BKMFBAOB.RVW 20070923 "Mastering FreeBSD and OpenBSD Security", Yanek Korff/Paco Hope/Bruce Potter, 2005, 0-596-00626-8, U$49.95/C$69.95 %A Yanek Korff %A Paco Hope %A Bruce Potter %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2005 %G 0-596-00626-8 %I O'Reilly & Associates, Inc. %O U$49.95/C$69.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596006268/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596006268/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596006268/robsladesin03-20 %O Audience a Tech 3 Writing 1 (see revfaq.htm for explanation) %P 445 p. %T "Mastering FreeBSD and OpenBSD Security" Part one provides a security foundation. Chapter one is a general introduction to security concepts. Most of the material is decent (though pedestrian), but there is an odd acceptance of security by obscurity, and the definition of "fail safe" is flatly wrong. Broadly applicable but intermediate security functions are discussed in chapter two. The utilities examined are not the basic functions normally noted in UNIX security texts (such as chmod), and the explanations do not start at a fundamental level. Therefore, those who intend to use this content to secure their systems should have solid experience not only with Linux administration, but also with the foundational security functions. Likewise, the secure installation deliberation, in chapter three, requires that the reader be thoroughly familiar with the cardinal operations for installing FreeBSD or OpenBSD (BSD being the Berkeley Systems Distribution of UNIX-like operating systems). Chapter four is an extensive grab bag of administrative tools and considerations. Part two is about deployment of specific applications or types of servers. Chapters five through nine address basic security issues, applications, and related utilities for Domain Name Service (DNS), email, web, firewall, and intrusion detection. Similarly, part three covers auditing and incident response in chapters ten (mostly logging) and eleven (mostly disk recovery, and not much of that) respectively. For advanced BSD administrators who want to add enhanced security tools to their arsenal, this is a good next step, although how useful it will be is left up to the reader. copyright Robert M. Slade, 2007 BKMFBAOB.RVW 20070923