Author: Michael Rash
Publisher: No Starch Press
Release Date: 2007
Addressing the firewall capabilities of Linux, a handbook for security professionals describes the Netfilter infrastruction in the Linux kernel and explains how to use Netfilter as an intrusion detection system by integrating it with custom open source software and Snort rulesets, discussin such topics as Linux firewall log analysis and policies, passive network authentication and authorization, and more. Original. (Intermediate)
Author: Gregor N. Purdy
Publisher: "O'Reilly Media, Inc."
Release Date: 2004-08-25
Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered onLinux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off.Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get?This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.
Author: Steve Suehring
Publisher: Addison-Wesley Professional
Release Date: 2015-01-23
The Definitive Guide to Building Firewalls with Linux As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux® Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security. An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more. Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise. Inside, you’ll find just what you need to Install, configure, and update a Linux firewall running either iptables or nftables Migrate to nftables, or take advantage of the latest iptables enhancements Manage complex multiple firewall configurations Create, debug, and optimize firewall rules Use Samhain and other tools to protect filesystem integrity, monitor networks, and detect intrusions Harden systems against port scanning and other attacks Uncover exploits such as rootkits and backdoors with chkrootkit
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This "picture" captures the most relevant information about that machine's configuration. OSSEC saves this "picture" and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC. * Nominee for Best Book Bejtlich read in 2008! * http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html • Get Started with OSSEC Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. • Follow Steb-by-Step Installation Instructions Walk through the installation process for the "local , “agent , and "server" install types on some of the most popular operating systems available. • Master Configuration Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels. • Work With Rules Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network. • Understand System Integrity Check and Rootkit Detection Monitor binary executable files, system configuration files, and the Microsoft Windows registry. • Configure Active Response Configure the active response actions you want and bind the actions to specific rules and sequence of events. • Use the OSSEC Web User Interface Install, configure, and use the community-developed, open source web interface available for OSSEC. • Play in the OSSEC VMware Environment Sandbox • Dig Deep into Data Log Mining Take the “high art of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs.
Author: John von Neumann
Publisher: Yale University Press
Release Date: 2012-06-26
First published in 1958, John von Neumann's classic work "The Computer and the Brain" explored the analogies between computing machines and the living human brain. Von Neumann showed that the brain operates both digitally and analogically, but also has its own unique statistical language. And more than fifty years after its inception the "von Neumann architecture"--An organizational framework for computer design - still lies at the heart of today's machines. In his foreword to this new edition, Ray Kurzweil, a futurist famous for his own musings on the relationship between technology and consciousness, places von Neumann's work in a historical context and shows how it remains relevant today.
Called "the leader in the Snort IDS book arms race" by Richard Bejtlich, top Amazon reviewer, this brand-new edition of the best-selling Snort book covers all the latest features of a major upgrade to the product and includes a bonus DVD with Snort 2.1 and other utilities. Written by the same lead engineers of the Snort Development team, this will be the first book available on the major upgrade from Snort 2 to Snort 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0). Readers will be given invaluable insight into the code base of Snort, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios. Snort has three primary uses: as a straight packet sniffer, a packet logger, or as a full-blown network intrusion detection system. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes. Snort uses a flexible rules language to describe traffic that it should collect or pass, a detection engine that utilizes a modular plug-in architecture, and a real-time alerting capability. A CD containing the latest version of Snort as well as other up-to-date Open Source security utilities will accompany the book. Snort is a powerful Network Intrusion Detection System that can provide enterprise wide sensors to protect your computer assets from both internal and external attack. * Completly updated and comprehensive coverage of snort 2.1 * Includes free CD with all the latest popular plug-ins * Provides step-by-step instruction for installing, configuring and troubleshooting
Author: Chris Sanders
Publisher: No Starch Press
Release Date: 2017-03-30
It’s easy to capture packets with Wireshark, the world’s most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what’s happening on your network? Updated to cover Wireshark 2.x, the third edition of Practical Packet Analysis will teach you to make sense of your packet captures so that you can better troubleshoot network problems. You’ll find added coverage of IPv6 and SMTP, a new chapter on the powerful command line packet analyzers tcpdump and TShark, and an appendix on how to read and reference packet values using a packet map. Practical Packet Analysis will show you how to: –Monitor your network in real time and tap live network communications –Build customized capture and display filters –Use packet analysis to troubleshoot and resolve common network problems, like loss of connectivity, DNS issues, and slow speeds –Explore modern exploits and malware at the packet level –Extract files sent across a network from packet captures –Graph traffic patterns to visualize the data flowing across your network –Use advanced Wireshark features to understand confusing captures –Build statistics and reports to help you better explain technical network information to non-techies No matter what your level of experience is, Practical Packet Analysis will show you how to use Wireshark to make sense of any network and get things done.
