[nycbug-talk] BSD Chapter in HLE

michael lists at genoverly.net
Fri Sep 15 13:40:07 EDT 2006


On Fri, 15 Sep 2006 13:23:11 -0400 (EDT)
Dru <dlavigne6 at sympatico.ca> wrote:

> Overview of BSD Projects
>  	- brief history (2-3 sentences)
>  	- overview of NetBSD, FreeBSD, OpenBSD projects
>  	- brief note of FreeBSD forks (PC-BSD, DesktopBSD)
> 
> Built-in security features
>  	- minimal install (secure by default)
>  	- periodic security scripts
>  	- sysctl
>  	- chflags
>  	- PAM
>  	- /etc/ttys
>  	- /etc/ssh/sshd_config
>  	- blowfish support
>  	- encrypted (filesystem) support (cfs, cgd, gbde, geli)
>  	- veriexec
>  	- securelevel
>  	- system accounting
>  	- rc.conf

ssh?  (linux users should learn where it comes from)

strlcpy() and strlcat()
Memory protection purify
    * W^X
    * .rodata segment
    * Guard pages
    * Randomized malloc()
    * Randomized mmap()
    * atexit() and stdio protection 
Privilege separation
Privilege revocation
Chroot jailing
New uids
ProPolice

cryptography!
Pseudo Random Number Generators
Cryptographic Hash Functions
Cryptographic Transforms
Cryptographic Hardware Support

> TrustedBSD Extensions
>  	- ACLs
>  	- MAC policies
>  	- OpenBSM
> 
> pf Firewall Features
>  	- CARP
>  	- ALTQ
>  	- stateful tracking (connection limiting, synproxy)
>  	- direct manipulation of state table
>  	- OS fingerprinting
>  	- traffic normalization
>  	- state modulation

block, pass, nat, rdr, ftp-proxy, authpf, logging

> Securing Applications
>  	- jail (sysjail)
>  	- portaudit, audit-packages
>  	- vuxml

chroot!
 
> BSD Security Advisories
>  	- overview of advisory format
>  	- overview of security officer/team
>  	- URLs to advisory lists
> 
> Additional BSD Resources
>  	- URLs to FreeBSD Handbook, NetBSD Guide, OpenBSD Guide

talk at nycbug [grin]

> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month


-- 

Michael



More information about the talk mailing list