Highest Voted 'freebsd' Questions - IT Security Stack Exchange

8

votes

1 answer

Is receiving IPv4 connections on AF_INET6 sockets insecure?

The FreeBSD man page for inet6 has the following: By default, FreeBSD does not route IPv4 traffic to AF_INET6 sockets. The default behavior intentionally violates RFC2553 for security reasons. Listen to two sockets if you want to accept both IPv4…

ipv6 openbsd freebsd

asked Jun 20 '15 at 14:28

imgx64

1,370
2
13
10

6

votes

1 answer

How secure is OpenSSH on FreeBSD?

In a discussion about the recent OpenSSL information disclosure vulnerability, the subject of OpenSSH being vulnerable came up. While OpenSSH is not vulnerable due to the problem lying in the TLS handshake, it opened discussion for the security of…

exploit ssh openssl freebsd

asked Apr 12 '14 at 02:09

David Houde

5,464
1
27
22

4

votes

1 answer

How to use openssl ca with prime256v1?

I am new to the encryption world, and reading about this, most websites say to use the prime256v1 for better performance and security. After some days testing, finally I get my openssl CA structure working, almost steps come from this guide: FreeBSD…

certificate-authority openssl freebsd

asked May 09 '16 at 04:43

Wisdom

41
1
4

3

votes

2 answers

Firewall egress filtering / quick whitelisting

Suppose your Aunt or Uncle is easily fooled by phishing attempts and their computer has multiple root kits and key loggers running. Assume their computing habits will never change. Looking at his wireless router you can see that he only visits a…

linux firewalls iptables security-theater freebsd

asked Jan 07 '15 at 19:00

user584583

215
1
12

3

votes

0 answers

Do BSD jails protect against some vulnerability class that LXC doesn't?

You can find many claims online regarding BSD jails being "better" in some way than Linux namespaces for containment, but they typically lack technical details. From what I understand, the attack surface is pretty much equivalent (shared kernel…

linux freebsd lxc

asked Apr 14 '20 at 02:19

viraptor

215
1
7

3

votes

1 answer

How can I ensure higher levels of privacy when hosting others' emails?

I can set up my own email server, and quite happy with it, using standard open source components - postfix, roundcube, etc on top of HardenedBSD or OpenBSD. I'd like to offer the use of my email server to friends and family, as some of them have…

encryption privacy administration freebsd

asked Jul 29 '18 at 12:52

Stilez

1,664
8
13

2

votes

2 answers

How to hide or obfuscate the type of OS?

I get the OS type of a remote host by: connecting to an open port (telnet 22); using Nmap (nmap -A ). What are techniques and how to hide or change the information about OS? I would like to get answers with respect to GNU/Linux or…

linux operating-systems freebsd

asked Jul 14 '14 at 09:53

Apostle

123
8

2

votes

1 answer

Is native OpenZFS (on FreeBSD) block-level encryption secure?

I am considering using OpenZFS on FreeBSD. I am not quite sure how secure native OpenZFS encryption is? If somebody steals my server and the disks, is he able to decrypt the files? In a Discord room I found a possible answer: Native ZFS encryption…

encryption disk-encryption storage file-system freebsd

asked Dec 22 '20 at 08:54

Sybil

1,435
2
15
29

2

votes

1 answer

Is the traversal permission in a Unix filesystem exploitable by itself, in the absence of any other permissions/ACLs?

Scenario/question: A unix directory tree has NTFv4 ACLs configured to allow an unprivileged account traversal on all dirs (but no other ACL granting further rights on any file/dir anywhere In such a case, is it completely safe to universally grant…

permissions unix directory-traversal freebsd

asked Apr 14 '18 at 14:49

Stilez

1,664
8
13

1

vote

0 answers

Tightly locking down a FreeBSD jail

Suppose one is running a single internet-facing daemon, as a service in a FreeBSD jail, and expects targeted hostile attacks targeting open WAN ports and services. Like many services, the service and indeed its jail don't need interactive user login…

hardening freebsd

asked Oct 22 '19 at 07:50

Stilez

1,664
8
13

1

vote

1 answer

Do systemd-nspawn containers provide the same security guarantees as FreeBSD jails?

I am evaluating the systemd-nspawn containers security and would like to know if the systemd-nspawn containers provide the same security guarantees as FreeBSD jails? Specially, can an attacker escape from the container or manipulate the host?

linux attack-prevention container freebsd

asked Feb 13 '19 at 09:53

z1naOK9nu8iY5A

111
1

1

vote

0 answers

Are BSD jails a "huge security liability"?

In this 2014 blog post from an apparently anti-BSD blog, the author criticizes BSD jails for being poorly designed and therefore insecure. The opening paragraph reads: If you’re thinking of employing FreeBSD jails in your server environment or use…

webserver freebsd container

asked Feb 19 '17 at 17:15

shadowtalker

541
4
11

1

vote

1 answer

Is BSD more secure than GNU/Linux?

BSD controls the OS while Linux is just a kernel. BSD is less popular than Linux, but which one is better in terms of security?

linux openbsd freebsd

asked Jan 07 '16 at 15:02

Henry WH Hack v3.0

2,109
2
23
37

0

votes

1 answer

Do I need dedicated firewall?

I have two servers in the datacenter. FreeBSD <--> Windows Server FreeBSD configured as a gateway for Windows Server. What is the best: FreeBSD has only firewall. All services are on the Win Server machine (e.g. firewall on FreeBSD, mail, web…

windows firewalls freebsd

asked Apr 27 '15 at 14:43

poison1456

11

0

votes

3 answers

Would FreeBSD and OpenBSD have similar known-past-vulnerability stats if they were configured similarly?

OpenBSD has had much fewer "code execution" vulnerabilities and even fewer exploits than FreeBSD, according to https://cvedetails.com…

exploit vulnerability unix openbsd freebsd

asked Nov 18 '21 at 03:33

MWB

303
2
11

Questions tagged [freebsd]