Secure your Linux machines and keep them secured with the help of exciting recipes About This Book This book provides code-intensive discussions with detailed recipes that help you understand better and learn faster. More than 50 hands-on recipes to create and administer a secure Linux system locally as well as on a network Enhance file system security and local and remote user authentication by using various security tools and different versions of Linux for different tasks Who This Book Is For Practical Linux Security Cookbook is intended for all those Linux users who already have knowledge of Linux File systems and administration. You should be familiar with basic Linux commands. Understanding Information security and its risks to a Linux system is also helpful in understanding the recipes more easily. However, even if you are unfamiliar with Information security, you will be able to easily follow and understand the recipes discussed. Since Linux Security Cookbook follows a practical approach, following the steps is very easy. What You Will Learn Learn about various vulnerabilities and exploits in relation to Linux systems Configure and build a secure kernel and test it Learn about file permissions and security and how to securely modify files Explore various ways to authenticate local users while monitoring their activities. Authenticate users remotely and securely copy files on remote systems Review various network security methods including firewalls using iptables and TCP Wrapper Explore various security tools including Port Sentry, Squid Proxy, Shorewall, and many more Understand Bash vulnerability/security and patch management In Detail With the growing popularity of Linux, more and more administrators have started moving to the system to create networks or servers for any task. This also makes Linux the first choice for any attacker now. Due to the lack of information about security-related attacks, administrators now face issues in dealing with these attackers as quickly as possible. Learning about the different types of Linux security will help create a more secure Linux system. Whether you are new to Linux administration or experienced, this book will provide you with the skills to make systems more secure. With lots of step-by-step recipes, the book starts by introducing you to various threats to Linux systems. You then get to walk through customizing the Linux kernel and securing local files. Next you will move on to manage user authentication locally and remotely and also mitigate network attacks. Finally, you will learn to patch bash vulnerability and monitor system logs for security. With several screenshots in each example, the book will supply a great learning experience and help you create more secure Linux systems. Style and approach An easy-to-follow cookbook with step-by-step practical recipes covering the various Linux security administration tasks. Each recipe has screenshots, wherever needed, to make understanding more easy.
Author: Chris Takemura
Publisher: No Starch Press
Release Date: 2010
Xen allows administrators to run many virtual operating systems on one physical server, including Linux, BSD, OpenSolaris, and Microsoft Windows. In the process, users save money on hardware, maintenance, and electricity. Not only is Xen open source, the Xen hypervisor (the virtual machine monitor) is the best-performing hypervisor available. "The Book of Xen" explains everything a sysadmin needs to know to use this powerful technology, with coverage of installation, networking, virtualized storage, and managing guest and host operating systems. Written for administrators who have worked with *NIX before but who may be new to virtualization, "The Book of Xen" covers both the basics and the trickier aspects of Xen administration, like profiling and benchmarks, migration, XenSource administration, and hardware assisted virtualization (HVM).
