You are previewing Linux Firewalls, Third Edition.
O'Reilly logo
Linux Firewalls, Third Edition

Book Description

An Internet-connected Linux machine is in a high-risk situation. Linux Firewalls, Third Edition details security steps that any sized implementation--from home use to enterprise level--might take to protect itself from potential remote attackers. As with the first two editions, this book is especially useful for its explanations of iptables, packet filtering, and firewall optimization along with some advanced concepts including customizing the Linux kernel to enhance security.The third edition, while distribution neutral, has been updated for the current Linux Kernel and provides code examples for Red Hat, SUSE, and Debian implementations. Don't miss out on the third edition of the critically acclaimed Linux Firewalls.

Table of Contents

  1. Copyright
  2. About the Authors
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Reader Services
  6. Introduction
  7. Packet-Filtering and Basic Security Measures
    1. Preliminary Concepts Underlying Packet-Filtering Firewalls
      1. The OSI Networking Model
      2. The IP
      3. Transport Mechanisms
      4. Don't Forget ARP
      5. Hostnames and IP Addresses
      6. Routing: Getting a Packet from Here to There
      7. Service Ports: The Door to the Programs on Your System
      8. Summary
    2. Packet-Filtering Concepts
      1. A Packet-Filtering Firewall
      2. Choosing a Default Packet-Filtering Policy
      3. Rejecting Versus Denying a Packet
      4. Filtering Incoming Packets
      5. Filtering Outgoing Packets
      6. Private Versus Public Network Services
      7. Summary
    3. iptables: The Linux Firewall Administration Program
      1. Differences Between IPFW and Netfilter Firewall Mechanisms
      2. Basic iptables Syntax
      3. iptables Features
      4. iptables Syntax
      5. Summary
    4. Building and Installing a Standalone Firewall
      1. iptables: The Linux Firewall Administration Program
      2. Initializing the Firewall
      3. Protecting Services on Assigned Unprivileged Ports
      4. Enabling Basic, Required Internet Services
      5. Enabling Common TCP Services
      6. Enabling Common UDP Services
      7. Filtering ICMP Control and Status Messages
      8. Logging Dropped Incoming Packets
      9. Logging Dropped Outgoing Packets
      10. Denying Access to Problem Sites Up Front
      11. Installing the Firewall
      12. Summary
  8. Advanced Issues, Multiple Firewalls, and Perimeter Networks
    1. Firewall Optimization
      1. Rule Organization
      2. User-Defined Chains
      3. Optimized Example
      4. What Did Optimization Buy?
      5. Summary
    2. Packet Forwarding
      1. The Limitations of a Standalone Firewall
      2. Basic Gateway Firewall Setups
      3. LAN Security Issues
      4. Configuration Options for a Trusted Home LAN
      5. Configuration Options for a Larger or Less Trusted LAN
      6. A Formal Screened-Subnet Firewall Example
      7. Converting the Gateway from Local Services to Forwarding
      8. Summary
    3. NAT—Network Address Translation
      1. The Conceptual Background of NAT
      2. iptables NAT Semantics
      3. Examples of SNAT and Private LANs
      4. Examples of DNAT, LANs, and Proxies
      5. Summary
    4. Debugging the Firewall Rules
      1. General Firewall-Development Tips
      2. Listing the Firewall Rules
      3. Checking the Input, Output, and Forwarding Rules
      4. Interpreting the System Logs
      5. Checking for Open Ports
      6. Summary
  9. Beyond iptables
    1. Intrusion Detection and Response
      1. Detecting Intrusions
      2. Symptoms Suggesting That the System Might Be Compromised
      3. What to Do If Your System Is Compromised
      4. Incident Reporting
      5. Summary
    2. Intrusion Detection Tools
      1. Intrusion Detection Toolkit: Network Tools
      2. Rootkit Checkers
      3. Filesystem Integrity
      4. Log Monitoring
      5. How to Not Become Compromised
      6. Summary
    3. Network Monitoring and Attack Detection
      1. Listening to the Ether
      2. TCPDump: A Simple Overview
      3. Using TCPDump to Capture Specific Protocols
      4. Automated Intrusion Monitoring with Snort
      5. Monitoring with ARPWatch
      6. Summary
    4. Filesystem Integrity
      1. Filesystem Integrity Defined
      2. Installing AIDE
      3. Configuring AIDE
      4. Monitoring AIDE for Bad Things
      5. Cleaning Up the AIDE Database
      6. Changing the Output of the AIDE Report
      7. Defining Macros in AIDE
      8. The Types of AIDE Checks
      9. Summary
    5. Kernel Enhancements
      1. Security Enhanced Linux
      2. Greater Security with GrSecurity
      3. A Quick Look Around the Kernel
      4. To Patch or Not to Patch
      5. Using a GrSecurity Kernel
      6. GrSecurity
      7. Conclusion: Custom Kernels
  10. Appendices
    1. Security Resources
      1. Security Information Sources
      2. Reference Papers and FAQs
      3. Books
    2. Firewall Examples and Support Scripts
      1. iptables Firewall for a Standalone System from Chapter 4
      2. Optimized iptables Firewall from Chapter 5
      3. iptables Firewall for a Choke Firewall from Chapter 6
    3. VPNs
      1. Overview of Virtual Private Networks
      2. VPN Protocols
      3. Linux and VPN Products
      4. VPN Configurations
      5. Connecting Networks
      6. VPN and Firewalls
      7. Summary
    4. Glossary
  11. Index