[nycbug-talk] BSD Chapter in HLE
michael
lists at genoverly.net
Fri Sep 15 13:40:07 EDT 2006
On Fri, 15 Sep 2006 13:23:11 -0400 (EDT)
Dru <dlavigne6 at sympatico.ca> wrote:
> Overview of BSD Projects
> - brief history (2-3 sentences)
> - overview of NetBSD, FreeBSD, OpenBSD projects
> - brief note of FreeBSD forks (PC-BSD, DesktopBSD)
>
> Built-in security features
> - minimal install (secure by default)
> - periodic security scripts
> - sysctl
> - chflags
> - PAM
> - /etc/ttys
> - /etc/ssh/sshd_config
> - blowfish support
> - encrypted (filesystem) support (cfs, cgd, gbde, geli)
> - veriexec
> - securelevel
> - system accounting
> - rc.conf
ssh? (linux users should learn where it comes from)
strlcpy() and strlcat()
Memory protection purify
* W^X
* .rodata segment
* Guard pages
* Randomized malloc()
* Randomized mmap()
* atexit() and stdio protection
Privilege separation
Privilege revocation
Chroot jailing
New uids
ProPolice
cryptography!
Pseudo Random Number Generators
Cryptographic Hash Functions
Cryptographic Transforms
Cryptographic Hardware Support
> TrustedBSD Extensions
> - ACLs
> - MAC policies
> - OpenBSM
>
> pf Firewall Features
> - CARP
> - ALTQ
> - stateful tracking (connection limiting, synproxy)
> - direct manipulation of state table
> - OS fingerprinting
> - traffic normalization
> - state modulation
block, pass, nat, rdr, ftp-proxy, authpf, logging
> Securing Applications
> - jail (sysjail)
> - portaudit, audit-packages
> - vuxml
chroot!
> BSD Security Advisories
> - overview of advisory format
> - overview of security officer/team
> - URLs to advisory lists
>
> Additional BSD Resources
> - URLs to FreeBSD Handbook, NetBSD Guide, OpenBSD Guide
talk at nycbug [grin]
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
--
Michael
More information about the talk
mailing list