InfoTechTarget and Informa Tech's Digital Businesses Combine.

Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.

BIND 9 Application Security - AppArmor, SecompBPF, Firejail & Systemd

Presented by

Carsten Strotmann

About this talk

This webinar will look at alternatives to SELinux to securing BIND 9 application servers. Trainer Carsten Strotmann will walk you through the critical commands needed to enable, disable and view restrictions that can protect your server from overuse or intrusions coming from the BIND 9 process. Measures like this can protect against unknown future vulnerabilities, as well as protect the named process itself. Topics discussed include: - AppArmor on Ubuntu/Debian - Securing a BIND 9 Server with “Firejail” - Introduction to Secomp/BPF “syscall Firewall” - Restricting Syscalls with Secomp and systemd - Hardening a BIND 9 installation with Systemd In addition Carsten shared his Systemd 'unit' file here: https://webinar.defaultroutes.de/webinar/07-bind9-systemd.html and a Firejail profile template here: https://webinar.defaultroutes.de/webinar/07-firejail.html --- Learn more at http://www.isc.org
Internet Systems Consortium

Internet Systems Consortium

324 subscribers28 talks
Open Source for an Open Internet
Internet Systems Consortium is a non-profit corporation dedicated to developing software and offering services in support of the Internet infrastructure. ISC develops and distributes three open source Internet networking software packages: BIND 9, ISC DHCP, and Kea DHCP. BIND 9, ISC’s Domain Name System (DNS) software program, is widely used on the Internet by enterprises and service providers, offering a robust and stable platform on top of which organizations can build distributed computing systems. ISC DHCP and Kea implement the Dynamic Host Configuration Protocol for connection to an IP network. Kea DHCP is ISC newer DHCP software, and is designed for modular extension, dynamic reconfiguration, and high performance. In addition to our open source software, ISC also operates critical Internet infrastructure in the form of the F-Root server, one of the 13 Internet root name servers that power the global Internet. ISC is supported through the sale of annual support subscriptions for our open source software. These support services also include advance notification of security vulnerabilities, and in some cases, non-public software extensions. For more information please visit https://isc.org or email us at info@isc.org.
Related topics
BIND 9
Linux Security
AppArmor
systemd
Application Security
Linux
Open Source
DNS
Network Based Applications
Network Function Virtualization