[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need someone to sell me their mail server for OpenBSD



on Thu, Dec 28, 2000 at 02:31:52AM +0100, Henning Brauer (lists_(_at_)_bsws_(_dot_)_de) wrote:
> Am Donnerstag, 28. Dezember 2000 02:08 schrieb Eric Berthiaume:
> 
> > I don't know that much in networking and in security in general to say
> > that this book is total crap or not but what I do know is that its THE
> > only book referenced as an openbsd specific on www.openbsd.com.
> 
> I did not say it's total crap.

You gave a very vague and nonspecific dis of the book.  Which *is* total
crap.

> The first thing coming to my mind I've written in my previous mail,
> they tell you not to filter outgoing traffic - a nightmare.

OK, anything else?

> The second thing: they are telling you something like "you don't need
> to know more about your firewall's operating system and networking
> than bla bla bla"

Hardly.

The first section of the book addresses various network protocols and
issues concerning them.  The last section of the book addresses
intrusion detection and ongoing vigilance.  There *is* fairly specific
detail on building, and testing, firewall rules, including a very useful
troubleshooting section.  The system installation guide is pretty good,
and as a long-time GNU/Linux user, I managed to get through a novel
process on the third try (first was a dry run, second was "OK, let's do
it", third was "let's not do *that* this time").  That's better than
most of my GNU/Linux installs.

There were also some issues with the book, some of them my fault, some
of them dated material.  I tried to deploy my first obsd box without
reading all the material and missed a couple of key points (internal
modems, COM ports, and IRQ settings).  The book is based on 2.6, and
there are some significant differences in command and syntax with 2.7.
I found some of the firewall suggestions to be overly permissive -- for
example I'd lock down ports 6000 - 6064 against external access, my X
sessions are mine, thank you very much.  But all told, the rules are a
good start.

I contacted one of the authors (Wes Sonnenreich), found his responses to
be prompt, friendly, and helpful.  There's a companion website with
additional and updated information.  A revised edition of the book will
focus more on intrusion detection, and add material on topics such as
honeypots.

In all, I found the book a useful resource with intelligent discussion
of security issues.  Hardly "Firewalls for Numskulls". 

> - do _never_ run a mission critical system and never never never a
> firewall on an operating system you do not understand, you haven't
> used before. And be sure you _understand_ TCP/IP. 

Is a firewall book the right place to teach TCP/IP?  IMO BLAOF covers
the topic adequately and refers the reader to more complete references
where appropriate.  This is good.

> > Do have any books,links,documents that might be more accurate ..
> > security wise ?
> 
> puhhh... the best is to learn from practice, what opens up the 
> chicken-and-egg problem...

Practice, guided by informed hints and suggestions, is one of my
favorite teachers.  It's a complimentary thing.

-- 
Karsten M. Self <kmself_(_at_)_ix_(_dot_)_netcom_(_dot_)_com>    http://kmself.home.netcom.com/
 Evangelist, Zelerate, Inc.                      http://www.zelerate.org
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgp4B3VIxJFBB.pgp
Description: PGP signature


Visit your host, monkey.org