BSDCan2013 - Final

BSDCan 2013
The Technical BSD Conference

Pawel Jakub Dawidek
Day Talks - Day 1 - 2013-05-17
Room MRT 221
Start time 13:30
Duration 01:00
ID 387
Event type Lecture
Track Security
Language used for presentation English

FreeBSD, Capsicum, GELI and ZFS as key components of a security appliance

I use to talk at various BSD conferences about projects I was/am working on (GEOM, GELI, ZFS, Capsicum, HAST, auditdistd and others). This time I'd like to talk about the meeting point of reality and some of those technologies: a security appliance I was working on for the last year.

The talk will demonstrate practical use of various technologies available in FreeBSD (Capsicum, GELI, ZFS and others). The appliance needs to process and store very sensitive data at high speeds, so strong sandboxing provided by Capsicum and strong encryption provided by GELI were a must. The talk will also provide practical hints how to build and manage appliance, eg. how to create installation image with all dependencies from source, how to implement secure and reliable upgrades with an option to downgrade, how to monitor health of hardware components and how to cluster multiple nodes together.