Secure Architectures with OpenBSD 1st Edition

8 customer reviews
ISBN-13: 078-5342193664
ISBN-10: 0321193660
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
Buy new
Amazon Price New from Used from
"Please retry"
Paperback, April 17, 2004
"Please retry"
$15.12 $0.40
More Buying Choices
23 New from $15.12 21 Used from $0.40
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

InterDesign Brand Store Awareness Rent Textbooks
$30.28 FREE Shipping on orders over $35. Only 3 left in stock (more on the way). Ships from and sold by Gift-wrap available.

Frequently Bought Together

Secure Architectures with OpenBSD + Mastering FreeBSD and OpenBSD Security
Price for both: $74.89

Buy the selected items together

Editorial Reviews

From the Back Cover

"This book works in tandem with the OpenBSD's manual pages. As a result, it will help many users grow and get the most from the system."—Theo de Raadt, OpenBSD project leader.

"The OpenBSD system intimidates many administrators who would benefit from using it. This book lets people start much higher up on the curve. Secure Architectures with OpenBSD not only presents the hows, but also shows some of the whys that only insiders know."Mike Frantzen, NFR Security

"Secure Architectures with OpenBSD explains all of the tasks an administrator has to know about to successfully maintain an OpenBSD server. It helps the reader save time by condensing the vast amount of information available in man pages into a compact form, reducing unneeded information, and explaining other things in much more detail and prose than a man page can afford."Daniel Hartmeier, the OpenBSD Project

"This book will become the de facto text for OpenBSD administration. Unix and BSD books abound, but none cover OpenBSD with the clarity and expertise of Palmer and Nazario. They explain the optimal way to configure and administer your OpenBSD machines, with a keen eye to security at all stages."Brian Hatch, coauthor of Hacking Exposed Linux and Building Linux Virtual Private Networks

Descended from BSD, OpenBSD is a popular choice for those who demand stability and security from their operating system. No code goes into OpenBSD without first undergoing a rigorous security check, making it a terrific choice for Web servers, VPNs, and firewalls.

Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.

After getting readers started with OpenBSD, the authors explain system configuration and administration, then explore more exotic hardware and advanced topics. Every chapter of the book addresses the issue of security because security is integrated into almost every facet of OpenBSD. Examples appear throughout the book, and the authors provide source code and system details unavailable anywhere else. This goes well beyond the basics and gives readers information they will need long after they have installed the system.

Key topic coverage includes:
  • Installation and upgrade details
  • Basic system usage in OpenBSD versus other Unix systems
  • Third-party software via packages and the ports tree
  • SMTP services in OpenBSD
  • Web services with Apache
  • Using OpenBSD as a firewall
  • OpenBSD as a Kerberos V client and server
  • Use of Ipsec
  • Configuration and use of IPv6
  • Network intrusion detection

Secure Architectures with OpenBSD takes you inside OpenBSD, giving you the insights and expertise no system manual can provide. The companion Web site tracks advances and changes made to the operating system, and it contains updates to the book and working code samples.

About the Author

Brandon Palmer is a member of Crimelabs Security Research Group, a think tank and consulting firm, and has performed security audits and penetration testing for networks and systems.

Jose Nazario is a senior software engineer at Arbor Networks, an Internet security company. As a member of the OpenBSD project, he has written ports, made bug notes, and contributed to the code. Jose also runs the community forum at and serves as a consultant and researcher at Crimelabs Security Research Group.


Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 544 pages
  • Publisher: Addison-Wesley Professional; 1 edition (April 17, 2004)
  • Language: English
  • ISBN-10: 0321193660
  • ISBN-13: 978-0321193667
  • Product Dimensions: 7 x 1.2 x 9 inches
  • Shipping Weight: 1.8 pounds (View shipping rates and policies)
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (8 customer reviews)
  • Amazon Best Sellers Rank: #1,820,745 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

