View Larger Image	Michael Rash No Starch, Paperback, Published September 2007, 336 pages, ISBN 1593271417
	List Price: $49.95 Our Price: $40.50 You Save: $9.45 (19% Off)
	Availability: Out-Of-Stock

Write a Review and tell the world about this title!

People who purchase this book frequently purchase:

• Ubuntu Linux Toolbox: 1000+ Commands for Ubuntu and Debian Power Users; Christopher Negus, et al, $15.95, 36% Off!
• Learning Python, 3rd Edition (Stock Expected September 5th); Mark Lutz, $25.50, 36% Off!
• Linux Networking Cookbook; Carla Schroder, $27.95, 38% Off!
• Security Power Tools; Bryan Burns, et al, $37.50, 37% Off!

• Operating Systems : Linux
• Other Topics : Open Source
• Enterprise Computing : Security
• Networking/Communications : Networking

• No Starch

"Between 2000 and mid-2007, I've read and reviewed nearly 250 technical books. I've also written several books, so I believe I can recognize a great book when I see it. Linux Firewalls is a great book."
—Richard Bejtlich, TaoSecurity.com, from the foreword to Linux Firewalls

System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection systems (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.

Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.

Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of these topics:

• Passive network authentication and OS fingerprinting
• iptables log analysis and policies
• Application layer attack detection with the iptables string match extension
• Building an iptables ruleset that emulates a Snort ruleset
• Port knocking vs. Single Packet Authorization (SPA)
• Tools for visualizing iptables logs

Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls. If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables—along with psad and fwsnort—to detect and even prevent compromises.

Visit the book's companion site (www.cipherdyne.org/LinuxFirewalls) for supporting files, downloads, errata, and more.

Table of Contents

Foreword by Richard Bejtlich
Introduction
Chapter 1: Care and Feeding of iptables
Chapter 2: Network Layer Attacks and Defense
Chapter 3: Transport Layer Attacks and Defense
Chapter 4: Application Layer Attacks and Defense
Chapter 5: Introducing psad: The Port Scan Attack Detector
Chapter 6: psad Operations: Detecting Suspicious Traffic
Chapter 7: Advanced psad Topics: From Signature Matching to OS Fingerprinting
Chapter 8: Active Response with psad
Chapter 9: Translating Snort Rules into iptables Rules
Chapter 10: Deploying Fwsnort
Chapter 11: Combining psad and Fwsnort
Chapter 12: Port-Knocking vs. Single Packet Authorization
Chapter 13: Introducing fwknop
Chapter 14: Visualizing iptables Logs
Appendix A: Attack Spoofing
Appendix B: A Complete fwsnort Script

About the Author

Michael Rash is a security architect with Enterasys Networks, Inc., where he develops the Dragon intrusion and prevention system. He is a frequent contributor to open source projects and the creator of psad, fwknop, and fwsnort. Rash is an expert on firewalls, intrusion detection systems, passive OS fingerprinting, and the Snort rules language. He is co-author of Snort 2.1 Intrusion Detection (Syngress, 2004) and author of Intrusion Prevention and Active Response (Syngress, 2005), and he has written security articles for Linux Journal, Sys Admin magazine, and ;login:.

Nov 21, 2007     Drew from Austin, TX
Excellent for any Sysadmin or Network Admin
This is a great book for any administrator who has servers or hosts available to the internet or outside world beyond their own network who don't have expensive hardware firewalls in place to handle traffic, routing, etc.

With the book covering from the basics of knowing iptables and the types of detections, it goes into more depth of network layer attacks, transport layer and application layer attacks. All of these cover great details and how to defend against such attacks.

From this point on, it starts to cover psad, it's features, what can be done with psad deployed in your network and how to set it up to notify and auto respond to potential attacks, basically creating iptable rules to block suspicious traffic that is hitting your server or hosts.

It goes on to cover deploying fwsnort, for further detection and protection.

All around this is a great book and before I can say I obtained this book, we were already deploying psad in our own environment. Having a handy reference now makes things easier with setups and configurations explained in simpler terms without having to refer to online documentation or man pages. Everyone likes examples.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account