LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Reviews > Books > Network Administration
User Name
Password

Notices

Search · Register · Submit New Review · Download your favorite Linux Distributions ·
 

Linux Firewalls - Attack Detection And Response with IPTABLES, PSAD and FWS
Reviews Views Date of last review
1 38818 11-21-2007
spacer
Recommended By Average Price Average Rating
100% of reviewers None indicated 9.0
spacer


Description: From the Publisher

Use iptables to detect and prevent network-based attacks

System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection system (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.

Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.

Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of:

Application layer attack detection with the iptables string match extension and fwsnort
Building an iptables ruleset that emulates a Snort ruleset
Port knocking vs. Single Packet Authorization (SPA)
Tools for visualizing iptables logs
Passive OS fingerprinting with iptables

Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls.

If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables-along with psad andfwsnort-to detect and even prevent compromises.
Keywords: firewalls psad fwsnort iptables linux nmap intrusion detection filter monitor
Publisher: No Starch Press
ISBN: 1593271417


Author
Post A Reply 
Old 11-21-2007, 11:17 AM   #1
trickykid
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation:
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 9

Pros: O'Reily Indepth Details
Cons: None



This is a great book for any administrator who has servers or hosts available to the internet or outside world beyond their own network who don't have expensive hardware firewalls in place to handle traffic, routing, etc.

With the book covering from the basics of knowing iptables and the types of detections, it goes into more depth of network layer attacks, transport layer and application layer attacks. All of these cover great details and how to defend against such attacks.

From this point on, it starts to cover psad, it's features, what can be done with psad deployed in your network and how to set it up to notify and auto respond to potential attacks, basically creating iptable rules to block suspicious traffic that is hitting your server or hosts.

It goes on to cover deploying fwsnort, for further detection and protection.

All around this is a great book and before I can say I obtained this book, we were already deploying psad in our own environment. Having a handy reference now makes things easier with setups and configurations explained in simpler terms without having to refer to online documentation or man pages. Everyone likes examples.
 




  



All times are GMT -5. The time now is 04:29 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration