作者：Michael Rash
副书名：Attack Detection and Response with iptables, psad, and fwsnort
出版日期：September 15, 2007
出版社：其它
页数：336
ISBN：ISBN-10: 1593271417 ISBN-13: 978-1593271411
文件格式：PDF


System administrators need to stay ahead of new securityvulnerabilities that leave their networks exposed every day. A firewalland an intrusion detection systems (IDS) are two important weapons inthat fight, enabling you to proactively deny access and monitor networktraffic for signs of an attack.
Linux Firewalls discusses the technical details of the iptablesfirewall and the Netfilter framework that are built into the Linuxkernel, and it explains how they provide strong filtering, NetworkAddress Translation (NAT), state tracking, and application layerinspection capabilities that rival many commercial tools. You’ll learnhow to deploy iptables as an IDS with psad and fwsnort and how to builda strong, passive authentication layer around iptables with fwknop.
Concrete examples illustrate concepts such as firewall log analysisand policies, passive network authentication and authorization, exploitpacket traces, Snort ruleset emulation, and more with coverage of thesetopics:
Passive network authentication and OS fingerprinting iptables loganalysis and policies Application layer attack detection with theiptables string match extension Building an iptables ruleset thatemulates a Snort ruleset Port knocking vs. Single Packet Authorization(SPA) Tools for visualizing iptables logs Perl and C code snippetsoffer practical examples that will help you to maximize your deploymentof Linux firewalls.
If you’re responsible for keeping a network secure, you’ll findLinux Firewalls invaluable in your attempt to understand attacks anduse iptables-along with psad and fwsnort-to detect and even preventcompromises.
Summary: One of the best technical books published in 2007