Linux Hardening in Hostile Networks

Author: Kyle Rankin
Publisher: Addison-Wesley Professional
ISBN: 0134173325
Category : Computers
Languages : en
Pages : 834

Book Description
Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage Respond to a compromised server, collect evidence, and prevent future attacks Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.

Linux Hardening in Hostile Networks

Author: Kyle Rankin
Publisher:
ISBN: 9780134173337
Category :
Languages : en
Pages :

Book Description

UNIX System Security Tools

Author: Seth T. Ross
Publisher: McGraw-Hill Companies
ISBN:
Category : Computers
Languages : en
Pages : 472

Book Description
This text focuses on the security fixes and tools used to fend off hackers. Topics include: passwords; permissions; cryptography; backups; and auditing and logging. The CD-ROM contains UNIX security programs available for security checkers IIS, SATAN and Kerberos.

DevOps Troubleshooting

Author: Kyle Rankin
Publisher: Addison-Wesley
ISBN: 0133035506
Category : Computers
Languages : en
Pages : 387

Book Description
“If you’re a developer trying to figure out why your application is not responding at 3 am, you need this book! This is now my go-to book when diagnosing production issues. It has saved me hours in troubleshooting complicated operations problems.” –Trotter Cashion, cofounder, Mashion DevOps can help developers, QAs, and admins work together to solve Linux server problems far more rapidly, significantly improving IT performance, availability, and efficiency. To gain these benefits, however, team members need common troubleshooting skills and practices. In DevOps Troubleshooting: Linux Server Best Practices, award-winning Linux expert Kyle Rankin brings together all the standardized, repeatable techniques your team needs to stop finger-pointing, collaborate effectively, and quickly solve virtually any Linux server problem. Rankin walks you through using DevOps techniques to troubleshoot everything from boot failures and corrupt disks to lost email and downed websites. You’ll master indispensable skills for diagnosing high-load systems and network problems in production environments. Rankin shows how to Master DevOps’ approach to troubleshooting and proven Linux server problem-solving principles Diagnose slow servers and applications by identifying CPU, RAM, and Disk I/O bottlenecks Understand healthy boots, so you can identify failure points and fix them Solve full or corrupt disk issues that prevent disk writes Track down the sources of network problems Troubleshoot DNS, email, and other network services Isolate and diagnose Apache and Nginx Web server failures and slowdowns Solve problems with MySQL and Postgres database servers and queries Identify hardware failures–even notoriously elusive intermittent failures

SIP Security

Author: Dorgham Sisalem
Publisher: John Wiley & Sons
ISBN: 9780470516980
Category : Technology & Engineering
Languages : en
Pages : 350

Book Description
This book gives a detailed overview of SIP specific security issues and how to solve them While the standards and products for VoIP and SIP services have reached market maturity, security and regulatory aspects of such services are still being discussed. SIP itself specifies only a basic set of security mechanisms that cover a subset of possible security issues. In this book, the authors survey important aspects of securing SIP-based services. This encompasses a description of the problems themselves and the standards-based solutions for such problems. Where a standards-based solution has not been defined, the alternatives are discussed and the benefits and constraints of the different solutions are highlighted. Key Features: Will help the readers to understand the actual problems of using and developing VoIP services, and to distinguish between real problems and the general hype of VoIP security Discusses key aspects of SIP security including authentication, integrity, confidentiality, non-repudiation and signalling Assesses the real security issues facing users of SIP, and details the latest theoretical and practical solutions to SIP Security issues Covers secure SIP access, inter-provider secure communication, media security, security of the IMS infrastructures as well as VoIP services vulnerabilities and countermeasures against Denial-of-Service attacks and VoIP spam This book will be of interest to IT staff involved in deploying and developing VoIP, service users of SIP, network engineers, designers and managers. Advanced undergraduate and graduate students studying data/voice/multimedia communications as well as researchers in academia and industry will also find this book valuable.

Linux Multimedia Hacks

Author: Kyle Rankin
Publisher: "O'Reilly Media, Inc."
ISBN: 0596100760
Category : Computers
Languages : en
Pages : 330

Book Description
Presents Linux's multimedia tools with step-by-step instructions to maximize entertainment capabilities for images, audio, and video.

Cooperative Communications

Author: Mischa Dohler
Publisher: John Wiley & Sons
ISBN: 9780470740064
Category : Technology & Engineering
Languages : en
Pages : 464

Book Description
Facilitating Cooperation for Wireless Systems Cooperative Communications: Hardware, Channel & PHY focuses on issues pertaining to the PHY layer of wireless communication networks, offering a rigorous taxonomy of this dispersed field, along with a range of application scenarios for cooperative and distributed schemes, demonstrating how these techniques can be employed. The authors discuss hardware, complexity and power consumption issues, which are vital for understanding what can be realized at the PHY layer, showing how wireless channel models differ from more traditional models, and highlighting the reliance of PHY algorithm performance on the underlying channel models. Numerous transparent and regenerative relaying protocols are described in detail for a variety of transparent and regenerative cooperative schemes. Key Features: Introduces background, concepts, applications, milestones and thorough taxonomy Identifies the potential in this emerging technology applied to e.g. LTE/WiMAX, WSN Discusses latest wireless channel models for transparent and regenerative protocols Addresses the fundamentals as well as latest emerging PHY protocols Introduces transparent distributed STBC, STTC, multiplexing and beamforming protocols Quantifies regenerative distributed space-time, channel and network coding protocols Explores system optimization, such as distributed power allocation and relay selection Introduces and compares analog and digital hardware architectures Quantifies complexity, memory and power consumption of 3G UMTS & 4G LTE/WiMAX relay Highlights future research challenges within the cooperative communications field This book is an invaluable guide for professionals and researchers in communications fields. It will also be of interest to graduates of communications and electronic engineering courses. It forms part of an entire series dedicated to cooperative wireless systems.

