Rough Cuts are manuscripts that are developed but not yet published, available through Safari. Rough Cuts provide you access to the very latest information on a given topic and offer you the opportunity to interact with the author to influence the final publication.
Also available in other formats.
This is the Rough Cut version of the printed book.
The attacks that the average sysadmin faces today are the sophisticated nation-state attacks from the year before. The early chapters of Linux Hardening in Hostile Networks take a user-centric approach and walk the reader through improving their operational security and hardening their own workstation including a full guide on the security-focused Tails and Qubes OSes. The core of the book aims at securing the servers these users talk to, and guides the reader through how to set up secured versions of the services your average sysadmin manages every day, including web, email, and database servers that communicate over TLS, locked-down DNS servers with DNSSEC. The book also includes sections on Tor servers and hidden services. Additional topics include workstation security, network, web servers, email, DNS, and database.
The book itself organizes each of these categories into their own chapters, and each chapter is further divided into three sections that organize tips for each category based on difficulty level, time commitment, and overall threat. While the first section of each chapter contains tips just about anyone could follow in a few minutes to protect against the entry-level hacker, the second section of the chapter aims at intermediate, up to advanced, sysadmin and protecting against more sophisticated, knowledgeable attackers. The final section of each chapter describes techniques for advanced administrators to protect against nation-state-level adversaries.
Chapter 1: Overall Security Concepts
Chapter 2: Workstation Security
Chapter 3: Server Security
Chapter 4: Network
Chapter 5: Web Servers
Chapter 6: Email
Chapter 7: DNS
Chapter 8: Database
Chapter 9: Incident ResponseAppendix A: Tor
Appendix B: SSL/TLS