Linux Firewalls - Michael Rash [7]
Finally, this book concentrates on network attacks—detecting them and responding to them. As such, this book generally does not discuss host-level security issues such as the need to harden the system running iptables by removing compilers, severely curtailing user accounts, applying the latest security patches, and so on. The Bastille Linux project (see http://www.bastille-linux.org) provides excellent information on host security issues, however. For the truly hard-core, the NSA SELinux distribution (see http://www.nsa.gov/selinux) is a stunning effort to increase system security starting with the component that counts the most—the kernel itself.
Technical References
The following titles are some excellent supporting references for the more technical aspects of this book:
Building Internet Firewalls, 2nd Edition; Elizabeth D. Zwicky, Simon Cooper, and D. Brent Chapman (O'Reilly, 2000)
Computer Networks, 4th Edition; Andrew S. Tannenbaum (Prentice Hall PTR, 2002)
Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition; William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin (Addison-Wesley Professional, 2003)
Linux System Security, 2nd Edition; Scott Mann and Ellen L. Mitchell (Pearson Education, 2002)
Programming Perl, 3rd Edition; Larry Wall, Tom Christiansen, and Jon Orwant (O'Reilly, 2000)
The Tao of Network Security Monitoring: Beyond Intrusion Detection; Richard Bejtlich (Addison-Wesley Professional, 2004)
The TCP/IP Guide; Charles M. Kozierok (No Starch Press, 2005)
TCP/IP Illustrated, Volume 1: The Protocols; W. Richard Stevens (Addison-Wesley, 1994)
About the Website
Contained within this book are several example scripts, iptables policies and commands, and instances of network attacks and associated packet captures. All of these materials can also be downloaded from the book's companion website, which is available at http://www.cipherdyne.org/linuxfirewalls. Having an electronic copy is the best way to tinker and experiment with the concepts and code yourself. Also available on the website are examples of the psad, fwsnort, and fwknop projects in action, along with documentation and the Trac interface (http://trac.edgewall.com), which enables you to view the source code for each project. The source code for each project is carefully archived within a Subversion repository (http://subversion.tigris.org) so that it is easy to visualize how the code changes from one version to the next. Finally, some interesting graphical representations of iptables log data can also be found on the website.
If you have questions while going through this book, you may also find answers on the book's website. Please don't hesitate to ask me any questions you may have regarding any of the material covered. You can reach me via email at mbr@cipherdyne.org.
Chapter Summaries
As you make your way through Linux Firewalls, you'll cover a lot of ground. This section gives you a brief overview of each chapter so you'll know what to expect.
Chapter 1
This chapter provides an introduction to packet filtering with iptables, including kernel build specifics and iptables administration. A default policy and network diagram is provided in this chapter and is referenced throughout the book. The Linux machine that runs the default policy functions as the firewall for a local area network (LAN), and attacks against this system are illustrated in later chapters.
Chapter 2
This chapter shows the types of attacks that exist in the network layer and what you can do about them. I'll introduce you to the iptables logging format and emphasize the network layer information that you can glean from iptables logs.
Chapter 3
The transport layer is the realm of server reconnaissance with port scans and sweeps, and this chapter examines