Building Secure Servers with Linux

Front Cover
"O'Reilly Media, Inc.", 2002 - Computers - 430 pages
2 Reviews

Linux consistently turns up high in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services like DNS and routing mail. But security is uppermost on the mind of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well.

As the cost of broadband and other high-speed Internet connectivity has gone down, and its availability has increased, more Linux users are providing or considering providing Internet services such as HTTP, Anonymous FTP, etc., to the world at large. At the same time, some important, powerful, and popular Open Source tools have emerged and rapidly matured--some of which rival expensive commercial equivalents--making Linux a particularly appropriate platform for providing secure Internet services.

Building Secure Servers with Linux will help you master the principles of reliable system and network security by combining practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the larger Internet--and shows readers how to harden their hosts against attacks. Author Mick Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. The book does not cover firewalls, but covers the more common situation where an organization protects its hub using other systems as firewalls, often proprietary firewalls.

The book includes:

  • Precise directions for securing common services, including the Web, mail, DNS, and file transfer.
  • Ancillary tasks, such as hardening Linux, using SSH and certificates for tunneling, and using iptables for firewalling.
  • Basic installation of intrusion detection tools.
Writing for Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Building Secure Servers with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages. An all-inclusive resource for Linux users who wish to harden their systems, the book covers general security as well as key services such as DNS, the Apache Web server, mail, file transfer, and secure shell. With this book in hand, you'll have everything you need to ensure robust security of your Linux system.
 

What people are saying - Write a review

LibraryThing Review

User Review  - bluetyson - LibraryThing

Bought to help while away a long plane flight, this book was somewhat useful as a introduction to linux security, and where to start when looking at exposing servers to the evil outside world ... Read full review

Contents

Threat Modeling and Risk Management
1
Components of Risk
2
ALEs
11
Attack Trees
15
Defenses
18
Conclusion
19
Designing Perimeter Networks
20
Some Terminology
21
Securing Your MTA
203
Sendmail
204
Postfix
231
Resources
239
Securing Web Services
241
Installing Apache
243
Configuring Apache
249
Securing CGI Scripts
257

Types of Firewall and DMZ Architectures
23
Deciding What Should Reside on the DMZ
27
Allocating Resources in the DMZ
29
Hardening Linux
40
OS Hardening Principles
41
Automated Hardening with Bastille Linux
97
Secure Remote Administration
102
Secure Shell Background and Basic Use
103
Intermediate and Advanced SSH
114
Other Handy Tools
128
Tunneling
132
Securing Domain Name Services DNS
154
DNS Security Principles
156
Selecting a DNS Software Package
157
Securing BIND
159
djbdns
180
Resources
196
Securing Internet Email
198
Using SMTP Commands to Troubleshoot and Test SMTP Servers
202
Special Topics
273
Other Servers and Web Security
285
Securing File Services
287
Other FileSharing Methods
309
Resources
321
System Log Management and Monitoring
323
Syslogng
333
Testing System Logging with logger
348
Managing SystemLog Files
349
Using Swatch for Automated Log Monitoring
353
Resources
361
Simple Intrusion Detection Techniques
362
Using Tripwire
366
Other Integrity Checkers
381
Snort
383
Resources
396
Two Complete Iptables Startup Scripts
399
Index
411
Copyright

Other editions - View all

Common terms and phrases

References to this book

Running Linux
Matt Welsh
Limited preview - 2003
Running Linux
Matt Welsh
Limited preview - 2003

About the author (2002)

Bauer is a network and Unix systems security consultant for Upstream Solutions, Inc. in Minneapolis, MN.

Bibliographic information