Chapter 9. Intrusion Detection and ResponseYou've now built a firewall with Linux using iptables. The layered security approach includes both network and host-based security. Where the firewall provides security for both the network and the hosts, there are also steps that must be undertaken on the firewall machine itself, as well as on the hosts within the network. Whether it takes the form of filesystem integrity checking, virus scanning, or monitoring the network for suspicious activity, these processes help ensure that your data remains safe. This chapter is about host and network security and intrusion detection. The goal of the chapter is to provide a high-level overview of some of the concepts so that you can do further research into the specific areas of interest. The chapter widens the scope beyond that of the firewall machine to include the security of the network, as well as giving suggestions for individual computers within the network. Chapter 13, "Kernel Enhancements," will provide information on securing the firewall computer itself using kernel enhancements. |