Linux Hardening in Hostile Networks: Server Security from TLS to Tor
©2018 |Addison-Wesley Professional | Available
Kyle Rankin
©2018 |Addison-Wesley Professional | Available
Introducing Pearson+ 1500+ eTexts and study tools, all in one place. Subscriptions starting at $9.99/month.
K-12 educators: This link is for individuals purchasing with credit cards or PayPal only. Contact your Savvas Learning Company Account General Manager for purchase options.
Rankin begins with a user-oriented guide to safeguarding your own personal data with PGP, Off-the-Record Messaging (OTR), Tor, and the Tails "amnesic incognito" live Linux distribution. Next, he guides you through setting up secured versions of the services you manage every day, including web, email, and database servers that communicate over TLS; locked-down DNS servers with DNSSEC; Tor servers, and hidden services.
Each category of solution is presented in its own chapter, with techniques organized based on difficulty level, time commitment, and overall threat. In each case, Rankin begins with techniques any system administrator can quickly implement to protect against entry-level hackers. Next, he moves on to intermediate and advanced techniques intended to safeguard against sophisticated and knowledgeable attackers. An accompanying CDROM contains a full, pre-configured copy of the Tails live Linux distribution, making it simple for any sysadmin to bootstrap a highly-secure, privacy-protecting environment in minutes.
This product is part of the following series. Click on a series title to see the full list of products in the series.
Foreword xiii
Preface xv
Acknowledgments xxiii
About the Author xxv
Chapter 1: Overall Security Concepts 1
Section 1: Security Fundamentals 1
Section 2: Security Practices Against a Knowledgeable Attacker 10
Section 3: Security Practices Against an Advanced Attacker 20
Summary 24
Chapter 2: Workstation Security 25
Section 1: Security Fundamentals 25
Section 2: Additional Workstation Hardening 33
Section 3: Qubes 37
Summary 52
Chapter 3: Server Security 53
Section 1: Server Security Fundamentals 53
Section 2: Intermediate Server-Hardening Techniques 58
Section 3: Advanced Server-Hardening Techniques 68
Summary 74
Chapter 4: Network 75
Section 1: Essential Network Hardening 76
Section 2: Encrypted Networks 87
Section 3: Anonymous Networks 100
Summary 107
Chapter 5: Web Servers 109
Section 1: Web Server Security Fundamentals 109
Section 2: HTTPS 113
Section 3: Advanced HTTPS Configuration 118
Summary 131
Chapter 6: Email 133
Section 1: Essential Email Hardening 133
Section 2: Authentication and Encryption 137
Section 3: Advanced Hardening 141
Summary 156
Chapter 7: DNS 157
Section 1: DNS Security Fundamentals 158
Section 2: DNS Amplification Attacks and Rate Limiting 161
Section 3: DNSSEC 166
Summary 175
Chapter 8: Database 177
Section 1: Database Security Fundamentals 177
Section 2: Database Hardening 185
Section 3: Database Encryption 191
Summary 195
Chapter 9: Incident Response 197
Section 1: Incident Response Fundamentals 197
Section 2: Secure Disk Imaging Techniques 200
Section 3: Walk Through a Sample Investigation 209
Summary 214
Appendix A: Tor 215
What Is Tor? 215
How Tor Works 216
Security Risks 219
Appendix B: SSL/TLS 221
What Is TLS? 221
How TLS Works 222
TLS Troubleshooting Commands 224
Security Risks 224
Index 229
Pearson offers affordable and accessible purchase options to meet the needs of your students. Connect with us to learn more.
K12 Educators: Contact your Savvas Learning Company Account General Manager for purchase options. Instant Access ISBNs are for individuals purchasing with credit cards or PayPal.
Savvas Learning Company is a trademark of Savvas Learning Company LLC.
Rankin
©2018  | Addison-Wesley Professional  | 272 pp
Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting , The Official Ubuntu Server Book , Knoppix Hacks , Knoppix Pocket Reference , Linux Multimedia Hacks , and Ubuntu Hacks ; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, O’Reilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users’ Groups. In his free time Kyle does much of what he does at work—plays with Linux and computers in general. He’s also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.
We're sorry! We don't recognize your username or password. Please try again.
The work is protected by local and international copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning.
You have successfully signed out and will be required to sign back in should you need to download more resources.