Linux Server Security,9780596006709

Linux Server Security

by
Edition: 2nd
ISBN13: 9780596006709
ISBN10: 0596006705
Format: Paperback
Pub. Date: 2005-02-28
Publisher(s): Oreilly & Associates Inc
  • Free Shipping Icon

    This Item Qualifies for Free Shipping!*

    *Excludes marketplace orders.

List Price: $47.20

Buy New

Arriving Soon. Will ship when available.
$44.95
Add to Cart

Buy Used

Arriving Soon. Will ship when available.
$33.71
Add to Cart

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Rent Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$43.19
$43.19
Add to Cart
Buy from our Marketplace starting at $5.60

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

Is Linux inherently more secure than other server software? Most Linux system administrators think so. More than 75% of them have never experienced an unwanted intrusion, and 94% have operated virus-free. But now that Linux is moving into the mainstream, that story might change. That's why this concise but comprehensive guide to providing the best possible security for Linux servers is so timely. Packed with examples and contextual background to help administrators, developers and other Linux users understand the complex issues involved, Linux Server Security covers both background theory and practical step-by-step instructions for hardening a server that runs Linux, including firewalling, DNS, mail, Apache, remote administration and other common services. This new edition also has coverage of LDAP, MySQL, POstgreSQL, and Mail Delivery Agents. For those with servers running Linux, this is an essential title.

Author Biography

Michael D. (Mick) Bauer, CISSP, is Network Security Architect for a large financial services provider. He is also Security Editor for Linux Journal Magazine, and author of its monthly "Paranoid Penguin" security column. Mick's areas of expertise include Linux security and general Unix security, network (TCP/IP) security, security assessment, and the development of security policies and awareness programs.

Table of Contents

Preface ix
1. Threat Modeling and Risk Management
1(20)
Components of Risk
2(9)
Simple Risk Analysis: ALEs
11(4)
An Alternative: Attack Trees
15(3)
Defenses
18(2)
Conclusion
20(1)
Resources
20(1)
2. Designing Perimeter Networks
21(22)
Some Terminology
22(2)
Types of Firewall and DMZ Architectures
24(5)
Deciding What Should Reside on the DMZ
29(1)
Allocating Resources in the DMZ
30(2)
The Firewall
32(11)
3. Hardening Linux and Using iptables
43(74)
OS Hardening Principles
44(67)
Automated Hardening with Bastille Linux
111(6)
4. Secure Remote Administration
117(26)
Why It's Time to Retire Cleartext Admin Tools
117(1)
Secure Shell Background and Basic Use
118(10)
Intermediate and Advanced SSH
128(15)
5. OpenSSL and Stunnel
143(25)
Stunnel and OpenSSL: Concepts
143(25)
6. Securing Domain Name Services (DNS)
168(47)
DNS Basics
168(2)
DNS Security Principles
170(2)
Selecting a DNS Software Package
172(1)
Securing BIND
173(21)
djbdns
194(18)
Resources
212(3)
7. Using LDAP for Authentication
215(22)
LDAP Basics
215(5)
Setting Up the Server
220(9)
LDAP Database Management
229(6)
Conclusions
235(1)
Resources
235(2)
8. Database Security
237(14)
Types of Security Problems
238(1)
Server Location
238(3)
Server Installation
241(5)
Database Operation
246(4)
Resources
250(1)
9. Securing Internet Email
251(63)
Background: MTA and SMTP Security
252(3)
Using SMTP Commands to Troubleshoot and Test SMTP Servers
255(2)
Securing Your MTA
257(1)
Sendmail
257(28)
Postfix
285(8)
Mail Delivery Agents
293(15)
A Brief Introduction to Email Encryption
308(3)
Resources
311(3)
10. Securing Web Servers 314(47)
Web Security
314(2)
The Web Server
316(11)
Web Content
327(10)
Web Applications
337(22)
Layers of Defense
359(1)
Resources
359(2)
11. Securing File Services 361(45)
FTP Security
361(31)
Other File-Sharing Methods
392(13)
Resources
405(1)
12. System Log Management and Monitoring 406(44)
syslog
406(11)
Syslog-ng
417(18)
Testing System Logging with logger
435(1)
Managing System Logfiles with logrotate
436(3)
Using Swatch for Automated Log Monitoring
439(9)
Some Simple Log-Reporting Tools
448(1)
Resources
449(1)
13. Simple Intrusion Detection Techniques 450(36)
Principles of Intrusion Detection Systems
451(3)
Using Tripwire
454(15)
Other Integrity Checkers
469(3)
Snort
472(14)
Resources 486(3)
Appendix: Two Complete iptables Startup Scripts 489(12)
Index 501

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.