Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
ISBN: 1593271417
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 163
Pages: 163
Authors: Michael Rash
- Linux Firewalls, Third Edition
- Table of Contents
- Copyright
- About the Authors
- Acknowledgments
- We Want to Hear from You
- Reader Services
- Introduction
- The Purpose of This Book
- Who Should Read This Book
- Linux Distribution
- Errors in This Book
- Companion Website
- PartI.Packet-Filtering and Basic Security Measures
- Chapter1.Preliminary Concepts Underlying Packet-Filtering Firewalls
- The OSI Networking Model
- The IP
- Transport Mechanisms
- Don t Forget ARP
- Hostnames and IP Addresses
- Routing: Getting a Packet from Here to There
- Service Ports: The Door to the Programs on Your System
- Summary
- Chapter2.Packet-Filtering Concepts
- A Packet-Filtering Firewall
- Choosing a Default Packet-Filtering Policy
- Rejecting Versus Denying a Packet
- Filtering Incoming Packets
- Filtering Outgoing Packets
- Private Versus Public Network Services
- Summary
- Chapter3.iptables: The Linux Firewall Administration Program
- Differences Between IPFW and Netfilter Firewall Mechanisms
- Basic iptables Syntax
- iptables Features
- iptables Syntax
- Summary
- Chapter4.Building and Installing a Standalone Firewall
- iptables: The Linux Firewall Administration Program
- Initializing the Firewall
- Protecting Services on Assigned Unprivileged Ports
- Enabling Basic, Required Internet Services
- Enabling Common TCP Services
- Enabling Common UDP Services
- Filtering ICMP Control and Status Messages
- Logging Dropped Incoming Packets
- Logging Dropped Outgoing Packets
- Denying Access to Problem Sites Up Front
- Installing the Firewall
- Summary
- PartII.Advanced Issues, Multiple Firewalls, and Perimeter Networks
- Chapter5.Firewall Optimization
- Rule Organization
- User-Defined Chains
- Optimized Example
- What Did Optimization Buy?
- Summary
- Chapter6.Packet Forwarding
- The Limitations of a Standalone Firewall
- Basic Gateway Firewall Setups
- LAN Security Issues
- Configuration Options for a Trusted Home LAN
- Configuration Options for a Larger or Less Trusted LAN
- A Formal Screened-Subnet Firewall Example
- Converting the Gateway from Local Services to Forwarding
- Summary
- Chapter7.NATNetwork Address Translation
- The Conceptual Background of NAT
- iptables NAT Semantics
- Examples of SNAT and Private LANs
- Examples of DNAT, LANs, and Proxies
- Summary
- Chapter8.Debugging the Firewall Rules
- General Firewall-Development Tips
- Listing the Firewall Rules
- Checking the Input, Output, and Forwarding Rules
- Interpreting the System Logs
- Checking for Open Ports
- Summary
- PartIII.Beyond iptables
- Chapter9.Intrusion Detection and Response
- Detecting Intrusions
- Symptoms Suggesting That the System Might Be Compromised
- What to Do If Your System Is Compromised
- Incident Reporting
- Summary
- Chapter10.Intrusion Detection Tools
- Intrusion Detection Toolkit: Network Tools
- Rootkit Checkers
- Filesystem Integrity
- Log Monitoring
- How to Not Become Compromised
- Summary
- Chapter11.Network Monitoring and Attack Detection
- Listening to the Ether
- TCPDump: A Simple Overview
- Using TCPDump to Capture Specific Protocols
- Automated Intrusion Monitoring with Snort
- Monitoring with ARPWatch
- Summary
- Chapter12.Filesystem Integrity
- Filesystem Integrity Defined
- Installing AIDE
- Configuring AIDE
- Monitoring AIDE for Bad Things
- Cleaning Up the AIDE Database
- Changing the Output of the AIDE Report
- Defining Macros in AIDE
- The Types of AIDE Checks
- Summary
- Chapter13.Kernel Enhancements
- Security Enhanced Linux
- Greater Security with GrSecurity
- A Quick Look Around the Kernel
- To Patch or Not to Patch
- Using a GrSecurity Kernel
- GrSecurity
- Conclusion: Custom Kernels
- PartIV.Appendices
- AppendixA.Security Resources
- Security Information Sources
- Reference Papers and FAQs
- Books
- AppendixB.Firewall Examples and Support Scripts
- iptables Firewall for a Standalone System from Chapter 4
- Optimized iptables Firewall from Chapter 5
- iptables Firewall for a Choke Firewall from Chapter 6
- AppendixC.VPNs
- Overview of Virtual Private Networks
- VPN Protocols
- Linux and VPN Products
- VPN Configurations
- Connecting Networks
- VPN and Firewalls
- Summary
- AppendixD.Glossary
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- G
- H
- I
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Z
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
ISBN: 1593271417
EAN: 2147483647
EAN: 2147483647
Year: 2005
Pages: 163
Pages: 163
Authors: Michael Rash