Linux Hardening in Hostile Networks: Server Security from TLS to Tor, Rough Cuts

Description

This is the Rough Cut version of the printed book.

The attacks that the average sysadmin faces today are the sophisticated nation-state attacks from the year before. The early chapters of Linux Hardening in Hostile Networks take a user-centric approach and walk the reader through improving their operational security and hardening their own workstation including a full guide on the security-focused Tails and Qubes OSes. The core of the book aims at securing the servers these users talk to, and guides the reader through how to set up secured versions of the services your average sysadmin manages every day, including web, email, and database servers that communicate over TLS, locked-down DNS servers with DNSSEC. The book also includes sections on Tor servers and hidden services. Additional topics include workstation security, network, web servers, email, DNS, and database.

The book itself organizes each of these categories into their own chapters, and each chapter is further divided into three sections that organize tips for each category based on difficulty level, time commitment, and overall threat. While the first section of each chapter contains tips just about anyone could follow in a few minutes to protect against the entry-level hacker, the second section of the chapter aims at intermediate, up to advanced, sysadmin and protecting against more sophisticated, knowledgeable attackers. The final section of each chapter describes techniques for advanced administrators to protect against nation-state-level adversaries.

Sample Content

Table of Contents

Preface

Chapter 1: Overall Security Concepts

Chapter 2: Workstation Security

Chapter 3: Server Security

Chapter 4: Network

Chapter 5: Web Servers

Chapter 6: Email

Chapter 7: DNS

Chapter 8: Database

Chapter 9: Incident Response

Appendix B: SSL/TLS

Updates

Submit Errata