Flylib.com

Books Software

 
 
 

Category list


Reader Services


Buy on amazon.com >>
Suegring S. Ziegler R
    << Previous page
    Table of contents
    Next page >>

    Reader Services

    For more information about this book or others from Novell Press, visit our website at www.novellpress.com. Type the ISBN or the title of a book in the Search field to find the page you're looking for.



    Introduction

    This book is essentially about creating a software-based firewall using Netfilter and iptables in the Linux operating system. Beyond the basics of a firewall, this book also looks at the firewall in the context of a networked computing environment. To that end, topics such as intrusion detection and system security are also covered.

    Computer security is an expansive subject area. Volumes have been written about it and volumes will continue to be written about it. Computer security is centered around protection of data assets using three principles: confidentiality, integrity, and availability. Confidentiality means that data is accessible only by those who are authorized to access the data and no one else. Integrity ensures that the data is verifiably good and is not tainted. Availability means that the data can be accessed when it needs to be accessed. These three principles guide the discussion of computer security and provide the framework for this book.

    In addition to the three principles of confidentiality, integrity, and availability, I subscribe to an in-depth , risk-assessed approach to computer security. This means that I don't consider any single option to be an endpoint when it comes to securing data, rather that each item such as a firewall or antivirus software plays a role in securing data. However, there is a cost involved with each measure of security. Therefore, each additional measure or layer of security must be assessed to ensure that the cost of that layer doesn't exceed the benefit of being protected from that risk.

    Consider this example: I use two firewalls, a choke and gateway (see Chapter 6, "Packet Forwarding"), for my home network. I consider the benefit of having a dual-firewall approach to outweigh the cost of operating and maintaining the firewalls. Other people use a single firewall or no firewall at all. They consider the risk of their data or systems being unavailable or attacked to be less costly than running a dual-firewall setup or even a single firewall for some. Many more examples of this cost/benefit assessment could be done. Unfortunately, this analysis is often overlooked for many areas of security, not just computer security. For more information on this type of analysis and a good read on top of it, see Bruce Schneier's works Secrets and Lies and Beyond Fear .



    The Purpose of This Book

    The goal of this book is to give the reader enough information that they may configure a firewall using iptables in Linux. A secondary goal is to educate the reader about system and network security. However, because this isn't a book on system and network security, those topics are indeed secondary even though they do consume a large portion of the book. There are also topics in this book that I haven't seen (yet) in other books to any great degree.

    You are reading the third revision of this book and the first revision with a new author, Steve Suehring. Bob Ziegler wrote the original material and also revised the work into its second revision in 2001. Bob did an excellent job and I've built upon his solid foundation to bring you the third revision. In addition, the previous revision had some material contributed by Carl B. Constantine. You'll find Carl's contribution, though updated, in Appendix C of this revision, "VPNs."

    I learned much of what I know about Linux security while working at an Internet service provider (ISP), beginning in 1995. Resisting the temptation to recite a "back when I was young" tale, I'll just say that most of what I learned was done with security in mind. It had to be. By definition at an ISP, you must run publicly available services and those services must be available 24x7. Having publicly available services means that there's a constant threat (and frequent execution) of attacks against the network and the systems therein. If we wouldn't have considered security to be central to our operation, we simply could not have ensured the reliability that our customers demanded, nor could we have guaranteed the integrity of the data that we housed. None of this takes into account the general lack of security tools, software, and books like this back in 1995, either.

    That background also helps to answer the question "Why Linux?" The answer was and is quite simple: Linux and open -source tools were the only solution when I was tasked with solving these problems. There simply was no other way to provide Internet services with anywhere near the reliability that Linux and open-source software provided. No other operating system provided the same set of reliability and security while at the same time keeping down the Total Cost of Ownership (TCO). The same can largely be said today. With a pure technological decision, Linux wins. Factor in TCO and the picture only gets better for Linux and open-source software, regardless of the results from funded and paid studies. Why Linux? Because it works.



    Buy on amazon.com >>
    Suegring S. Ziegler R
      << Previous page
      Table of contents
      Next page >>

      Similar products

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy