Linux Network Security Book Review

Linux Network Security

Author:: Peter G Smith
Publisher:: Charles River Media
Published:: 2005
Pages:: 541

Linux Network Security

Linux Network Security Chapters

Introduction: The Need for Security
- Introducing the Enemy
  - The Hacker Myth
- Just Who is at Risk?
- The Implication of a Compromise
- Hackers and Crackers
  - Crackers
Understanding the Problem
- Part I: Attacks Against Linux
- Exploits and Vulnerabilities
  - Weak Passwords
  - suid Binaries
  - The Buffer Overflow
  - The Basics
  - Race Conditions
  - Key Logging
  - Unauthorized X Windows Access
- Trojans and Backdoors
  - The Sendmail Trojan
  - Modifying /etc/passwd
  - Modifying /etc/inetd.conf
  - Creating suid Shells
  - Trojaned System Binaries
  - CGI Abuse
- Rootkits
  - FLEA
  - T0rn
  - Adore (2.4.x Kernel)
  - Adore-ng (2.6.x Kernel)
- PartII: Attacks Against the Network
- Denial of Service (DoS)
  - Ping-Pong Attack
  - Distributed Flood Nets
  - The Smurf Attacks
  - Fragmentation Attacks
  - SYN Flooding
  - Nonbandwidth-Oriented DoS Attacks
- TCP/IP Attacks
  - ARP Spoofing
  - DNS Attacks
  - Packet Sniffing
  - Switched LAN Sniffing
  - IP Spoofing
  - Man-in-the-Middle Attacks
  - Replay Attacks
  - Injection Attacks
A Secure Topology
- Network Topology
  - Switches, Hubs and Sniffing
  - Gateways, Routers and Firewalls
  - Wireless Networking
  - Network Address Translation (NAT)
  - The DMZ
- A Detour into iptables
  - Preparation
  - Patch-O-Matic
  - Installation
  - The Life Cycle of a Packet
  - Using iptables
  - General Syntax
- Implementing the Three-Legged Model
  - Firewall Rulesets
  - Traffic Routing
- Network Tuning with the /proc Filesystem
  - Sysctl
  - Routing Options
  - Security Settings
  - ICMP Messages
  - TCP Settings
- Virtual Private Networks and IP Security
  - Virtual Private Networking (VPN)
  - Road Warriors
  - IPsec
  - Implementing a VPN with IPsec
Assessing the Network
- Portscanning with Nmap
  - Scan Type and Options
  - Nmap in Use
- Vulnerability Auditing with Nessus
  - Installing Nessus
- Web Site Auditing with Nikto
Packet Filtering with iptables
- The Components of an iptables Rule
  - Generic Matches
  - TCP-Specific Matches
  - UDP-Specific Matches
  - ICMP-Specific Matches
  - Matching Extensions
  - Targets
- Creating a Firewall Ruleset
  - Protecting the Firewall
  - Protecting the DMZ
  - ICMP Messages
  - TTL Rewriting
  - Blocking Unwanted Hosts
  - Filtering Illegal Addresses
  - Local Packet Filtering
- Firewall Management: Dealing with Dynamic IP Addresses
  - DHCPCD
  - Blocking and Unblocking Hosts
  - Using GUI Management Tools
Basic System Security Measures
- Password Protection
  - The /etc/passwd file
  - Shadowed Passwords
  - Password Protection Algorithms
  - Login Control with /etc/login.defs
  - Password Strategies
  - Enforcing Strong Passwords
- User Control and PAM
  - PAM Configuration
  - Password Control
  - Limiting Resources
  - The Non-PAM Way
  - Controlling su Access
  - Creating a Chroot Environment
  - Other PAM Modules
- Services
  - Common Services
  - Starting and Stopping Services
- Tightening User Permissions
  - World Writable Files
  - SUID and SGID Files
  - Partitions and Mount Options
  - Ext2 Attribute
- Delegating Root Access
  - /etc/sudoers
  - SUDO Security
- Physical Security
  - Removing the CD-ROM and Floppy Drive
  - Case Locks
  - location
  - Keyloggers
  - The BIOS
Desktop Security
- Viruses and Worms
  - Clam
  - General Antivirus Precautions
- Safe Web Browsing
  - Scripting
  - Cookies
  - Authentication
  - Digital Certificates
- E-Mail
  - Client-Side Mail Filtering
  - E-Mail Integrity
- X Windows
  - Host Base Authentication
  - Token Authentication
System Hardening
- Choosing a Distribution
  - General Distributions
  - Specialized Distributions
- chroot Environments
  - Jail Construction
  - Escaping from chroot Jails
- Stripping Down Linux
  - Unnecessary Binaries
  - Compilers and Interpreters
  - Other Tools
  - Placing System Utilities on CD-ROM
  - Choosing Applications During Installation
  - Post Installation Package Management
- Memory Protection
  - StackGuard (TM)
  - MemGuard
  - Stack-Smashing Protector
  - Bounds Checking
  - CRED
  - Libsafe
  - PaX
  - Nonexecutable Memory (NOEXEC)
  - Address Space Layout Randomization (ASLR)
  - Buffer Overflow Detection
  - Conclusion
- Policing System Call with Systrace
  - Installation
  - Componenets of a Policy File
  - Policy File Creation
  - Automatic Policy Generation
  - Policy Enforcement
  - Interactive Policy Enforcement
  - Third-Party Policy Files
Access Control
- Introduction to Access Control
  - Discretionary Access Control (DAC)
  - Mandatory Access Control (MAC)
  - Domain Type Enforcement (DTE)
  - Linux Security Modules (LSM)
- Role-Based Access Control with Grsecurity
  - Installation
  - A Note on Group Memberships
  - Security Level
  - Address Space Protection
  - RBAC Options
  - Filesystem Protection
  - Kernel Auditing
  - Executable Protections
  - Network Protections
  - Logging Options
  - Access Control
  - ACL Structure
  - Implementing Grsecurity
- LIDS: Linux Intrustion Detection Systems (LIDS)
  - Installation
  - Lids Administration
  - Sealing the Kernel
  - LIDS-Free Sessions
  - File ACLs and Capabilities ACLs
  - Implementing LIDS
- Other Access Control Projects
  - SELinux
  - Rule-Set Based Access Control (RSBAC)
  - DTE
  - Comparing Techniques
Securing Services
- Web Services and Apache
  - Configuration
  - Version Hiding
  - Resource Limiting
  - Access Control
  - Web Scripting
  - Secure Perl-CGI Programming
  - CGIWrap
  - PHP
  - Chrooting Apache
- SSH
  - Configuration
  - Hiding the SSH Server Version
  - Connection Tunneling
- NFS and NIS
  - NFS
- DNS and BIND
  - General Precautions
  - DNS Security Extensions (DNSSEC)
  - Split Functionality Nameservers
- E-Mail
  - Sendmail
  - Qmail
  - POP3 and IMAP
  - Stunnel
- FTP
  - WU-FTP
  - VSFTPD
  - TLS (SSL) Support
Keeping Secure
- Staying Up to Date
  - Application Mailing Lists
  - Security Mailing Lists
  - Up2Date
  - Patch Management with Ximian Red Carpet
- Logging and Log Analysis
  - Protecting /var/log
  - Syslog
  - /var/log/wtmp
  - BSD Process Accounting
  - Log Analysis with Lire
- System Integrity
  - Tripwire
  - Post-Install Configuration
  - Using Tripwire
  - Some Closing Thoughts
  - Chkrootkit
- Intrusion Detection
  - Snort
- Recovering from a Compromise
  - Discovering a Security Breach
  - Analyzing the System
  - Seeking Justice

