Author: Peter N.M. Hansteen
Publisher: No Starch Press
Release Date: 2014-10-03
OpenBSD’s stateful packet filter, PF, is the heart of the OpenBSD firewall. With more and more services placing high demands on bandwidth and an increasingly hostile Internet environment, no sysadmin can afford to be without PF expertise. The third edition of The Book of PF covers the most up-to-date developments in PF, including new content on IPv6, dual stack configurations, the "queues and priorities" traffic-shaping system, NAT and redirection, wireless networking, spam fighting, failover provision ing, logging, and more. You’ll also learn how to: –Create rule sets for all kinds of network traffic, whether crossing a simple LAN, hiding behind NAT, traversing DMZs, or spanning bridges or wider networks –Set up wireless networks with access points, and lock them down using authpf and special access restrictions –Maximize flexibility and service availability via CARP, relayd, and redirection –Build adaptive firewalls to proactively defend against attackers and spammers –Harness OpenBSD’s latest traffic-shaping system to keep your network responsive, and convert your existing ALTQ configurations to the new system –Stay in control of your traffic with monitoring and visualization tools (including NetFlow) The Book of PF is the essential guide to building a secure network with PF. With a little effort and this book, you’ll be well prepared to unlock PF’s full potential.
Author: Michael W. Lucas
Publisher: No Starch Press
Release Date: 2013
OpenBSD is widely used as the basis for critical DNS servers, routers, firewalls, and more. With this book, you'll learn the intricacies of the platform, the technical details behind certain design decisions, and best practices. This edition has been updated for OpenBSD 5.3, including new coverage of OpenBSD's boot system, security features like W^X and ProPolice, and advanced networking techniques. You'll also learn how to: manage network traffic with VLANs, trunks, IPv6, and the PF packet filter; make software management quick and effective using the ports and packages system; give users only the access they need with groups, sudo, and chroots; configure OpenBSD's secure implementations of SNMP, DHCP, NTP, hardware sensors, and more; and customize the installation and upgrade processes for your network and hardware, or build a custom OpenBSD release.
Install and configure a pfSense router/firewall, and become a pfSense expert in the process. Key Features You can always do more to secure your software – so extend and customize your pfSense firewall Build a high availability security system that’s fault-tolerant – and capable of blocking potential threats Put the principles of better security into practice by implementing examples provided in the text Book Description pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features. What you will learn Configure pfSense services such as DHCP, Dynamic DNS, captive portal, DNS, NTP and SNMP Set up a managed switch to work with VLANs Use pfSense to allow, block and deny traffic, and to implement Network Address Translation (NAT) Make use of the traffic shaper to lower and raise the priority of certain types of traffic Set up and connect to a VPN tunnel with pfSense Incorporate redundancy and high availability by utilizing load balancing and the Common Address Redundancy Protocol (CARP) Explore diagnostic tools in pfSense to solve network problems Who this book is for This book is for those with at least an intermediate understanding of networking. Prior knowledge of pfSense would be helpful but is not required. Those who have the resources to set up a pfSense firewall, either in a real or virtual environment, will especially benefit, as they will be able to follow along with the examples in the book.
FreeBSD and OpenBSD are increasingly gaining traction in educational institutions, non-profits, and corporations worldwide because they provide significant security advantages over Linux. Although a lot can be said for the robustness, clean organization, and stability of the BSD operating systems, security is one of the main reasons system administrators use these two platforms. There are plenty of books to help you get a FreeBSD or OpenBSD system off the ground, and all of them touch on security to some extent, usually dedicating a chapter to the subject. But, as security is commonly named as the key concern for today's system administrators, a single chapter on the subject can't provide the depth of information you need to keep your systems secure. FreeBSD and OpenBSD are rife with security "building blocks" that you can put to use, and Mastering FreeBSD and OpenBSD Security shows you how. Both operating systems have kernel options and filesystem features that go well beyond traditional Unix permissions and controls. This power and flexibility is valuable, but the colossal range of possibilities need to be tackled one step at a time. This book walks you through the installation of a hardened operating system, the installation and configuration of critical services, and ongoing maintenance of your FreeBSD and OpenBSD systems. Using an application-specific approach that builds on your existing knowledge, the book provides sound technical information on FreeBSD and Open-BSD security with plenty of real-world examples to help you configure and deploy a secure system. By imparting a solid technical foundation as well as practical know-how, it enables administrators to push their server's security to the next level. Even administrators in other environments--like Linux and Solaris--can find useful paradigms to emulate. Written by security professionals with two decades of operating system experience, Mastering FreeBSD and OpenBSD Security features broad and deep explanations of how how to secure your most critical systems. Where other books on BSD systems help you achieve functionality, this book will help you more thoroughly secure your deployments.
Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.
Author: Michael Rash
Publisher: No Starch Press
Release Date: 2007
Addressing the firewall capabilities of Linux, a handbook for security professionals describes the Netfilter infrastruction in the Linux kernel and explains how to use Netfilter as an intrusion detection system by integrating it with custom open source software and Snort rulesets, discussin such topics as Linux firewall log analysis and policies, passive network authentication and authorization, and more. Original. (Intermediate)
Author: Christopher M. Buechler
Release Date: 2009
Written by pfSense co-founder Chris Buechler and pfSense consultant Jim Pingle, this Definitive Guide to pfSense covers installation and basic configuration through advanced networking and firewalling with the popular open source firewall and router distribution. This book is designed to be a friendly step-by-step guide to common networking and security tasks, plus a thorough reference of pfSense's capabilities. The book covers hardware and system planning, installation and upgrades, backups, firewalling fundamentals, port forwarding and Network Address Translation, bridging, Virtual LANs (VLAN), Multi-WAN, Virtual Private Networks (VPN) using IPsec, PPTP, and OpenVPN, traffic shaping, load balancing, wireless networking and captive portal setups, redundant firewalls and High Availability, system monitoring, logging, traffic analysis, sniffing, packet capturing, troubleshooting, and software package and third-party software installations and upgrades.
Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications.The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols.Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges.As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included.OpenSSL may well answer your need to protect sensitive data. If that?s the case, Network Security with OpenSSL is the only guide available on the subject.
Author: Michael W. Lucas
Publisher: No Starch Press
Release Date: 2013-04-12
FreeBSD—the powerful, flexible, and free Unix-like operating system—is the preferred server for many enterprises. But it can be even trickier to use than either Unix or Linux, and harder still to master. Absolute FreeBSD, 2nd Edition is your complete guide to FreeBSD, written by FreeBSD committer Michael W. Lucas. Lucas considers this completely revised and rewritten second edition of his landmark work to be his best work ever; a true product of his love for FreeBSD and the support of the FreeBSD community. Absolute FreeBSD, 2nd Edition covers installation, networking, security, network services, system performance, kernel tweaking, filesystems, SMP, upgrading, crash debugging, and much more, including coverage of how to:–Use advanced security features like packet filtering, virtual machines, and host-based intrusion detection –Build custom live FreeBSD CDs and bootable flash –Manage network services and filesystems –Use DNS and set up email, IMAP, web, and FTP services for both servers and clients –Monitor your system with performance-testing and troubleshooting tools –Run diskless systems –Manage schedulers, remap shared libraries, and optimize your system for your hardware and your workload –Build custom network appliances with embedded FreeBSD –Implement redundant disks, even without special hardware –Integrate FreeBSD-specific SNMP into your network management system. Whether you're just getting started with FreeBSD or you've been using it for years, you'll find this book to be the definitive guide to FreeBSD that you've been waiting for.
If you are a system administrator or Linux professional who wants to learn to set up, install, and manage OpenVZ containers on a server to implement OS-level virtualization, then this book is for you. Along with elementary knowledge of Linux programming, you need to have a conceptual understanding of system components and functions.
Author: Michael Lucas
Publisher: No Starch Press
Release Date: 2010
Genre: Business & Economics
A detailed and complete guide to exporting, collecting, analyzing, and understanding network flows to make managing networks easier. Network flow analysis is the art of studying the traffic on a computer network. Understanding the ways to export flow and collect and analyze data separates good network administrators from great ones. The detailed instructions in Network Flow Analysis teach the busy network administrator how to build every component of a flow-based network awareness system and how network analysis and auditing can help address problems and improve network reliability. Readers learn what flow is, how flows are used in network management, and how to use a flow analysis system. Real-world examples illustrate how to best apply the appropriate tools and how to analyze data to solve real problems. Lucas compares existing popular tools for network management, explaining why they don't address common real-world issues and demonstrates how, once a network administrator understands the underlying process and techniques of flow management, building a flow management system from freely-available components is not only possible but actually a better choice than much more expensive systems.
The FreeBSD newcomer will find that the first section of this book guides the user through the FreeBSD installation process and gently introduces the concepts and conventions that underpin UNIX. Working through this section requires little more than the desire to explore, and the ability to take on board new concepts as they are introduced. Once you have traveled this far, the second, far larger, section of the Handbook is a comprehensive reference to all manner of topics of interest to FreeBSD system administrators. Some of these chapters may recommend that you do some prior reading, and this is noted in the synopsis at the beginning of each chapter.As the project became so big project over the years, we had to split this reference manual in two parts that are two separate physical books. To keep it consistent with the digital manual, the references and page numbers cover both physical books as it were one. Therefore please note that you probably want to have both parts.