- 论坛徽章:
- 2
|
![]()
Linux Firewalls
Attack Detection and Response with iptables, psad, and fwsnort
by Michael Rash
October 2007, 336 pp.
ISBN-10 1-59327-141-7
ISBN-13 978-1-59327-141-1
$49.95 Paperback
$29.95 PDF
$59.95 PDF and Paperback
"Between 2000 and mid-2008, I've read and reviewed nearly 250technical books. I've also written several books, so I believe I canrecognize a great book when I see it. Linux Firewalls is a great book."
—Richard Bejtlich, TaoSecurity.com, from the foreword to Linux Firewalls
View a sample chapter, Chapter 10: Deploying fwsnort
System administrators need to stay ahead of new securityvulnerabilities that leave their networks exposed every day. A firewalland an intrusion detection systems (IDS) are two important weapons inthat fight, enabling you to proactively deny access and monitor networktraffic for signs of an attack.
Linux Firewalls discusses the technical details of theiptables firewall and the Netfilter framework that are built into theLinux kernel, and it explains how they provide strong filtering,Network Address Translation (NAT), state tracking, and applicationlayer inspection capabilities that rival many commercial tools. You'lllearn how to deploy iptables as an IDS with psad and fwsnort and how tobuild a strong, passive authentication layer around iptables withfwknop.
Concrete examples illustrate concepts such as firewall log analysisand policies, passive network authentication and authorization, exploitpacket traces, Snort ruleset emulation, and more with coverage of thesetopics:
- Passive network authentication and OS fingerprinting
- iptables log analysis and policies
- Application layer attack detection with the iptables string match extension
- Building an iptables ruleset that emulates a Snort ruleset
- Port knocking vs. Single Packet Authorization (SPA)
- Tools for visualizing iptables logs
Perl and C code snippets offer practical examples that will help youto maximize your deployment of Linux firewalls. If you're responsiblefor keeping a network secure, you'll find Linux Firewallsinvaluable in your attempt to understand attacks and use iptables—alongwith psad and fwsnort—to detect and even prevent compromises.
Visit the book's companion site for supporting files, downloads, errata, and more.
Michael Rash is a Security Architect on the Dragon Intrusion DetectionSystem with Enterasys Networks, Inc., and is a frequent contributor toopen source projects. As the creator of psad, fwknop, and fwsnort, Rashis an expert on firewalls, IDSs, OS fingerprinting, and the Snort ruleslanguage. He is co-author of the book Snort 2.1 Intrusion Detection,lead-author and technical editor of the book Intrusion Prevention andActive Response, and has written security articles for Linux Journal,SysAdmin, and ;login:.
[ 本帖最后由 Send_linux 于 2008-3-10 11:54 编辑 ] |
|
免费注册
发表于 2008-03-10 11:49
