Linux Firewalls by Suehring, Steve -- Read -- Imperial Library of Trantor

Index

Linux Firewalls, Third Edition Table of Contents Copyright About the Authors Acknowledgments We Want to Hear from You! Reader Services Introduction

The Purpose of This Book Who Should Read This Book Linux Distribution Errors in This Book Companion Website

Part I. Packet-Filtering and Basic Security Measures

Chapter 1. Preliminary Concepts Underlying Packet-Filtering Firewalls

The OSI Networking Model The IP Transport Mechanisms Don't Forget ARP Hostnames and IP Addresses Routing: Getting a Packet from Here to There Service Ports: The Door to the Programs on Your System Summary

Chapter 2. Packet-Filtering Concepts

A Packet-Filtering Firewall Choosing a Default Packet-Filtering Policy Rejecting Versus Denying a Packet Filtering Incoming Packets Filtering Outgoing Packets Private Versus Public Network Services Summary

Chapter 3. iptables: The Linux Firewall Administration Program

Differences Between IPFW and Netfilter Firewall Mechanisms Basic iptables Syntax iptables Features iptables Syntax Summary

Chapter 4. Building and Installing a Standalone Firewall

iptables: The Linux Firewall Administration Program Initializing the Firewall Protecting Services on Assigned Unprivileged Ports Enabling Basic, Required Internet Services Enabling Common TCP Services Enabling Common UDP Services Filtering ICMP Control and Status Messages Logging Dropped Incoming Packets Logging Dropped Outgoing Packets Denying Access to Problem Sites Up Front Installing the Firewall Summary

Part II. Advanced Issues, Multiple Firewalls, and Perimeter Networks

Chapter 5. Firewall Optimization

Rule Organization User-Defined Chains Optimized Example What Did Optimization Buy? Summary

Chapter 6. Packet Forwarding

The Limitations of a Standalone Firewall Basic Gateway Firewall Setups LAN Security Issues Configuration Options for a Trusted Home LAN Configuration Options for a Larger or Less Trusted LAN A Formal Screened-Subnet Firewall Example Converting the Gateway from Local Services to Forwarding Summary

Chapter 7. NATNetwork Address Translation

The Conceptual Background of NAT iptables NAT Semantics Examples of SNAT and Private LANs Examples of DNAT, LANs, and Proxies Summary

Chapter 8. Debugging the Firewall Rules

General Firewall-Development Tips Listing the Firewall Rules Checking the Input, Output, and Forwarding Rules Interpreting the System Logs Checking for Open Ports Summary

Part III. Beyond iptables

Chapter 9. Intrusion Detection and Response

Detecting Intrusions Symptoms Suggesting That the System Might Be Compromised What to Do If Your System Is Compromised Incident Reporting Summary

Chapter 10. Intrusion Detection Tools

Intrusion Detection Toolkit: Network Tools Rootkit Checkers Filesystem Integrity Log Monitoring How to Not Become Compromised Summary

Chapter 11. Network Monitoring and Attack Detection

Listening to the Ether TCPDump: A Simple Overview Using TCPDump to Capture Specific Protocols Automated Intrusion Monitoring with Snort Monitoring with ARPWatch Summary

Chapter 12. Filesystem Integrity

Filesystem Integrity Defined Installing AIDE Configuring AIDE Monitoring AIDE for Bad Things Cleaning Up the AIDE Database Changing the Output of the AIDE Report Defining Macros in AIDE The Types of AIDE Checks Summary

Chapter 13. Kernel Enhancements

Security Enhanced Linux Greater Security with GrSecurity A Quick Look Around the Kernel To Patch or Not to Patch Using a GrSecurity Kernel GrSecurity Conclusion: Custom Kernels

Part IV. Appendices

Appendix A. Security Resources

Security Information Sources Reference Papers and FAQs Books

Appendix B. Firewall Examples and Support Scripts

Appendix C. VPNs

Overview of Virtual Private Networks VPN Protocols Linux and VPN Products VPN Configurations Connecting Networks VPN and Firewalls Summary

Appendix D. Glossary

Index

SYMBOL A B C D E F G H I K L M N O P Q R S T U V W X Z