Kyle Rankin

Linux Hardening in Hostile Networks

Server Security from TLS to Tor. Empfohlen von 18 bis 67 Jahre. 1. Auflage. Electronic book text. Sprachen: Englisch

eBook (pdf), 272 Seiten

EAN 9780134173313

Veröffentlicht Juli 2017

Verlag/Hersteller Pearson ITP

Leseprobe öffnen

Leseprobe herunterladen

Auch erhältlich als:

Buch (Softcover)

€ 38,00

€ 36,99 inkl. MwSt.

Artikel erhalten

Sofort Lieferbar (Download)

Auf die Wunschliste

Beschreibung

Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker's toolkit, you can't rely on outdated security methods-especially if you're responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn't protect against, and whether it would be useful in your environment.

- Apply core security techniques including 2FA and strong passwords - Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods - Use the security-focused Tails distribution as a quick path to a hardened workstation - Compartmentalize workstation tasks into VMs with varying levels of trust - Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions - Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can't be used - Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream - Set up standalone Tor services and hidden Tor services and relays - Secure Apache and Nginx web servers, and take full advantage of HTTPS - Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls - Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC - Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC - Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage - Respond to a compromised server, collect evidence, and prevent future attacks

Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.

Portrait

Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks, and Ubuntu Hacks; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, O'Reilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users' Groups. In his free time Kyle does much of what he does at work-plays with Linux and computers in general. He's also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.

Inhaltsverzeichnis

Foreword xiii Preface xv Acknowledgments xxiii About the Author xxv Chapter 1: Overall Security Concepts 1 Section 1: Security Fundamentals 1 Section 2: Security Practices Against a Knowledgeable Attacker 10 Section 3: Security Practices Against an Advanced Attacker 20 Summary 24 Chapter 2: Workstation Security 25 Section 1: Security Fundamentals 25 Section 2: Additional Workstation Hardening 33 Section 3: Qubes 37 Summary 52 Chapter 3: Server Security 53 Section 1: Server Security Fundamentals 53 Section 2: Intermediate Server-Hardening Techniques 58 Section 3: Advanced Server-Hardening Techniques 68 Summary 74 Chapter 4: Network 75 Section 1: Essential Network Hardening 76 Section 2: Encrypted Networks 87 Section 3: Anonymous Networks 100 Summary 107 Chapter 5: Web Servers 109 Section 1: Web Server Security Fundamentals 109 Section 2: HTTPS 113 Section 3: Advanced HTTPS Configuration 118 Summary 131 Chapter 6: Email 133 Section 1: Essential Email Hardening 133 Section 2: Authentication and Encryption 137 Section 3: Advanced Hardening 141 Summary 156 Chapter 7: DNS 157 Section 1: DNS Security Fundamentals 158 Section 2: DNS Amplification Attacks and Rate Limiting 161 Section 3: DNSSEC 166 Summary 175 Chapter 8: Database 177 Section 1: Database Security Fundamentals 177 Section 2: Database Hardening 185 Section 3: Database Encryption 191 Summary 195 Chapter 9: Incident Response 197 Section 1: Incident Response Fundamentals 197 Section 2: Secure Disk Imaging Techniques 200 Section 3: Walk Through a Sample Investigation 209 Summary 214 Appendix A: Tor 215 What Is Tor? 215 How Tor Works 216 Security Risks 219 Appendix B: SSL/TLS 221 What Is TLS? 221 How TLS Works 222 TLS Troubleshooting Commands 224 Security Risks 224 Index 229

Technik

Sie können dieses eBook zum Beispiel mit den folgenden Geräten lesen:

• tolino Reader

Laden Sie das eBook direkt über den Reader-Shop auf dem tolino herunter oder übertragen Sie das eBook auf Ihren tolino mit einer kostenlosen Software wie beispielsweise Adobe Digital Editions.

• Sony Reader & andere eBook Reader

Laden Sie das eBook direkt über den Reader-Shop herunter oder übertragen Sie das eBook mit der kostenlosen Software Sony READER FOR PC/Mac oder Adobe Digital Editions auf ein Standard-Lesegeräte.

• Tablets & Smartphones

Möchten Sie dieses eBook auf Ihrem Smartphone oder Tablet lesen, finden Sie hier unsere kostenlose Lese-App für iPhone/iPad und Android Smartphone/Tablets.

• PC & Mac

Lesen Sie das eBook direkt nach dem Herunterladen mit einer kostenlosen Lesesoftware, beispielsweise Adobe Digital Editions, Sony READER FOR PC/Mac oder direkt über Ihre eBook-Bibliothek in Ihrem Konto unter „Meine eBooks“ - „Sofort online lesen über Meine Bibliothek“.

Bitte beachten Sie, dass die Kindle-Geräte das Format nicht unterstützen und dieses eBook somit nicht auf Kindle-Geräten lesbar ist.