Security experts Stephen Northcutt and Ed Skoudis have confirmed that there is a gap in existing books as far as diagnostics are concerned--this book fills that gap.
Shinn and Shinn are accomplished technologists and entrepreneurs with stellar credentials in security services--including positions at the White House.
Covers Red Hat and SuSE distributions.
While Linux firewalls are inexpensive and quite reliable, they lack the support component of their commerical counterparts. As a result, most users of Linux firewalls have to resort to mailing lists to solve their problems. Our authors have scoured firewall mailing lists and have compiled a list of the most often encountered problems in Linux firewalling. This book takes a Chilton's manual diagnostic approach to solving these problems. The book begins by presenting the two most common Linux firewall configurations and demonstrates how to implement these configurations in an imperfect network environment, not in an ideal one. Then, the authors proceed to present a methodology for analyzing each problem at various network levels: cabling, hardware components, protocols, services, and applications. The authors include diagnostic scripts which the readers can use to analyze and solve their particular Linux firewall problems. The reference distributions are Red Hat and SuSE (for international market). Product Description
While Linux firewalls are inexpensive and quite reliable, they lack the supportcomponent of their commerical counterparts. As a result, most users of Linuxfirewalls have to resort to mailing lists to solve their problems. Our authorshave scoured firewall mailing lists and have compiled a list of the most oftenencountered problems in Linux firewalling. This book takes a Chilton's manualdiagnostic approach to solving these problems.The book begins by presenting the two most common Linux firewallconfigurations and demonstrates how to implement these configurations in animperfect network environment, not in an ideal one. Then, the authors proceedto present a methodology for analyzing each problem at various network levels:cabling, hardware components, protocols, services, and applications. Theauthors include diagnostic scripts which the readers can use to analyze andsolve their particular Linux firewall problems. The reference distributions areRed Hat and SuSE (for international market).
Covers Red Hat and SUSE
When something goes wrong with your Linux firewall, you need to fix it-right now. You don't have time for endless newsgroup searches, confusing man pages, emails to the developers... it's an emergency! One book brings together all the step-by-step solutions and proven problem-solving techniques you'll need when the time comes: Troubleshooting Linux® Firewalls.
Authors Michael Shinn and Scott Shinn are among the world's leading firewall experts; they've even been hired to protect computer security at the White House. In this book, they cover every area where Linux firewalls can go wrong: rules and filtering problems, Layer 2/3/4 issues, trouble with individual services, DNS/DHCP failures, even misconfigured VPNs. They also present an easy, start-to-finish troubleshooting methodology that'll help you identify even the newest or most obscure firewall problem fast-and solve it!
Inside, you will find in-depth information on the following areas:
What you must know about iptables and netfilter to troubleshoot and avoid problems
Using loggers, sniffers, and other tools to diagnose even the most obscure firewall problems
Making sure your firewall rules work the way they're supposed to
Resolving problems with Network Address Translation and IP Forwarding
Troubleshooting SMTP, Apache, Squid, NFS, FTP, instant messaging, and other Web-based services
Finding and fixing common problems with IPsec VPN configuration
Making your firewalls more failure-resistant: recommendations from the experts
If you depend on a Linux firewall, what will you do if it goes down? With Troubleshooting Linux® Firewalls, you can be confident that the solutions are right at hand-so you can sleep at night!
© Copyright Pearson Education. All rights reserved.
I. GETTING STARTED.
Why We Wrote This Book
How This Book Is Organized
Goals of This Book
The Methodical Approach and the Need for a Methodology
Firewalls, Security, and Risk Management
How to Think About Risk Management
Computer Security Principles
Firewall Recommendations and Definitions
Why Do I Need a Firewall?
Do I Need More Than a Firewall?
What Kinds of Firewalls Are There?
The Myth of Trustworthy or Secure Software
Know Your Vulnerabilities
Creating Security Policies
Defense in Depth
2. Getting Started.
Basic Elements of Risk Management
Seven Steps to Managing Risk
Phase I: Analyze
Quantify the Value of the Asset
Phase II: Document
Create Your Plan
Create a Security Policy
Create Security Procedures
Phase III: Secure the Enterprise
Deploy Security Technology and Counter Measures
Securing the Firewall Itself
Phase IV: Implement Monitoring
Phase V: Test
Phase VI: Integrate
Phase VII: Improve
3. Local Firewall Security.
The Importance of Keeping Your Software Up to Date
Over Reliance on Patching
Turning Off Services
Using TCP Wrappers and Firewall Rules
Running Services with Least Privilege
Restricting the File System
Security Tools to Install
Log Monitoring Tools
Network Intrusion Detection
Host Intrusion Detection
Correctly Configure the Software You Are Using
Use a Hardened Kernel
Other Hardening Steps
4. Troubleshooting Methodology.
Problem Solving Methodology
Recognize, Define, and Isolate the Problem
Define What the End State Should Be
Develop Possible Solutions and Create an Action Plan
Analyze and Compare Possible Solutions
Select and Implement the Solution
Critically Analyze the Solution for Effectiveness
Repeat the Process Until You Resolve the Problem
Finding the Answers or...Why Search Engines Are Your Friend
II. TOOLS AND INTERNALS.
5. The OSI Model: Start from the Beginning.
Internet Protocols at a Glance
Understanding the Internet Protocol (IP)
Troubleshooting with This Perspective in Mind
6. netfilter and iptables Overview.
How netfilter Works
How netfilter Parses Rules
What about Fragmentation?
Taking a Closer Look at the State Engine
7. Using iptables.
Proper iptables Syntax
Examples of How the Connection Tracking Engine Works
Applying What Has Been Covered So Far by Implementing Good Rules
Setting Up an Example Firewall
Quality of Service Rules
Port Scan Rules
Bad Flag Rules
Bad IP Options Rules
Small Packets and Rules to Deal with Them
Rules To Detect Data in Packets Using the String Module
Invalid Packets and Rules to Drop Them
A Quick Word on Fragments
Odd Port Detection and Rules to Deny Connections to Them
Silently Drop Packets You Don't Care About
IP Spoofing Rules
Send TCP Reset for AUTH Connections
Playing Around with TTL Values
State Tracking Rules
Shunning Bad Guys
8. A Tour of Our Collective Toolbox.
Analyzing Traffic Utilization
Network Traffic Analyzers
Useful Control Tools
Firewall Management and Rule Building
Scripts To Do This for You
The catch all Logging Rule
The iptables TRACE Patch
Covers Red Hat and SUSE When something goes wrong with your Linux firewall, you need to fix it
- Verlag: Addison-Wesley Longman, Amsterdam
- Seitenzahl: 369
- Erscheinungstermin: Dezember 2004
- Abmessung: 232mm x 175mm x 18mm
- Gewicht: 565g
- ISBN-13: 9780321227232
- ISBN-10: 0321227239
- Artikelnr.: 13583532