FreeBSD Exploits and Remedies

Presented at DEF CON 10 (2002), Aug. 3, 2002, 4 p.m. (50 minutes).

This talk continues the review of system hardening and security management presented in the BlackHat talk, "Locking Down Your FreeBSD Install". We walk though well-known exploits for the FreeBSD 4.5 release, showing the mechanisms and effects on the system. We then discuss the way in which the vulnerability is assessed and monitored, and the ways in which the system can be hardened or access controls can be refined to reduce the risk of exposure. For each of these, we show the key features of the bundled tools for monitoring and controlling access.

Presenters:

• Rich Murphey, PhD
  Rich Murphey was a founding core team member of FreeBSD and Xfree86. He received a PhD in Electrical and Computer Engineering from Rice University, was on the Faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies before joining NetIQ recently. His main interests are development of Beowulf clusters and Intrusion Detection Systems.

Links:

• https://defcon.org/html/defcon-10/defcon-10-speakers.html#richmurphey

Similar Presentations:

• THOTCON 0x8 (2017) / Pissing off the bad guys by porting grsecurity to HardenedBSD
• CarolinaCon 14 (2018) / Writing FreeBSD Malware
• DEF CON 10 (2002) / BSD Security Fundamentals