Linux Network Security Appendices

Recompiling the Linux Kernel
- Obtaining the Kernel Source Code
- Configuring the Kernel
- Compiling the Kernel
- Installing the Kernel
  - LIO
  - GRUB
Kernel Configuration Options for Networking
- Network Support -> Networking Options
- Networking Support -> Networking Options -> TCP/IP Networking
- Networking Support -> Networking Options -> Network Packet Filtering -> IP:Netfilter Configuration
- Networking Support -> Networking Options -> Network Packet Filtering -> IP:Netfilter Configuration -> Connection Tracking
- Networking Support -> Networking Options -> Network Packet Filtering -> IP:Netfilter Configuration -> iptables Support
- Networking Support -> Networking Options -> Network Packet Filtering -> IP:Netfilter Configuration -> ARP Tables Support
NAT Firewall Script
Complete Firewall Script
Cryptography
- Cryptography Basics
- Attacks Against Cryptography
- Popular Encryption Algorithms
  - DES
  - Double DES and 3DES
  - AES
  - RC2
  - RC4
  - RC5
  - RC6
  - RSA
  - Blowfish
  - IDEA
- Hash Algorithms
  - MD2
  - MD4
  - MD5
  - SHA
- Public Key Cryptography (PKC)
  - Digital Signatures
- PGP, PGPI, OPENPGP and GNUPG
  - Security