|
Free ebooks
 Operating System Linux Linux Firewalls - No Starch Press
|
 Chapter 1: Care and Feeding of iptables - This chapter provides an introduction to packet filtering with iptables, including kernel build specifics and iptables administration. A default policy and network diagram is provided in this chapter and is referenced throughout the book.Chapter 2: Network Layer Attacks and Defense - This chapter shows the types of attacks that exist in the network layer and what you can do about them. Chapter 3: Transport Layer Attacks and Defense - The transport layer is the realm of server reconnaissance with port scans and sweeps, and this chapter examines the inner workings of these methods. Chapter 4: Application Layer Attacks and Defense - The majority of today’s attacks take advantage of the increasing complexity of applications that ride on top of the TCP/IP suite. Chapter 5: Introducing psad: The Port Scan Attack Detector - This chapter discusses installation and configuration of psad, and shows you why it is important to listen to the stories that iptables logs have to tell. Chapter 6: psad Operations: Detecting Suspicious Traffic - There are many features offered by psad, and these features are designed to maximize your use of iptables log messages. Chapter 7: Advanced psad Topics: From Signature Matching to OS - Fingerprinting This chapter introduces you to advanced psad functionality, including integrated passive OS fingerprinting, Snort signature detection via packet headers, verbose status information, and DShield reporting. Chapter 8: Active Response with psad - No treatment of intrusion detection would be complete without a discussion of options for automatically responding to attacks. The response capabilities offered by psad are built on top of a clean interface that makes it easy to integrate with third-party software, and an example of integrating with the Swatch project is included. Chapter 9: Translating Snort Rules into iptables Rules - The Snort IDS has shown the community the way to detect networkbased attacks, and so it is logical to leverage the Snort signature language in iptables. Chapter 10: Deploying fwsnort - The tedious task of translating Snort signatures into iptables rules has been automated by the fwsnort project, and this chapter shows you how it is done. Deploying fwsnort endows your iptables policy with true intrusion detection abilities. Chapter 11: Combining psad and fwsnort - Log messages that are generated by fwsnort are picked up and analyzed by psad for better reporting via email. Chapter 12: Port Knocking vs. Single Packet Authorization - Passive authorization is becoming increasingly important for keeping networked services secure. The damaging scope of zero-day vulnerabilities can be severely limited by using such a technology, but not all passive authorization paradigms are robust enough for critical deployments. Chapter 13: Introducing fwknop - There are only a few SPA implementations available today, and fwknop is one of the most actively developed and supported. This chapter shows you how to install and make use of fwknop together with iptables to maintain a default-drop stance against all unauthenticated and unauthorized attempts to connect to your SSH daemon. Chapter 14: Visualizing iptables Logs - The last chapter in the book wraps up with some graphical representations of iptables log data. A picture can quickly illustrate trends in network communications that may indicate a system compromise, and by combining psad with the AfterGlow project you can see what iptables has to show you. Download free linux ebook: Linux Firewalls - No Starch Press
|
