Rating: 

This book has been long awaited as the *BSD community has been lacking the number of security geared books compared to the Linux and Windows communities. I found that this book is almost the equal of "Linux Server Security", but for OpenBSD and FreeBSD. With OpenBSD being said to be one of the most secure operating systems, you would think there would be more books about the security other than the normal online documentation.
I'm glad O'Reilly finally put out this book as it covers a broad area of security within OpenBSD and FreeBSD.

This covers *BSD basics, initial install and hardening of the specific OS, security practices, running secure servers (DNS, Mail, Web), firewall, intrusion detection, system audits, incident response, and forensics. This is a broad coverage of security, but I wish on some of the specifics they would have went into detail discussing.

Some points I wish were added in detail was coverage on OpenNTPD's security and/or atleast mentioning that it is contained within OpenBSD. Another would be more coverage of Qmail on FreeBSD/OpenBSD as there really wasn't much more than a mention of Qmail and basic information. Compared to the details given to Sendmail and Postfix, Qmail info was really slacking. The last point I would like to mention that I found lacking was possibly a more in-depth guide to CARP and what it's capable of doing. The main thing dealing with CARP that I would have liked to see would be about load balancing firewalls using CARP and PFSYNC.

Other than these few minor lacking areas, I found this book to be great addition to other security books based around general Linux and BSD servers. I almost wish this book would have waited a little while longer before releasing or hope they plan an update soon as OpenBSD 3.7 is scheduled for release on May 19th and this book mainly just covers versions 3.5/3.6 for OpenBSD. Along with the new version of OpenBSD releasing, FreeBSD 5.4 was released not long after this book was published.

Even lacking the parts that it does, I enjoyed reading the sections about DJBDNS comparison to BIND with details of the specifics. On top of this, there is enough information to get anyone with general *nix knowledge going with a OpenBSD/FreeBSD firewall or secure server. By no means is this book the answer to first time OpenBSD/FreeBSD system administrators to learn the basics from, but seems to be more geared for those atleast somewhat familiar with the *BSD feel of things and aware of what's going on inside their machine. In the beginning of the book it mentions this book was written "by system administrators for system administrators". For someone just getting started with OpenBSD I'd recommend this book, but also would recommend picking up Absolute OpenBSD (http://www.oreilly.com/catalog/1886411999/) for more coverage of the basics. Otherwise, it will be difficult picking up on what they are saying in this book. Also, on the FreeBSD side of things I'd recommend Absolute BSD (http://www.oreilly.com/catalog/1886411743/index.html) or The Complete FreeBSD (http://www.oreilly.com/catalog/cfreebsd/index.html). If your new to *BSD this book will help but a book to compliment it will help even more. Atleast once you learn the basics, you will get a detailed bit of information on securing your new *BSD box.

I believe the writers met their goal of creating a book to solely cover the security features of OpenBSD and FreeBSD aswell as the types of servers run on those platforms. I'm glad this book arrived and look forward to seeing if they release a 2nd edition that is updated and possibly covers the parts that seem to be missing or lacking in detail. Congrats to O'Reilly and the writers.

Lloyd Randall
Pensacola Linux User's Group