by Michael Rash
October 2007, 336 pp.
System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection systems (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.
Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.
Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of these topics:
Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls. If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables—along with psad and fwsnort—to detect and even prevent compromises.
Visit the book's companion site for supporting files, downloads, errata, and more.
About the Author
Michael Rash is a Security Architect on the Dragon Intrusion Detection System with Enterasys Networks, Inc., and is a frequent contributor to open source projects. As the creator of psad, fwknop, and fwsnort, Rash is an expert on firewalls, IDSs, OS fingerprinting, and the Snort rules language. He is co-author of the book Snort 2.1 Intrusion Detection, lead-author and technical editor of the book Intrusion Prevention and Active Response, and has written security articles for Linux Journal, SysAdmin, and ;login:.
Table of Contents
Foreword by Richard Bejtlich
Chapter 1: Care and Feeding of iptables
Appendix A: Attack Spoofing
View the detailed Table of Contents (PDF).
View the Index (PDF).(top)
"If you're building a Linux firewall and want to know what all the bells and whistles are, when you might want to set them off, and how to hook them together, here you go."
"This admirable, eminently usable text goes much further than advertised."
"If you run one or more Linux based firewalls, this book will not only help you to configure them securely, it will help you understand how they can be monitored to discover evidence of probes, abuse and denial of service attacks. Readers of this book will gain an understanding of firewall log analysis and how the netfilter firewall can be dramatically enhanced with several open source tools."
"The book is easy to read, and chock full of attack vectors and subtle (and not so subtle) iptables configuration tips. This well researched book heightens an average system administrator's awareness to the vulnerabilities in his or her infrastructure, and the potential to find hardening solutions."
"Right from the start, the book presented valuable information and pulled me in. Each of the central topics were thoroughly explained in an informative, yet engaging manner. Essentially, I did not want to stop reading. Rating: 9/10"
"One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. I've read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience."
"What really makes this book different from the others I've seen over the years is that the author approaches the subject in a layered method while exposing potential vulnerabilities at each step. (Thank you so VERY much.) So for those that are new to the security game, the book also takes a stab at teaching the basics of network security while teaching you the tools to build a modern firewall."
"Linux Firewalls is a great resource. It provided insight and helpful information into additional tools to get the most out of iptables and to add in additional functionality."
"If you or anyone you know is responsible for keeping a secure network, Linux Firewalls is an invaluable resource to have by your side. You will gain a better understanding of attacks, how to use iptables, PSAD, and fwsnort - all in an effort to properly defend and respond to attempted compromises."
"Michael does a great job of explaining not just how iptables works, but he shows how users gain operational value from using open source tools and techniques, such as visualization, to analyze firewall logs."