Building Internet Firewalls

Author: Elizabeth D. Zwicky
Publisher: "O'Reilly Media, Inc."
ISBN: 0596551886
Category : Computers
Languages : en
Pages : 897

Book Description
In the five years since the first edition of this classic book was published, Internet use has exploded. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks--and the need to protect both business and personal data--have never been greater. We've updated Building Internet Firewalls to address these newer risks. What kinds of security threats does the Internet pose? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. And others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, are in current headlines. Firewalls, critical components of today's computer networks, effectively protect a system from most Internet security threats. They keep damage on one part of the network--such as eavesdropping, a worm program, or file damage--from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. Like the bestselling and highly respected first edition, Building Internet Firewalls, 2nd Edition, is a practical and detailed step-by-step guide to designing and installing firewalls and configuring Internet services to work with a firewall. Much expanded to include Linux and Windows coverage, the second edition describes: Firewall technologies: packet filtering, proxying, network address translation, virtual private networks Architectures such as screening routers, dual-homed hosts, screened hosts, screened subnets, perimeter networks, internal firewalls Issues involved in a variety of new Internet services and protocols through a firewall Email and News Web services and scripting languages (e.g., HTTP, Java, JavaScript, ActiveX, RealAudio, RealVideo) File transfer and sharing services such as NFS, Samba Remote access services such as Telnet, the BSD "r" commands, SSH, BackOrifice 2000 Real-time conferencing services such as ICQ and talk Naming and directory services (e.g., DNS, NetBT, the Windows Browser) Authentication and auditing services (e.g., PAM, Kerberos, RADIUS); Administrative services (e.g., syslog, SNMP, SMS, RIP and other routing protocols, and ping and other network diagnostics) Intermediary protocols (e.g., RPC, SMB, CORBA, IIOP) Database protocols (e.g., ODBC, JDBC, and protocols for Oracle, Sybase, and Microsoft SQL Server) The book's complete list of resources includes the location of many publicly available firewall construction tools.

Practical UNIX and Internet Security

Author: Simson Garfinkel
Publisher: "O'Reilly Media, Inc."
ISBN: 1449310125
Category : Computers
Languages : en
Pages : 989

Book Description
When Practical Unix Security was first published more than a decade ago, it became an instant classic. Crammed with information about host security, it saved many a Unix system administrator from disaster. The second edition added much-needed Internet security coverage and doubled the size of the original volume. The third edition is a comprehensive update of this very popular book - a companion for the Unix/Linux system administrator who needs to secure his or her organization's system, networks, and web presence in an increasingly hostile world.Focusing on the four most popular Unix variants today--Solaris, Mac OS X, Linux, and FreeBSD--this book contains new information on PAM (Pluggable Authentication Modules), LDAP, SMB/Samba, anti-theft technologies, embedded systems, wireless and laptop issues, forensics, intrusion detection, chroot jails, telephone scanners and firewalls, virtual and cryptographic filesystems, WebNFS, kernel security levels, outsourcing, legal issues, new Internet protocols and cryptographic algorithms, and much more.Practical Unix & Internet Security consists of six parts: Computer security basics: introduction to security problems and solutions, Unix history and lineage, and the importance of security policies as a basic element of system security. Security building blocks: fundamentals of Unix passwords, users, groups, the Unix filesystem, cryptography, physical security, and personnel security. Network security: a detailed look at modem and dialup security, TCP/IP, securing individual network services, Sun's RPC, various host and network authentication systems (e.g., NIS, NIS+, and Kerberos), NFS and other filesystems, and the importance of secure programming. Secure operations: keeping up to date in today's changing security world, backups, defending against attacks, performing integrity management, and auditing. Handling security incidents: discovering a break-in, dealing with programmed threats and denial of service attacks, and legal aspects of computer security. Appendixes: a comprehensive security checklist and a detailed bibliography of paper and electronic references for further reading and research. Packed with 1000 pages of helpful text, scripts, checklists, tips, and warnings, this third edition remains the definitive reference for Unix administrators and anyone who cares about protecting their systems and data from today's threats.

Building DMZs For Enterprise Networks

Author: Syngress
Publisher: Elsevier
ISBN: 0080476260
Category : Computers
Languages : en
Pages : 831

Book Description
This book covers what an administrator needs to plan out and integrate a DMZ into a network for small, medium and Enterprise networks. In most enterprises the perception is that a firewall provides a hardened perimeter. However, the security of internal networks and hosts is usually very soft. In such an environment, a non-DMZ system that is offering services to the Internet creates the opportunity to leapfrog to other hosts in the soft interior of your network. In this scenario your internal network is fair game for any attacker who manages to penetrate your so-called hard perimeter.- There are currently no books written specifically on DMZs- This book will be unique in that it will be the only book that teaches readers how to build a DMZ using all of these products: ISA Server, Check Point NG, Cisco Routers, Sun Servers, and Nokia Security Appliances.- Dr. Thomas W. Shinder is the author of the best-selling book on Microsoft's ISA, Configuring ISA Server 2000. Customers of the first book will certainly buy this book.