- ホーム
- > 洋書
- > 英文書
- > Computer / Operating Systems
Full Description
This text should help you master the principles of reliable system and network security by combining practical advice with a firm knowledge of the tech nical tools needed to ensure security. The book focuses on the most common use of Linux - as a hub offering services to an organization or the larger Internet--and shows readers how to harden their hosts against attacks. Author Mick Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. The book does not cover firewalls, but covers the more common situation where an organization protects its hub using other systems as firewalls, often proprietary firewalls. The book includes: precise directions for securing common services, including the Web, mail, DNS, and file transfer. Ancillary tasks, such as hardening Linux, using SSH and certificates for tunnelling, and using iptables for firewalling. Basic installation of intrusion detection tools. Writing for Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. "Building Secure Servers with Linux"provides a balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages. An all-inclusive resource for Linux users who wish to harden their systems, the book covers general security as well as key services such as DNS, the Apache Web server, mail, file transfer, and secure shell. With this book in hand, you'll have everything you need to ensure robust security of your Linux system.
Contents
Preface; 1. Threat Modeling and Risk Management Components of Risk Simple Risk Analysis: ALEs An Alternative: Attack Trees Defenses Conclusion Resources; 2. Designing Perimeter Networks Some Terminology Types of Firewall and DMZ Architectures Deciding What Should Reside on the DMZ Allocating Resources in the DMZ The Firewall; 3. Hardening Linux OS Hardening Principles Automated Hardening with Bastille Linux; 4. Secure Remote Administration Why It's Time to Retire Clear-Text Admin Tools Secure Shell Background and Basic Use Intermediate and Advanced SSH Other Handy Tools; 5. Tunneling Stunnel and OpenSSL: Concepts; 6. Securing Domain Name Services (DNS) DNS Basics DNS Security Principles Selecting a DNS Software Package Securing BIND djbdns Resources; 7. Securing Internet Email Background: MTA and SMTP Security Using SMTP Commands to Troubleshoot and Test SMTP Servers Securing Your MTA Sendmail Postfix Resources; 8. Securing Web Services Web Server Security Build Time: Installing Apache Setup Time: Configuring Apache Runtime: Securing CGI Scripts Special Topics Other Servers and Web Security; 9. Securing File Services FTP Security Other File-Sharing Methods Resources; 10. System Log Management and Monitoring syslog Syslog-ng Testing System Logging with logger Managing System-Log Files Using Swatch for Automated Log Monitoring Resources; 11. Simple Intrusion Detection Techniques Principles of Intrusion Detection Systems Using Tripwire Other Integrity Checkers Snort Resources; Appendix: Two Complete Iptables Startup Scripts Index
