD. This software provided users a brand new graphical method of managing FreeBSD jails on their desktops. For 9.1 Warden has been given a complete makeover, and incorporated directly into the base system. Read the article to find out what are the new features that make PC-BSD 9.1 more versatile than ever for jail administrators and users.
Secure Data
As Matthieu Bouthors claims – encrypting sensitive pieces of data should be mandatory on systems (for instance laptop computers) that may be physically accessed or stolen by untrusted persons. Follow his advices to secure your data. Read Toby Richard's article to establish best Data Classification Policy. Additionally, Joseph Kong will tell you how he learned to stop worrying and love the Sleep Mutex. He addresses his article to the problem of data and state corruption caused by concurrent threads.
Dtrace, GDB(1) and Truss for Debugging
Sometimes you are lucky to have the source code for the program you need to debug. However, there are times when the source code isn’t available. When all hell is breaking loose, what do you do? On your unix machine there are tools that can save the day. OpenBSD, FreeBSD and NetBSD all have the ktrace utility for following the various kernel related activities of a given process. FreeBSD has a tool specifically for tracing system calls. It’s called truss(1) and when used together with gdb(1) it can give you a clearer view into a black box. Carlos Antonio Naira will also introduce you into DTrace and will test some of the providers available for it as well as outputs.
Anatomy of FreeBSD Compromise
While the BSD family is more secure than most, no server or IT system is invulnerable to attack. In this series of articles Rob Somerville examines best practices to prevent disruption and what to do when the worst does happen. You will learn the common techniques used to gain control and what can be done to mitigate the risks. The author describes as well the tools essential to securing, exploiting and penetrating systems. He will teach you to identify the most vulnerable system on our network depending on what services were running on it. Finally you will find out how to compromise a FreeBSD server using different techniques. While the examples here are non-destructive, it is recommended that these tests are carried out on a private test network and definitely not on the Internet or without your employer’s approval.
Multilevel Security Model
By Michael Shirk
Most system administrators understand the need to lock down permissions for files and applications. In addition to these configuration options on FreeBSD, there are features provided by TrustedBSD that add additional layers of specific security controls to fine tune the operating system for multilevel security. This time Michael Shirk will teach you the configuration of the Mandatory Access Controls provided by FreeBSD. You fill also find out how to apply the concepts of multilevel security model to FreeBSD.
BSD Certification
If you are reading this magazine, you are interested in learning more about BSD systems. Perhaps you have seen this magazine’s ads for BSD Certification and want to learn more about this certification program or perhaps you think that certification is not for you. Dru Lavigne in her articles addresses some common misconceptions about certification and describes why you should be BSDA certified. This article outlined some of the benefits provided by a psychometrically valid certification program as well as some tips for learning the skills needed to pass a certification exam. |
|
免费注册
发表于 2012-09-25 21:11