19 of 19 people found the following review helpful By Stephen Northcutt on April 19, 2004
Format: Paperback
Most of the information is available from other sources and if your run OpenBSD and want to keep 50 howtos and a couple general books on Unix handy you can do without this book. However, I am lazy and I like having the information I need at my fingertips with syntax that works the first time on the operating system I am using.
The authors and Addison Wesley are to be congratulated for the fantastic layout, the "code" examples stand out, they are pithy and illustrate the point. The one exception to that is the IPsec VPN chapter. Also, it is really easy reading for such a bone breakingly technical book.
I particularly enjoyed the PF chapter, it is a first rate treatment of firewalling, covers the bases nicely. The backup chapter is also well done, but I would argue more strongly on behalf of level 0 (full) backups. It is a an important enough concept to get more than a sentence. The introduction to systrace was wonderful. I am not sure covering snort in 7 pages is a good idea, but the fundamentals are there. I know covering apache in 9 pages is asking for trouble since it tends to be internet reachable.
If you are looking for a platform with better networking capability than Linux, or if you are already running OpenBSD in anything other than a purely hobbyist fashion, you should strongly consider this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
14 of 14 people found the following review helpful By Mike Tarrani HALL OF FAMETOP 10 REVIEWER on June 20, 2004
Format: Paperback
Before buying this book you need to understand a few facts about it:
- at first glance the title may lead you to believe it's about securing OpenBSD - it's not. It is about using an inherently secure operating system, OpenBSD, to its best advantage.
- you will need to be an experienced UNIX or Linux (or ideally OpenBSD) system admin to get the most out of the content.
- it is intended to be used in conjunction with OpenBSD man pages; as noted by another reviewer this book aggregates a lot of OpenBSD documentation, making it a convenient reference.
Because OpenBSD is more than a little different from other *NIX variants, and because it is cantankerous with respect to installation and configuration, the material in this book will save a lot of time and reduce the learning curve for anyone migrating to the OpenBSD environment. Reasons for this migration include the enhanced security by default and the inherent stability of this operating system.
Chapters 3, 4 and 5 are good places to start to get up-to-speed in OpenBSD because they thoroughly cover installation, basic use (especially with respect to the not-so-standard filesystem layout), and basic default services. All of Section II is essential reading for those new to OpenBSD. Among the topics covered are user admin (almost identical to other *NIX variants), pre-compiled third party software packages (unique to OpenBSD, especially with respect to ports tree), and other administrative tasks and operations. Section III, advanced features, is also essential and will greatly reduce the learning curve.
Overall this is an exceptionally well-written book that covers everything you need to know about OpenBSD from installation, and administration maintenance perspectives.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
10 of 10 people found the following review helpful By Boyd Waters on July 30, 2004
Format: Paperback Verified Purchase
I should have read the other reviews:

"at first glance the title may lead you to believe it's about securing OpenBSD - it's not. It is about using an inherently secure operating system, OpenBSD, to its best advantage."

Fair enough. As an introduction to OpenBSD for those with experience with other Unix systems, this is a great book. But I can read the man pages and other documentation. I wanted a book that discussed a way to build secure networks with OpenBSD as one component.

The chapter on VPN setup is the best that I have seen on that subject. But otherwise, it's a walk-through of basic installation and configuration.

I also purchased "Building Firewalls with OpenBSD and PF", and it is more what I was looking for: less about OpenBSD itself, and more about how to apply the system to protect your network.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
11 of 12 people found the following review helpful By Richard Bejtlich on June 27, 2004
Format: Paperback
About a year ago I read and reviewed Michael Lucas' excellent "Absolute OpenBSD." That book covered OpenBSD 3.2 and the CURRENT of that time, pre-3.3. Palmer and Nazario's "Secure Architectures with OpenBSD" (SAWO) addresses OpenBSD 3.4, which at the time of writing is just behind the current release (3.5). Lucas' book is an excellent introduction to OpenBSD by a relative outsider; SAWO is a more detailed discussion by insiders. Each has its strengths and I highly recommend both.
My favorite aspect of SAWO is its coverage of the internal workings of certain aspects of OpenBSD. Ch 4 features an enlightening walk-through of the /etc/rc script. Ch 13 not only describes how to use the ports tree, it explains how that system of software installation works. In some cases the authors reach beyond subjects strictly associated with OpenBSD, such as compilers (ch 21) and CVS (appendix A and elsewhere). As OpenBSD relies heavily on widely-used open source tools for standard administration, I welcome these discussions.
I also congratulate the authors' decision to focus on practical aspects of OpenBSD administration or functionality. Ch 3 gives installation advice for non-i386 hardware users. Ch 17 explains how to enable STARTTLS. Ch 22 shows why Pf is superior to many or most commercial firewalls. Some of the material can even be applied to the other BSDs, like the coverage of mergemaster in ch 31 or the advice on using IPv6 in tandem with IPv4 in ch 28.
I only have a few critiques of SAWO. Ch 27 (VPNs) was a little terse and hard to follow. I didn't think the authors needed to address applications like Snort (ch 30), when entire best-selling books are written about that very topic. I did not see a single diagram in the whole book.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Secure Architectures with OpenBSD
This item: Secure Architectures with OpenBSD
Price: $30.28
Ships from and sold by