Secure Architectures with OpenBSD [Paperback]

Brandon Palmer (Author), Jose Nazario (Author)

Book Description

ISBN-10: 0321193660 | ISBN-13: 978-0321193667 | Publication Date: April 17, 2004 | Edition: 1

"This book works in tandem with the OpenBSD's manual pages. As a result, it will help many users grow and get the most from the system."—Theo de Raadt, OpenBSD project leader.

"The OpenBSD system intimidates many administrators who would benefit from using it. This book lets people start much higher up on the curve. Secure Architectures with OpenBSD not only presents the hows, but also shows some of the whys that only insiders know."—Mike Frantzen, NFR Security

"Secure Architectures with OpenBSD explains all of the tasks an administrator has to know about to successfully maintain an OpenBSD server. It helps the reader save time by condensing the vast amount of information available in man pages into a compact form, reducing unneeded information, and explaining other things in much more detail and prose than a man page can afford."—Daniel Hartmeier, the OpenBSD Project

"This book will become the de facto text for OpenBSD administration. Unix and BSD books abound, but none cover OpenBSD with the clarity and expertise of Palmer and Nazario. They explain the optimal way to configure and administer your OpenBSD machines, with a keen eye to security at all stages."—Brian Hatch, coauthor of Hacking Exposed Linux and Building Linux Virtual Private Networks

Descended from BSD, OpenBSD is a popular choice for those who demand stability and security from their operating system. No code goes into OpenBSD without first undergoing a rigorous security check, making it a terrific choice for Web servers, VPNs, and firewalls.

Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.

After getting readers started with OpenBSD, the authors explain system configuration and administration, then explore more exotic hardware and advanced topics. Every chapter of the book addresses the issue of security because security is integrated into almost every facet of OpenBSD. Examples appear throughout the book, and the authors provide source code and system details unavailable anywhere else. This goes well beyond the basics and gives readers information they will need long after they have installed the system.

Key topic coverage includes:

• Installation and upgrade details
• Basic system usage in OpenBSD versus other Unix systems
• Third-party software via packages and the ports tree
• SMTP services in OpenBSD
• Web services with Apache
• Using OpenBSD as a firewall
• OpenBSD as a Kerberos V client and server
• Use of Ipsec
• Configuration and use of IPv6
• Network intrusion detection

Secure Architectures with OpenBSD takes you inside OpenBSD, giving you the insights and expertise no system manual can provide. The companion Web site tracks advances and changes made to the operating system, and it contains updates to the book and working code samples.

Editorial Reviews

From the Back Cover

"This book works in tandem with the OpenBSD's manual pages. As a result, it will help many users grow and get the most from the system."—Theo de Raadt, OpenBSD project leader.

"The OpenBSD system intimidates many administrators who would benefit from using it. This book lets people start much higher up on the curve. Secure Architectures with OpenBSD not only presents the hows, but also shows some of the whys that only insiders know."—Mike Frantzen, NFR Security

"Secure Architectures with OpenBSD explains all of the tasks an administrator has to know about to successfully maintain an OpenBSD server. It helps the reader save time by condensing the vast amount of information available in man pages into a compact form, reducing unneeded information, and explaining other things in much more detail and prose than a man page can afford."—Daniel Hartmeier, the OpenBSD Project

"This book will become the de facto text for OpenBSD administration. Unix and BSD books abound, but none cover OpenBSD with the clarity and expertise of Palmer and Nazario. They explain the optimal way to configure and administer your OpenBSD machines, with a keen eye to security at all stages."—Brian Hatch, coauthor of Hacking Exposed Linux and Building Linux Virtual Private Networks

Descended from BSD, OpenBSD is a popular choice for those who demand stability and security from their operating system. No code goes into OpenBSD without first undergoing a rigorous security check, making it a terrific choice for Web servers, VPNs, and firewalls.

Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.

After getting readers started with OpenBSD, the authors explain system configuration and administration, then explore more exotic hardware and advanced topics. Every chapter of the book addresses the issue of security because security is integrated into almost every facet of OpenBSD. Examples appear throughout the book, and the authors provide source code and system details unavailable anywhere else. This goes well beyond the basics and gives readers information they will need long after they have installed the system.

Key topic coverage includes:

• Installation and upgrade details
• Basic system usage in OpenBSD versus other Unix systems
• Third-party software via packages and the ports tree
• SMTP services in OpenBSD
• Web services with Apache
• Using OpenBSD as a firewall
• OpenBSD as a Kerberos V client and server
• Use of Ipsec
• Configuration and use of IPv6
• Network intrusion detection

Secure Architectures with OpenBSD takes you inside OpenBSD, giving you the insights and expertise no system manual can provide. The companion Web site tracks advances and changes made to the operating system, and it contains updates to the book and working code samples.

About the Author

Brandon Palmer is a member of Crimelabs Security Research Group, a think tank and consulting firm, and has performed security audits and penetration testing for networks and systems.

Jose Nazario is a senior software engineer at Arbor Networks, an Internet security company. As a member of the OpenBSD project, he has written ports, made bug notes, and contributed to the code. Jose also runs the community forum at www.deadly.org and serves as a consultant and researcher at Crimelabs Security Research Group.

