Linux Hardening in Hostile Networks
$39.99
Title | Range | Discount |
---|---|---|
Trade Discount | 5 + | 25% |
- Description
- Additional information
Description
- Demystifies high-security technologies like TLS, DNSSEC, and Tor, and guides readers step-by-step through implementing them
- Shows how to systematically harden Linux servers and networks against aggressive new threats
- Demonstrates today’s best practices for protect email and other digital assets against intrusions from governments and sophisticated hackers
- Organizes countermeasures by complexity, so you can quickly implement easier solutions, and move on to more difficult techniques when you’re ready
- By Kyle Rankin, award-winning Linux Journal columnist and author of DevOps Troubleshooting and The Official Ubuntu Server Book
Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks, and Ubuntu Hacks; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, O’Reilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users’ Groups. In his free time Kyle does much of what he does at work—plays with Linux and computers in general. He’s also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.
Industrial-strength security for Linux servers: protect your network and systems with the most powerful tools available
- Demystifies high-security technologies like TLS, DNSSEC, and Tor, and guides you step-by-step through implementing them
- Shows how to systematically harden Linux servers and networks against aggressive new threats
- Demonstrates today’s best practices for protect email and other digital assets against intrusions from governments and sophisticated hackers
- Organizes countermeasures by complexity, so you can quickly implement easier solutions, and move on to more difficult techniques when you’re ready
- CD-ROM with complete, pre-configured Tails secure Linux distribution helps you get started fast with a highly-secure system
- By Kyle Rankin, award-winning Linux Journal columnist and author of DevOps Troubleshooting and The Official Ubuntu Server Book
Foreword xiii
Preface xv
Acknowledgments xxiii
About the Author xxv
Chapter 1: Overall Security Concepts 1
Section 1: Security Fundamentals 1
Section 2: Security Practices Against a Knowledgeable Attacker 10
Section 3: Security Practices Against an Advanced Attacker 20
Summary 24
Chapter 2: Workstation Security 25
Section 1: Security Fundamentals 25
Section 2: Additional Workstation Hardening 33
Section 3: Qubes 37
Summary 52
Chapter 3: Server Security 53
Section 1: Server Security Fundamentals 53
Section 2: Intermediate Server-Hardening Techniques 58
Section 3: Advanced Server-Hardening Techniques 68
Summary 74
Chapter 4: Network 75
Section 1: Essential Network Hardening 76
Section 2: Encrypted Networks 87
Section 3: Anonymous Networks 100
Summary 107
Chapter 5: Web Servers 109
Section 1: Web Server Security Fundamentals 109
Section 2: HTTPS 113
Section 3: Advanced HTTPS Configuration 118
Summary 131
Chapter 6: Email 133
Section 1: Essential Email Hardening 133
Section 2: Authentication and Encryption 137
Section 3: Advanced Hardening 141
Summary 156
Chapter 7: DNS 157
Section 1: DNS Security Fundamentals 158
Section 2: DNS Amplification Attacks and Rate Limiting 161
Section 3: DNSSEC 166
Summary 175
Chapter 8: Database 177
Section 1: Database Security Fundamentals 177
Section 2: Database Hardening 185
Section 3: Database Encryption 191
Summary 195
Chapter 9: Incident Response 197
Section 1: Incident Response Fundamentals 197
Section 2: Secure Disk Imaging Techniques 200
Section 3: Walk Through a Sample Investigation 209
Summary 214
Appendix A: Tor 215
What Is Tor? 215
How Tor Works 216
Security Risks 219
Appendix B: SSL/TLS 221
What Is TLS? 221
How TLS Works 222
TLS Troubleshooting Commands 224
Security Risks 224
Index 229
Implement Industrial-Strength Security on Any Linux Server
In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.
Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.
Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.
- Apply core security techniques including 2FA and strong passwords
- Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
- Use the security-focused Tails distribution as a quick path to a hardened workstation
- Compartmentalize workstation tasks into VMs with varying levels of trust
- Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
- Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
- Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
- Set up standalone Tor services and hidden Tor services and relays
- Secure Apache and Nginx web servers, and take full advantage of HTTPS
- Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
- Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
- Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
- Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
- Respond to a compromised server, collect evidence, and prevent future attacks
Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.
In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.
Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.
Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.
- Apply core security techniques including 2FA and strong passwords
- Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
- Use the security-focused Tails distribution as a quick path to a hardened workstation
- Compartmentalize workstation tasks into VMs with varying levels of trust
- Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
- Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
- Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
- Set up standalone Tor services and hidden Tor services and relays
- Secure Apache and Nginx web servers, and take full advantage of HTTPS
- Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
- Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
- Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
- Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
- Respond to a compromised server, collect evidence, and prevent future attacks
Additional information
Dimensions | 1.00 × 7.00 × 9.05 in |
---|---|
Series | |
Imprint | |
Format | |
ISBN-13 | |
ISBN-10 | |
Author | |
BISAC | |
Subjects | professional, higher education, COM046070, Employability, IT Professional, Y-AM DATABASES |