With the rapid rise in the ubiquity and sophistication of Internet technology and the accompanying growth in the number of network attacks, network intrusion detection has become increasingly important. Anomaly-based network intrusion detection refers to finding exceptional or nonconforming patterns in network traffic data compared to normal behavior. Finding these anomalies has extensive applications in areas such as cyber security, credit card and insurance fraud detection, and military surveillance for enemy activities. Network Anomaly Detection: A Machine Learning Perspective presents machine learning techniques in depth to help you more effectively detect and counter network intrusion. In this book, you’ll learn about: Network anomalies and vulnerabilities at various layers The pros and cons of various machine learning techniques and algorithms A taxonomy of attacks based on their characteristics and behavior Feature selection algorithms How to assess the accuracy, performance, completeness, timeliness, stability, interoperability, reliability, and other dynamic aspects of a network anomaly detection system Practical tools for launching attacks, capturing packet or flow traffic, extracting features, detecting attacks, and evaluating detection performance Important unresolved issues and research challenges that need to be overcome to provide better protection for networks Examining numerous attacks in detail, the authors look at the tools that intruders use and show how to use this knowledge to protect networks. The book also provides material for hands-on development, so that you can code on a testbed to implement detection methods toward the development of your own intrusion detection system. It offers a thorough introduction to the state of the art in network anomaly detection using machine learning approaches and systems.
Author: Michael W. Lucas
Publisher: No Starch Press
Release Date: 2009-02-01
Cisco routers and switches are the cornerstones of many networks. But when things break, repairs can intimidate even the most competent administrator. Luckily, just knowing the "in case of emergency" basics will take you far. Just like the original, this second edition of the highly acclaimed Cisco Routers for the Desperate is written for the administrator in crisis mode. Updated to cover switches and the latest Cisco terminology, with a tighter focus on the needs of the small network administrator, this second edition gives you what you need to know to provide reliable network services and fix problems fast. You'll find coverage of: –Installation—how to get your router and network connections up and running right the first time –Troubleshooting routers and switches, so that you can determine whether your hardware or the Internet is broken –Security concerns, like how to keep your network equipment safe from hackers and install a private network between two offices –How to implement basic network redundancy to reduce the risk of network downtime Cisco Routers for the Desperate, 2nd Edition is designed to be read once and left alone until something breaks. When it does, you'll have everything you need to know in one easy-to-follow guidebook.
Shell scripting skills never go out of style. It's the shell that unlocks the real potential of Unix. Shell scripting is essential for Unix users and system administrators-a way to quickly harness and customize the full power of any Unix system. With shell scripts, you can combine the fundamental Unix text and file processing commands to crunch data and automate repetitive tasks. But beneath this simple promise lies a treacherous ocean of variations in Unix commands and standards. Classic Shell Scripting is written to help you reliably navigate these tricky waters.Writing shell scripts requires more than just a knowledge of the shell language, it also requires familiarity with the individual Unix programs: why each one is there, how to use them by themselves, and in combination with the other programs. The authors are intimately familiar with the tips and tricks that can be used to create excellent scripts, as well as the traps that can make your best effort a bad shell script. With Classic Shell Scripting you'll avoid hours of wasted effort. You'll learn not only write useful shell scripts, but how to do it properly and portably.The ability to program and customize the shell quickly, reliably, and portably to get the best out of any individual system is an important skill for anyone operating and maintaining Unix or Linux systems. Classic Shell Scripting gives you everything you need to master these essential skills.
Author: Jeremy C Reed
Release Date: 2016-01-01
The BIND DNS Administration Reference continues to be a convenient resource covering the tools and configurations for the ISC BIND DNS software suite. BIND (Berkeley Internet Name Domain) is the most commonly-used DNS server on the Internet. BIND includes DNSSEC for signed zones, automatic zone re-signing, automated trust anchor maintenance, inline signing, hardware security devices, TSIG for signed DNS requests, IPv6 support, incremental zone transfers (IXFR), Response Policy Zones (RPZ), dynamic DNS, NXDOMAIN Redirection, EDNS0, multiple views, multi-processor support, various DNS-related security features, and more. This book covers the named DNS server and the various tools for operating and verifying the DNS server and configurations. It is based on a variety of open source documentation included with the BIND source code, including the definitive reference for the configuration syntax and grammar and the usage of the BIND programs. New chapters and content were added, including many examples and detailed indexing and cross-referencing. This BIND Administration Reference book corresponds to BIND 9.10 and also covers numerous differences between previous and later versions.