hardened bsd defaults and tunning
16 views
Skip to first unread message
Ulaş Saygın
Feb 17, 2022, 10:33:17 AM2/17/22
to HardenedBSD Users
Hi,
I wonder about hardened bsd tunning and any other hardenening needs to be done in system depends on use or general use for better system.
as you may know freebsd has some defaults which seem security risks.
i found them on this link.
I do not think hardenedbsd has these but,i wonder what kind of things,
i need to do tunning or hardening?
for example network speed and security, DDOS and similary attacks.
general performance and any helpful tips.
I would like to ask you to share your experience and thoughts about it.
thanks you.
Loic F
Feb 21, 2022, 3:07:02 PM2/21/22
to Ulaş Saygın, HardenedBSD Users
From my point of view, it's a question of balance and you have to find the right compromise between security or convenience.
HardenedBSD was born out of his interest in security and as a result we have issues to deal with that freebsd does not.
Keep in mind that no system is infallible, the goal being to make the attackers lose as much time as possible in order to make them abandon. But if you come across an attacker who has made it his life's ultimate goal to hack your system, he will succeed sooner or later...
As is often said, the first security flaw is the interface between the chair and the keyboard... A hardened operating system will do you no good if you leave a post-it note of your password stuck on your computer ^^
For hardening, there is no ultimate guide even if the governmental CERTs recommandations are close to it, the guides often become obsolete very quickly, it is necessary to continualy search and test to see if your system remains sufficiently usable to your taste (so that it does not simply look like a typewriter).
Example of a guide for Linux that I like and which many points can be used for *BSD:
https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/
For the tuning:
https://calomel.org/freebsd_network_tuning.html
https://web.archive.org/web/20210910153326/https://calomel.org/freebsd_network_tuning.html
HardenedBSD was born out of his interest in security and as a result we have issues to deal with that freebsd does not.
Keep in mind that no system is infallible, the goal being to make the attackers lose as much time as possible in order to make them abandon. But if you come across an attacker who has made it his life's ultimate goal to hack your system, he will succeed sooner or later...
As is often said, the first security flaw is the interface between the chair and the keyboard... A hardened operating system will do you no good if you leave a post-it note of your password stuck on your computer ^^
For hardening, there is no ultimate guide even if the governmental CERTs recommandations are close to it, the guides often become obsolete very quickly, it is necessary to continualy search and test to see if your system remains sufficiently usable to your taste (so that it does not simply look like a typewriter).
Example of a guide for Linux that I like and which many points can be used for *BSD:
https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/
For the tuning:
https://calomel.org/freebsd_network_tuning.html
https://web.archive.org/web/20210910153326/https://calomel.org/freebsd_network_tuning.html
Loic
dev team
HardenedBSD
dev team
HardenedBSD
Ulaş Saygın
Feb 22, 2022, 7:51:13 PM2/22/22
to HardenedBSD Users, loi...@hardenedbsd.org, HardenedBSD Users, Ulaş Saygın
Firstly, Thank you for information,
21 Şubat 2022 Pazartesi tarihinde saat 23:07:02 UTC+3 itibarıyla loi...@hardenedbsd.org şunları yazdı:
Le jeu. 17 févr. 2022 à 16:33, Ulaş Saygın <ulassa...@gmail.com> a écrit :Hi,I wonder about hardened bsd tunning and any other hardenening needs to be done in system depends on use or general use for better system.as you may know freebsd has some defaults which seem security risks.i found them on this link.I do not think hardenedbsd has these but,i wonder what kind of things,i need to do tunning or hardening?for example network speed and security, DDOS and similary attacks.general performance and any helpful tips.I would like to ask you to share your experience and thoughts about it.thanks you.From my point of view, it's a question of balance and you have to find the right compromise between security or convenience.
what is exactly you are refering because freebsd seems feel convenience about the system security :) because of this people compiaining about it. freebsd shocking like windows , it opens default doors...
HardenedBSD was born out of his interest in security and as a result we have issues to deal with that freebsd does not.
if it is finding way to keep security high , ok. but if it is not i would like know because i wonder them.
Keep in mind that no system is infallible, the goal being to make the attackers lose as much time as possible in order to make them abandon. But if you come across an attacker who has made it his life's ultimate goal to hack your system, he will succeed sooner or later...
yes you are right , all things about possibilities and not getting hack by teenager.
As is often said, the first security flaw is the interface between the chair and the keyboard... A hardened operating system will do you no good if you leave a post-it note of your password stuck on your computer ^^
yes this is the most valuable information :) big companies generally forget that. in the past and nowadays.
For hardening, there is no ultimate guide even if the governmental CERTs recommandations are close to it, the guides often become obsolete very quickly, it is necessary to continualy search and test to see if your system remains sufficiently usable to your taste (so that it does not simply look like a typewriter).
yes i agree with you. i am just looking a person who has similar taste with mine :) about security.i mean experience before me and now the road and can speed up my process without doing same mistakes.
Example of a guide for Linux that I like and which many points can be used for *BSD:
https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/
For the tuning:
https://calomel.org/freebsd_network_tuning.html
https://web.archive.org/web/20210910153326/https://calomel.org/freebsd_network_tuning.html
i know calomel but it was seem old a little bit for some tunnings. but i will again look.
thank you very much.
if you remember other articles or documents , you can inform me about them. it will be helpful.
thanks a lot again.
Reply all
Reply to author
Forward
0 new messages