Linux Firewalls: Enhancing Security with nftables and Beyond, 4th Edition

About

Features

• Presents definitive, up-to-the-minute coverage of nftables, IPv6 and wireless firewalls, and VPNs
• Reflects extensive updates to iptables, next-generation security tools such as Samhain and rkhunter, and new security techniques such as port knocking
• Advanced coverage includes hardening the Linux kernel to enhance security
• Content is distribution neutral, updated for the latest Linux Kernel, and supported with Red Hat, SUSE, and Debian code examples



Description

• Copyright 2015
• Dimensions: 7" x 9-1/8"
• Pages: 432
• Edition: 4th

• Book
• ISBN-10: 0-13-400002-1
• ISBN-13: 978-0-13-400002-2

The Definitive Guide to Building Firewalls with Linux

As the security challenges facing Linux system and network administrators have grown, the security tools and techniques available to them have improved dramatically. In Linux^® Firewalls, Fourth Edition, long-time Linux security expert Steve Suehring has revamped his definitive Linux firewall guide to cover the important advances in Linux security.

An indispensable working resource for every Linux administrator concerned with security, this guide presents comprehensive coverage of both iptables and nftables. Building on the solid networking and firewalling foundation in previous editions, it also adds coverage of modern tools and techniques for detecting exploits and intrusions, and much more.

Distribution neutral throughout, this edition is fully updated for today’s Linux kernels, and includes current code examples and support scripts for Red Hat/Fedora, Ubuntu, and Debian implementations. If you’re a Linux professional, it will help you establish an understanding of security for any Linux system, and for networks of all sizes, from home to enterprise.

Inside, you’ll find just what you need to

• Install, configure, and update a Linux firewall running either iptables or nftables
• Migrate to nftables, or take advantage of the latest iptables enhancements
• Manage complex multiple firewall configurations
• Create, debug, and optimize firewall rules
• Use Samhain and other tools to protect filesystem integrity, monitor networks, and detect intrusions
• Harden systems against port scanning and other attacks
• Uncover exploits such as rootkits and backdoors with chkrootkit



Extras

Author's Site

Please visit the author's site here



Sample Content

Online Sample Chapter

Packet-Filtering Concepts in Linux Firewalls

Sample Pages

Download the sample pages (includes Chapter 2 and Index)

Table of Contents

Preface         xix

About the Author         xxi

Part I: Packet Filtering and Basic Security Measures 1

Chapter 1: Preliminary Concepts Underlying Packet-Filtering Firewalls         3

The OSI Networking Model   5

The Internet Protocol   7

Transport Mechanisms   14

Don’t Forget Address Resolution Protocol   17

Hostnames and IP Addresses   18

Routing: Getting a Packet from Here to There   19

Service Ports: The Door to the Programs on Your System   19

Summary   23

Chapter 2: Packet-Filtering Concepts         25

A Packet-Filtering Firewall   26

Choosing a Default Packet-Filtering Policy   29

Rejecting versus Denying a Packet   31

Filtering Incoming Packets   31

Filtering Outgoing Packets   46

Private versus Public Network Services   49

Summary   50

Chapter 3: iptables : The Legacy Linux Firewall Administration Program         51

Differences between IPFW and Netfilter Firewall Mechanisms   51

Basic iptables Syntax   54

iptables Features   55

Iptables Syntax   61

Summary   82

Chapter 4: nftables : The Linux Firewall Administration Program         83

nftables Features   84

nftables Syntax   85

Summary   93

Chapter 5: Building and Installing a Standalone Firewall         95

The Linux Firewall Administration Programs   96

Initializing the Firewall   99

Protecting Services on Assigned Unprivileged Ports   112

Enabling Basic, Required Internet Services   117

Enabling Common TCP Services   122

Enabling Common UDP Services   134

Logging Dropped Incoming Packets   138

Logging Dropped Outgoing Packets   138

Installing the Firewall   139

Summary   141

Part II: Advanced Issues, Multiple Firewalls, and Perimeter Networks       143

Chapter 6:  Firewall Optimization         145

Rule Organization   145

User-Defined Chains   148

Optimized Examples   151

What Did Optimization Buy?   176

Summary   177

Chapter 7:  Packet Forwarding         179

The Limitations of a Standalone Firewall   179

Basic Gateway Firewall Setups   181

LAN Security Issues   182

Configuration Options for a Trusted Home LAN   183

Configuration Options for a Larger or Less Trusted LAN   188

Summary   195

Chapter 8:  NAT–Network Address Translation         197

The Conceptual Background of NAT   197

NAT Semantics with iptables and nftables   201

Examples of SNAT and Private LANs   206

Examples of DNAT, LANs, and Proxies   209

Summary   210

Chapter 9: Debugging the Firewall Rules          211

General Firewall Development Tips   211

Listing the Firewall Rules   213

Interpreting the System Logs   217

Checking for Open Ports   223

Summary   227

Chapter 10: Virtual Private Networks         229

Overview of Virtual Private Networks   229

VPN Protocols   229

Linux and VPN Products   232

VPN and Firewalls   233

Summary   234

Part III: Beyond iptables  and nftables          235

Chapter 11: Intrusion Detection and Response         237

Detecting Intrusions   237

Symptoms Suggesting That the System Might Be Compromised   238

What to Do If Your System Is Compromised   241

Incident Reporting   243

Summary   247

Chapter 12:  Intrusion Detection Tools         249

Intrusion Detection Toolkit: Network Tools   249

Rootkit Checkers   251

Filesystem Integrity   255

Log Monitoring   256

How to Not Become Compromised   257

Summary   261

Chapter 13:  Network Monitoring and Attack Detection         263

Listening to the Ether   263

TCPDump: A Simple Overview   265

Using TCPDump to Capture Specific Protocols   272

Automated Intrusion Monitoring with Snort   286

Monitoring with ARPWatch   291

Summary   293

Chapter 14:  Filesystem Integrity         295

Filesystem Integrity Defined   295

Installing AIDE   296

Configuring AIDE   297

Monitoring AIDE for Bad Things   301

Cleaning Up the AIDE Database   302

Changing the Output of the AIDE Report   303

Defining Macros in AIDE   306

The Types of AIDE Checks   307

Summary   310

Part IV: Appendices         311

Appendix A:  Security Resources         313

Security Information Sources   313

Reference Papers and FAQs   314

Appendix B:  Firewall Examples and Support Scripts         315

iptables Firewall for a Standalone System from Chapter 5    315

nftables Firewall for a Standalone System from Chapter 5    328

Optimized  iptables Firewall from Chapter 6   332

nftables Firewall from Chapter 6    345

Appendix C: Glossary         351

Appendix D: GNU Free Documentation License         363

0. Preamble   363

1. Applicability and Definitions   363

2. Verbatim Copying   365

3. Copying in Quantity   365

4. Modifications   366

5. Combining Documents   367

6. Collections of Documents   368

7. Aggregation with Independent Works   368

8. Translation   368

9. Termination   369

10. Future Revisions of this License   369

11. Relicensing   370

Index         371



Updates

Submit Errata

