Linux firewalls : attack detection and response with iptables, psad, and fwsnort

Select an Action

Place Hold(s)
Add to My Lists
Email
Print

Title:

Personal Author:

Rash, Michael

Publication Information:

San Francisco : No Starch Press, 2007

Physical Description:

xix, 308 p. : ill. ; 24 cm.

ISBN:

9781593271411

Subject Term:

Computers -- Access control

Firewalls (Computer security)

Available:*

Library	Item Barcode	Call Number	Material Type	Item Category 1	Status
Searching... PSZ KL	30000003505520	QA76.9.A25 R36 2007	Open Access Book	Book	Searching... Unknown

System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection systems (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack. Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop. Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of these topics: P

Author Notes

Michael Rash is a Security Architect on the Dragon Intrusion Detection System with Enterasys Networks, Inc., and is a frequent contributor to open source projects. As the creator of psad, fwknop, and fwsnort, Rash is an expert on firewalls, IDSs, OS fingerprinting, and the Snort rules language. He is co-author of the book Snort 2.1 Intrusion Detection , lead-author and technical editor of the book Intrusion Prevention and Active Response , and has written security articles for Linux Journal , SysAdmin , and ;login: .

Acknowledgments

Foreword

Introduction

Chapter 1 Care And Feeding Of Iptables

Chapter 2 Network Layer Attacks And Defense

Chapter 3 Transport Layer Attacks And Defense

Chapter 4 Application Layer Attacks And Defense

Chapter 5 Introducing Psad: The Port Scan Attack Detector

Chapter 6 Psad Operations: Detecting Suspicious Traffic

Chapter 7 Advanced Psad Topics: From Signature Matching To Os Fingerprinting

Chapter 8 Active Response With Psad

Chapter 9 Translating Snort Rules Into Iptables Rules

Chapter 10 Deploying Fwsnort

Chapter 11 Combining Psad And Fwsnort

Chapter 12 Port Knocking Vs. Single Packet Authorization

Chapter 13 Introducing Fwknop

Chapter 14 Visualizing Iptables Logsattack Spoofinga Complete Fwsnort Scriptcolophon

Available:*

On Order

Summary

Summary

Author Notes

Table of Contents