August 23, 2006: ToorCon 2006: Bastille for OS X Tiger

Jay is giving a talk at ToorCon on Bastille for OS X Tiger.

August 4, 2006: Def Con 14 : Bastille for OS X Tiger

Jay gave a talk at Def Con 14 on Bastille for OS X Tiger. You can get the slides here.

July 10, 2006: Summer Conferences Announced

Jay will be talking at a number of conferences this summer about Bastille. You can see which ones at this list of future and past conference talks.

July 3, 2006: Black Hat Training 2006 - Unix Aikido

Jay will be teaching Unix Aikido at Black Hat USA 2006 this year in Las Vegas. Sign up and learn how to go beyond Bastille! It's hands-on and you'll learn how to lock down Linux / Unix systems with some great tools. Among those are our own Mike Rash's Firewall Knock Operator (fwknop).

October 26, 2005 Conferences and a New Book!

I spoke at ToorCon 7 and Interz0ne West about Bastille. People had good things to say. Here is a picture: from the ToorCon talk.

This also got got covered by Hack A Day. Please ignore my facial injury -- I don't normally look like that.

We also released a new book: Nessus, Snort, & Ethereal Power Tools : Customizing Open Source Security Applications.

August 11, 2005 New book: Stealing the Network: How to Own an Identity

We got the first copies of a new book that I worked on a couple weeks ago at Black Hat 2005 and Def Con 13. It seems to have just made it to Bookpool and Amazon. It has a focus on Identity Theft and continues some of the stories from the previous Stealing the Network: How to Own a Continent book. My story is continued, for example, from the one in said previous book -- that story was just recently put up in its entirety on SecurityFocus as a 7-part excerpt.

Johnny Long is one of the other authors of the current (Identity) book. His story from this new book is up at too. If you haven't read said previous book, don't worry: STN: HTOAI does stand on its own.

August 10, 2005 Two Talks at Linux World Expo and a New Release of Bastille

I gave a talk on Bastille's new Assessment mode as well as a talk on the Honeynet Project at Linux World Expo 2005 in San Francisco today. You can find slides on my Security Talks page. We also released a new version of Bastille Linux, version 3.0.7, recently to support Fedora Core 4 as well as Red Hat Enterprise 4.

August 2, 2005 DefCon 13 Talk: Introducing the Bastille Hardening Assessment Tool

I gave a talk at DefCon 13 this past weekend, introducing Bastille's new Assessment mode. We've got a limited demo here. You'll be able to hear my talk eventually on the DefCon site, but here are the slides.

July 13, 2005 Fictional Story on Securityfocus is carrying a fictional story I wrote as part of the book Stealing the Network - How to Own a Continent. They basically have the entire chapter that I wrote for the book up in 7 parts.

March 22, 2005 My Favorite Books on Bookpool

Bookpool's posted my Favorite IT Books up in a special this week. It's in their continuing 10 Favorite Books in 10 Years program where they're doing the same thing for a different author each week.

February 16, 2005 Bastille Linux Status Update

I gave a talk at LinuxWorld about Bastille Linux and Its Future Roadmap.

November 15, 2004: There's been a very favorable book review on our Nessus book.
Quoting from Tony Bradley's review:
This is the third book in Jay Beale's Open Source Security Series from Syngress Publishing and it is every bit as good as the first two...Nessus is an excellent tool and this book is an invaluable resource in helping you get the most out of it.

October, 2004: My new Information Security Magazine column about avoiding and replacing insecure protocols is up.

October 7, 2004: I just finished working on a Nessus Book with HD Moore, Noam Rathaus, Renaud Deraison, the Sensepost guys and a host of other authors. Go take a look at it!

September 20, 2004: SD EXpo talks and my Anti-SPAM solution

I'm about to give a talk at SD Conference and Expo in Boston on Tuesday. The talk is on the Center for Internet Security's auditing tools, as well as Bastille Linux, a hardening program for Linux, HP-UX and OS X.

Additionally, I wanted to let everyone know what SPAM filtering solution I'm using, as it's working wonderfully for me. I'm using's SPAM Zapper, a commercial inline or partially inline solution that keeps most of my SPAM from even reaching my mail servers or client.

August 6, 2004: Securing Apache talk at Def Con

I gave a talk on Securing Apache using Configuration and Security Modules at Def Con earlier this month. They are both useful for the advanced sysadmin as well as to someone who has never configured Apache before.

August 6, 2004: Bastille Linux and Honeynet talk at LinuxWorldExpo

I gave talks on both Bastille Linux and the Honeynet Project at LinuxWorldExpo.

August, 2004: Information Security Magazine column: Browsing for Alternatives

My August column is up at Information Security Magazine. It's entitled "Browsing for Alternatives" and discusses both CERT's suggestion that IE users switch browsers, but also the possibilities of using Windows-library emulation (via Wine/Crossover Office) to run Windows application on Linux.

July 19, 2004: I'm teaching a two-day class on Locking Down Linux and Solaris at Black Hat Vegas 2004, as well a one-day class on Locking Down Linux at LinuxWorld Expo San Francisco 2004. The Black Hat one is hands-on and covers both Solaris and Linux, while the LinuxWorld one just covers Linux. Both should be very enjoyable.

I've worked on two books in the last few months. One is a story of hacker fiction, where I've told the story of a college student who hacks his college to get social security numbers and other personal information for every student. It's called Stealing the Network: How to Own A Continent."

The other book is an update to the best-selling Snort 2.0 book, somewhat predictably entitled "Snort 2.1 Intrusion Detection".

June 2004: Should Linux Users Get Anti-virus? Information Security Magazine - June 2004

2/12/2004: Switching a daemon to a different port can offer nice protection(December Information Security Magazine)

Snort Book!
Syngress has just released a Snort book that I worked on. Syngress put together a great team, including Brian Caswell (the Snort rules coordinator), James Foster (Foundstone's Director of R&D), Jeff Posluns (Security speaker and writer), and Ryan Russell (author of HackProofing Your Network and founder of the vuln-dev list). We wrote it to be useful to everyone from people who have never used Snort before up to people who want to contribute code. Check it out!

New article!
Trusted Linux? tells you about "trusted" Linux operating systems, ones with a completely different security model than Linux itself.

New article!
I answer the questions
How can I determine if my Linux server has been hacked?
How can I be sure that I haven't been hacked?
in the first article of my new LinuxGuru column in Information Security Magazine.

Want to be on my book's mailing list?
I'm starting up a mailing list for my upcoming book, "Locking Down Linux the Bastille Way." If you'd like to get an e-mail when the book goes to presses, please do join the list. I'll also announce any articles I write on that list, so you'll have fast access to it. To join, just send me an e-mail at jay At bastille Hyphen linux DOT org.



My spam filtering solution of choice is the commercial solution, Albert Whales's company for providing Spam Zapper technology. The SPAM Zapper has been nothing short of amazing, filtering a huge portion of my SPAM and assigning client-filterable scores to the rest. In-line, server side, definitely seems the right place to filter SPAM. Finally, I don't have to spend the first 15 minutes of my day deleting pagefuls of SPAM.