No Starch Press Linux Firewalls - Attack Detection And Response with IPTABLES, PSAD and FWS
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Linux Firewalls - Attack Detection And Response with IPTABLES, PSAD and FWS
Date of last review
100% of reviewers
From the Publisher
Use iptables to detect and prevent network-based attacks
System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection system (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.
Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.
Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of:
• Application layer attack detection with the iptables string match extension and fwsnort
• Building an iptables ruleset that emulates a Snort ruleset
• Port knocking vs. Single Packet Authorization (SPA)
• Tools for visualizing iptables logs
• Passive OS fingerprinting with iptables
Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls.
If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables-along with psad andfwsnort-to detect and even prevent compromises.
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 9
O'Reily Indepth Details
This is a great book for any administrator who has servers or hosts available to the internet or outside world beyond their own network who don't have expensive hardware firewalls in place to handle traffic, routing, etc.
With the book covering from the basics of knowing iptables and the types of detections, it goes into more depth of network layer attacks, transport layer and application layer attacks. All of these cover great details and how to defend against such attacks.
From this point on, it starts to cover psad, it's features, what can be done with psad deployed in your network and how to set it up to notify and auto respond to potential attacks, basically creating iptable rules to block suspicious traffic that is hitting your server or hosts.
It goes on to cover deploying fwsnort, for further detection and protection.
All around this is a great book and before I can say I obtained this book, we were already deploying psad in our own environment. Having a handy reference now makes things easier with setups and configurations explained in simpler terms without having to refer to online documentation or man pages. Everyone likes examples.