Linux server security
Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Sebastopol, California :
O'Reilly
2005.
|
| Edición: | 2nd ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009626946006719 |
Tabla de Contenidos:
- Table of Contents; Preface; What This Book Is About; The Paranoid Penguin Connection; The Second Edition; Audience; What This Book Doesn't Cover; Assumptions This Book Makes; Organization of This Book; Conventions Used in This Book; Safari® Enabled; How to Contact Us; Using Code Examples; Acknowledgments; Threat Modeling and Risk Management; Components of Risk; Assets; Security Goals; Data confidentiality; Data integrity; System integrity; System/network availability; Threats; Motives; Financial motives; Political motives; Personal/psychological motives
- Vulnerabilities and Attacks Against ThemSimple Risk Analysis: ALEs; An Alternative: Attack Trees; Defenses; Asset Devaluation; Vulnerability Mitigation; Attack Mitigation; Conclusion; Resources; Designing Perimeter Networks; Some Terminology; Types of Firewall and DMZ Architectures; The "Inside Versus Outside" Architecture; The "Three-Homed Firewall" DMZ Architecture; A Weak Screened-Subnet Architecture; A Strong Screened-Subnet Architecture; Deciding What Should Reside on the DMZ; Allocating Resources in the DMZ; The Firewall; Types of Firewall; Simple packet filters
- Stateful packet filteringStateful Inspection; Application-layer proxies; Selecting a Firewall; General Firewall Configuration Guidelines; Harden your firewall's OS; Configure anti-IP-spoofing rules; Deny by default; Strictly limit incoming traffic; Strictly limit all traffic out of the DMZ; Don't give internal systems unrestricted outbound access; If you have the means, use an application-gateway firewall; Don't be complacent about host security; Hardening Linux and Using iptables; OS Hardening Principles; Installing/Running Only Necessary Software; Commonly unnecessary packages
- Disabling services in Red Hat and related distributionsDisabling services in SUSE; Disabling services in Debian 3.0; Disabling services in other Linux distributions; Keeping Software Up to Date; Distribution (global) updates versus per-package updates; Whither X-based updates?; How to be notified of and obtain security updates: Red Hat; RPM updates for the extremely cautious; Yum: a free alternative to up2date; How to be notified of and obtain security updates: SUSE; SUSE's online-update feature; How to be notified of and obtain security updates: Debian
- Deleting Unnecessary User Accounts and Restricting Shell AccessRestricting Access to Known Users; Running Services in chrooted Filesystems; Minimizing Use of SUID root; Identifying and dealing with SUID root files; Using su and sudo; Using su; Using sudo; Configuring, Managing, and Monitoring Logs; Every System Can Be Its Own Firewall: Using iptables for Local Security; Using iptables: Preparatory steps; How netfilter works; Using iptables; Checking Your Work with Scanners; Types of scans and their uses; Why we (good guys) scan; nmap, world champion port scanner; Getting and installing nmap
- Using nmap
