Używamy cookies, aby ułatwić korzystanie z Portalu. Możesz określić warunki przechowywania, dostępu do plików cookies w Twojej przeglądarce. Dowiedz się więcej.
strona główna Strona główna | Nowości | Promocje | Zapowiedzi Twoje konto | Zarejestruj | Schowek | Kontakt | Pomoc
mapa działów
Szukaj: szukanie zaawansowane
Książki \ Linux

Linux Hardening in Hostile Networks: Server Security from TLS to Tor Język: 2


Cena Brutto: 159.60

Cena netto: 152.00

Wersja: Drukowana
Autor Kyle Rankin
Liczba_stron 272
Wydawnictwo Addison-Wesley Professional
Data_Wydania 2017-09-05


Hardening in Hostile Networks: Server Security from TLS to Tor

In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.

Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.

Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.

  • Apply core security techniques including 2FA and strong passwords
  • Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
  • Use the security-focused Tails distribution as a quick path to a hardened workstation
  • Compartmentalize workstation tasks into VMs with varying levels of trust
  • Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
  • Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
  • Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
  • Set up standalone Tor services and hidden Tor services and relays
  • Secure Apache and Nginx web servers, and take full advantage of HTTPS
  • Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
  • Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
  • Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
  • Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
  • Respond to a compromised server, collect evidence, and prevent future attacks

Table of Contents

Foreword xiii

Preface xv

Acknowledgments xxiii

About the Author xxv

Chapter 1: Overall Security Concepts 1

Section 1: Security Fundamentals 1

Section 2: Security Practices Against a Knowledgeable Attacker 10

Section 3: Security Practices Against an Advanced Attacker 20

Summary 24

Chapter 2: Workstation Security 25

Section 1: Security Fundamentals 25

Section 2: Additional Workstation Hardening 33

Section 3: Qubes 37

Summary 52

Chapter 3: Server Security 53

Section 1: Server Security Fundamentals 53

Section 2: Intermediate Server-Hardening Techniques 58

Section 3: Advanced Server-Hardening Techniques 68

Summary 74

Chapter 4: Network 75

Section 1: Essential Network Hardening 76

Section 2: Encrypted Networks 87

Section 3: Anonymous Networks 100

Summary 107

Chapter 5: Web Servers 109

Section 1: Web Server Security Fundamentals 109

Section 2: HTTPS 113

Section 3: Advanced HTTPS Configuration 118

Summary 131

Chapter 6: Email 133

Section 1: Essential Email Hardening 133

Section 2: Authentication and Encryption 137

Section 3: Advanced Hardening 141

Summary 156

Chapter 7: DNS 157

Section 1: DNS Security Fundamentals 158

Section 2: DNS Amplification Attacks and Rate Limiting 161

Section 3: DNSSEC 166

Summary 175

Chapter 8: Database 177

Section 1: Database Security Fundamentals 177

Section 2: Database Hardening 185

Section 3: Database Encryption 191

Summary 195

Chapter 9: Incident Response 197

Section 1: Incident Response Fundamentals 197

Section 2: Secure Disk Imaging Techniques 200

Section 3: Walk Through a Sample Investigation 209

Summary 214

Appendix A: Tor 215

What Is Tor? 215

How Tor Works 216

Security Risks 219

Appendix B: SSL/TLS 221

What Is TLS? 221

How TLS Works 222

TLS Troubleshooting Commands 224

Security Risks 224

Index 229

Produkty Podobne
Unix i Linux. Przewodnik administratora systemów. Wydanie V
Hartowanie Linuksa we wrogich środowiskach sieciowych. Ochrona serwera od TLS po Tor
Kali Linux. Testy penetracyjne i bezpieczeństwo sieci dla zaawansowanych. Wydanie II
Skrypty powłoki systemu Linux. Receptury. Wydanie III
Linux. Profesjonalne administrowanie systemem. Wydanie II
Practical Guide to Linux Commands, Editors, and Shell Programming, A, 4th Edition
Linux Hardening in Hostile Networks: Server Security from TLS to Tor
Genialne skrypty powłoki. Ponad 100 rozwiązań dla systemów Linux, macOS i Unix
Linux. Leksykon kieszonkowy. Wydanie III
Kali Linux. Testy penetracyjne. Wydanie II
Więcej produktów