| | Copyright |
| | About the Authors |
| | Acknowledgments |
| | We Want to Hear from You! |
| | Reader Services |
| | Introduction |
| | | The Purpose of This Book |
| | | Who Should Read This Book |
| | | Linux Distribution |
| | | Errors in This Book |
| | | Companion Website |
| | Part I. Packet-Filtering and Basic Security Measures |
| | | Chapter 1. Preliminary Concepts Underlying Packet-Filtering Firewalls |
| | | The OSI Networking Model |
| | | The IP |
| | | Transport Mechanisms |
| | | Don't Forget ARP |
| | | Hostnames and IP Addresses |
| | | Routing: Getting a Packet from Here to There |
| | | Service Ports: The Door to the Programs on Your System |
| | | Summary |
| | | Chapter 2. Packet-Filtering Concepts |
| | | A Packet-Filtering Firewall |
| | | Choosing a Default Packet-Filtering Policy |
| | | Rejecting Versus Denying a Packet |
| | | Filtering Incoming Packets |
| | | Filtering Outgoing Packets |
| | | Private Versus Public Network Services |
| | | Summary |
| | | Chapter 3. iptables: The Linux Firewall Administration Program |
| | | Differences Between IPFW and Netfilter Firewall Mechanisms |
| | | Basic iptables Syntax |
| | | iptables Features |
| | | iptables Syntax |
| | | Summary |
| | | Chapter 4. Building and Installing a Standalone Firewall |
| | | iptables: The Linux Firewall Administration Program |
| | | Initializing the Firewall |
| | | Protecting Services on Assigned Unprivileged Ports |
| | | Enabling Basic, Required Internet Services |
| | | Enabling Common TCP Services |
| | | Enabling Common UDP Services |
| | | Filtering ICMP Control and Status Messages |
| | | Logging Dropped Incoming Packets |
| | | Logging Dropped Outgoing Packets |
| | | Denying Access to Problem Sites Up Front |
| | | Installing the Firewall |
| | | Summary |
| | Part II. Advanced Issues, Multiple Firewalls, and Perimeter Networks |
| | | Chapter 5. Firewall Optimization |
| | | Rule Organization |
| | | User-Defined Chains |
| | | Optimized Example |
| | | What Did Optimization Buy? |
| | | Summary |
| | | Chapter 6. Packet Forwarding |
| | | The Limitations of a Standalone Firewall |
| | | Basic Gateway Firewall Setups |
| | | LAN Security Issues |
| | | Configuration Options for a Trusted Home LAN |
| | | Configuration Options for a Larger or Less Trusted LAN |
| | | A Formal Screened-Subnet Firewall Example |
| | | Converting the Gateway from Local Services to Forwarding |
| | | Summary |
| | | Chapter 7. NATNetwork Address Translation |
| | | The Conceptual Background of NAT |
| | | iptables NAT Semantics |
| | | Examples of SNAT and Private LANs |
| | | Examples of DNAT, LANs, and Proxies |
| | | Summary |
| | | Chapter 8. Debugging the Firewall Rules |
| | | General Firewall-Development Tips |
| | | Listing the Firewall Rules |
| | | Checking the Input, Output, and Forwarding Rules |
| | | Interpreting the System Logs |
| | | Checking for Open Ports |
| | | Summary |
| | Part III. Beyond iptables |
| | | Chapter 9. Intrusion Detection and Response |
| | | Detecting Intrusions |
| | | Symptoms Suggesting That the System Might Be Compromised |
| | | What to Do If Your System Is Compromised |
| | | Incident Reporting |
| | | Summary |
| | | Chapter 10. Intrusion Detection Tools |
| | | Intrusion Detection Toolkit: Network Tools |
| | | Rootkit Checkers |
| | | Filesystem Integrity |
| | | Log Monitoring |
| | | How to Not Become Compromised |
| | | Summary |
| | | Chapter 11. Network Monitoring and Attack Detection |
| | | Listening to the Ether |
| | | TCPDump: A Simple Overview |
| | | Using TCPDump to Capture Specific Protocols |
| | | Automated Intrusion Monitoring with Snort |
| | | Monitoring with ARPWatch |
| | | Summary |
| | | Chapter 12. Filesystem Integrity |
| | | Filesystem Integrity Defined |
| | | Installing AIDE |
| | | Configuring AIDE |
| | | Monitoring AIDE for Bad Things |
| | | Cleaning Up the AIDE Database |
| | | Changing the Output of the AIDE Report |
| | | Defining Macros in AIDE |
| | | The Types of AIDE Checks |
| | | Summary |
| | | Chapter 13. Kernel Enhancements |
| | | Security Enhanced Linux |
| | | Greater Security with GrSecurity |
| | | A Quick Look Around the Kernel |
| | | To Patch or Not to Patch |
| | | Using a GrSecurity Kernel |
| | | GrSecurity |
| | | Conclusion: Custom Kernels |
| | Part IV. Appendices |
| | | Appendix A. Security Resources |
| | | Security Information Sources |
| | | Reference Papers and FAQs |
| | | Books |
| | | Appendix B. Firewall Examples and Support Scripts |
| | | iptables Firewall for a Standalone System from Chapter 4 |
| | | Optimized iptables Firewall from Chapter 5 |
| | | iptables Firewall for a Choke Firewall from Chapter 6 |
| | | Appendix C. VPNs |
| | | Overview of Virtual Private Networks |
| | | VPN Protocols |
| | | Linux and VPN Products |
| | | VPN Configurations |
| | | Connecting Networks |
| | | VPN and Firewalls |
| | | Summary |
| | | Appendix D. Glossary |
| | Index |