|
|
|
Linux Firewalls - Attack Detection And Response with IPTABLES, PSAD and FWS
|
|
|
|
Reviews
|
Views
|
Date of last review
|
|
1
|
5528
|
11-21-2007
|
|
 |
|
Recommended By
|
Average Price
|
Average Rating
|
|
100% of reviewers
|
None indicated
|
9.0
|
|
|
|
|
|
|
|
|
Description:
|
From the Publisher
Use iptables to detect and prevent network-based attacks
System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection system (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.
Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.
Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of:
• Application layer attack detection with the iptables string match extension and fwsnort
• Building an iptables ruleset that emulates a Snort ruleset
• Port knocking vs. Single Packet Authorization (SPA)
• Tools for visualizing iptables logs
• Passive OS fingerprinting with iptables
Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls.
If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables-along with psad andfwsnort-to detect and even prevent compromises.
|
|
Keywords:
|
firewalls psad fwsnort iptables linux nmap intrusion detection filter monitor
|
|
Publisher:
|
No Starch Press
|
|
ISBN:
|
1593271417
|
|
|
|
11-21-2007, 10:17 AM
|
#1
|
Registered: Jan 2001
Posts: 23,505
|
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 9
|
Pros:
|
O'Reily Indepth Details
|
|
Cons:
|
None
|
[ Log in to get rid of this advertisement]
This is a great book for any administrator who has servers or hosts available to the internet or outside world beyond their own network who don't have expensive hardware firewalls in place to handle traffic, routing, etc.
With the book covering from the basics of knowing iptables and the types of detections, it goes into more depth of network layer attacks, transport layer and application layer attacks. All of these cover great details and how to defend against such attacks.
From this point on, it starts to cover psad, it's features, what can be done with psad deployed in your network and how to set it up to notify and auto respond to potential attacks, basically creating iptable rules to block suspicious traffic that is hitting your server or hosts.
It goes on to cover deploying fwsnort, for further detection and protection.
All around this is a great book and before I can say I obtained this book, we were already deploying psad in our own environment. Having a handy reference now makes things easier with setups and configurations explained in simpler terms without having to refer to online documentation or man pages. Everyone likes examples.
|
|
|
|
All times are GMT -5. The time now is 12:23 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
LQ Podcast
LQ Radio
|
|