See all Editorial Reviews

Product Details

• Paperback: 544 pages
• Publisher: Addison-Wesley Professional; 1 edition (April 17, 2004)
• Language: English
• ISBN-10: 0321193660
• ISBN-13: 978-0321193667
• Product Dimensions: 9.3 x 6.9 x 1 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #1,127,485 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

19 of 19 people found the following review helpful:

4.0 out of 5 stars If you run OpenBSD, this book will stay within arms reach, April 20, 2004

By 

Stephen Northcutt (Kauai, HI USA) - See all my reviews
(REAL NAME)   

This review is from: Secure Architectures with OpenBSD (Paperback)

Most of the information is available from other sources and if your run OpenBSD and want to keep 50 howtos and a couple general books on Unix handy you can do without this book. However, I am lazy and I like having the information I need at my fingertips with syntax that works the first time on the operating system I am using.

The authors and Addison Wesley are to be congratulated for the fantastic layout, the "code" examples stand out, they are pithy and illustrate the point. The one exception to that is the IPsec VPN chapter. Also, it is really easy reading for such a bone breakingly technical book.

I particularly enjoyed the PF chapter, it is a first rate treatment of firewalling, covers the bases nicely. The backup chapter is also well done, but I would argue more strongly on behalf of level 0 (full) backups. It is a an important enough concept to get more than a sentence. The introduction to systrace was wonderful. I am not sure covering snort in 7 pages is a good idea, but the fundamentals are there. I know covering apache in 9 pages is asking for trouble since it tends to be internet reachable.

If you are looking for a platform with better networking capability than Linux, or if you are already running OpenBSD in anything other than a purely hobbyist fashion, you should strongly consider this book.

13 of 13 people found the following review helpful:

5.0 out of 5 stars Excellent book, somewhat misleading title, June 20, 2004

By 

Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews
(COMMUNITY FORUM 04)    (REAL NAME)   

This review is from: Secure Architectures with OpenBSD (Paperback)

Before buying this book you need to understand a few facts about it:

- at first glance the title may lead you to believe it's about securing OpenBSD - it's not. It is about using an inherently secure operating system, OpenBSD, to its best advantage.

- you will need to be an experienced UNIX or Linux (or ideally OpenBSD) system admin to get the most out of the content.

- it is intended to be used in conjunction with OpenBSD man pages; as noted by another reviewer this book aggregates a lot of OpenBSD documentation, making it a convenient reference.

Because OpenBSD is more than a little different from other *NIX variants, and because it is cantankerous with respect to installation and configuration, the material in this book will save a lot of time and reduce the learning curve for anyone migrating to the OpenBSD environment. Reasons for this migration include the enhanced security by default and the inherent stability of this operating system.

Chapters 3, 4 and 5 are good places to start to get up-to-speed in OpenBSD because they thoroughly cover installation, basic use (especially with respect to the not-so-standard filesystem layout), and basic default services. All of Section II is essential reading for those new to OpenBSD. Among the topics covered are user admin (almost identical to other *NIX variants), pre-compiled third party software packages (unique to OpenBSD, especially with respect to ports tree), and other administrative tasks and operations. Section III, advanced features, is also essential and will greatly reduce the learning curve.

Overall this is an exceptionally well-written book that covers everything you need to know about OpenBSD from installation, and administration maintenance perspectives.

11 of 12 people found the following review helpful:

5.0 out of 5 stars Excellent on its own or as a companion to "Absolute OpenBSD", June 28, 2004

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Secure Architectures with OpenBSD (Paperback)

About a year ago I read and reviewed Michael Lucas' excellent "Absolute OpenBSD." That book covered OpenBSD 3.2 and the CURRENT of that time, pre-3.3. Palmer and Nazario's "Secure Architectures with OpenBSD" (SAWO) addresses OpenBSD 3.4, which at the time of writing is just behind the current release (3.5). Lucas' book is an excellent introduction to OpenBSD by a relative outsider; SAWO is a more detailed discussion by insiders. Each has its strengths and I highly recommend both.

My favorite aspect of SAWO is its coverage of the internal workings of certain aspects of OpenBSD. Ch 4 features an enlightening walk-through of the /etc/rc script. Ch 13 not only describes how to use the ports tree, it explains how that system of software installation works. In some cases the authors reach beyond subjects strictly associated with OpenBSD, such as compilers (ch 21) and CVS (appendix A and elsewhere). As OpenBSD relies heavily on widely-used open source tools for standard administration, I welcome these discussions.

I also congratulate the authors' decision to focus on practical aspects of OpenBSD administration or functionality. Ch 3 gives installation advice for non-i386 hardware users. Ch 17 explains how to enable STARTTLS. Ch 22 shows why Pf is superior to many or most commercial firewalls. Some of the material can even be applied to the other BSDs, like the coverage of mergemaster in ch 31 or the advice on using IPv6 in tandem with IPv4 in ch 28.

I only have a few critiques of SAWO. Ch 27 (VPNs) was a little terse and hard to follow. I didn't think the authors needed to address applications like Snort (ch 30), when entire best-selling books are written about that very topic. I did not see a single diagram in the whole book. A picture speaks a thousand words, especially when explaining IPSec modes!

The second edition of SAWO will have plenty to add, including coverage of spamd, Common Address Redundancy Protocol (CARP), and pfsync. I suggest BSD users of all types take a close look at SAWO and consider supporting the OpenBSD project by purchasing books like this and official OpenBSD CDs.