| |
| |
Introduction | |
| |
| |
This Book's Organization | |
| |
| |
How This Book Is Cross-Referenced | |
| |
| |
amadmin | |
| |
| |
Using This Book | |
| |
| |
Odds and Ends | |
| |
| |
Summary | |
| |
| |
| |
Linux Security Basics | |
| |
| |
| |
Introducing Linux | |
| |
| |
What Is Linux? | |
| |
| |
Linux as a Standalone System | |
| |
| |
Linux as an Intranet/Internet Server | |
| |
| |
A Linux Security Overview | |
| |
| |
Summary | |
| |
| |
| |
Physical Security | |
| |
| |
Server Location and Physical Access | |
| |
| |
Network Topology | |
| |
| |
Network Hardware | |
| |
| |
Workstations and Security | |
| |
| |
Summary | |
| |
| |
| |
Installation Issues | |
| |
| |
About Various Linux Distributions, Security, and Installation | |
| |
| |
Partitions and Security | |
| |
| |
Choosing Network Services During Installation | |
| |
| |
Boot Loaders | |
| |
| |
Summary | |
| |
| |
| |
Basic Linux System Administration | |
| |
| |
The Basic Idea | |
| |
| |
Creating and Managing Accounts | |
| |
| |
Performing Administrative Tasks with su | |
| |
| |
Access Control | |
| |
| |
Permissions and Ownership | |
| |
| |
A Closer Look at Groups | |
| |
| |
Bringing Down Your System | |
| |
| |
Summary | |
| |
| |
| |
Linux User Security | |
| |
| |
| |
Password Attacks | |
| |
| |
What Is a Password Attack? | |
| |
| |
How Linux Generates and Stores Passwords | |
| |
| |
The Data Encryption Standard (DES) | |
| |
| |
Case Study: Cracking Linux Passwords Via Dictionary Attack | |
| |
| |
Password Shadowing and the shadow Suite | |
| |
| |
After Installing the shadow Suite | |
| |
| |
Other Password Security Issues | |
| |
| |
Pluggable Authentication Modules | |
| |
| |
Still Other Password Security Solutions | |
| |
| |
Summary | |
| |
| |
| |
Malicious Code | |
| |
| |
What Is Malicious Code? | |
| |
| |
Detecting Malicious Code | |
| |
| |
Other File Integrity Checking Software | |
| |
| |
Summary | |
| |
| |
| |
Linux Network Security | |
| |
| |
| |
Sniffers and Electronic Eavesdropping | |
| |
| |
How Sniffers Work | |
| |
| |
Case Studies: Performing a Few Simple Sniffer Attacks | |
| |
| |
Other Sniffers and Network Monitoring Tools | |
| |
| |
Risks Posed by Sniffers | |
| |
| |
Defending Against Sniffer Attacks | |
| |
| |
Further Reading | |
| |
| |
Summary | |
| |
| |
| |
Scanners | |
| |
| |
What Is a Scanner? | |
| |
| |
Scanner Building Blocks and Scanner Evolution | |
| |
| |
How Scanners Fit into Your Security Regimen | |
| |
| |
Various Scanner Tools | |
| |
| |
Defending Against Scanner Attacks | |
| |
| |
Interesting Resources | |
| |
| |
Summary | |
| |
| |
| |
Spoofing | |
| |
| |
What Is Spoofing All About? | |
| |
| |
TCP and IP Spoofing | |
| |
| |
Case Study: A Simple Spoofing Attack | |
| |
| |
Preventing IP Spoofing Attacks | |
| |
| |
ARP Spoofing | |
| |
| |
DNS Spoofing | |
| |
| |
Other Strange Spoofing Attacks | |
| |
| |
Further Reading | |
| |
| |
Summary | |
| |
| |
| |
Protecting Data in Transit | |
| |
| |
Secure Shell (ssh) | |
| |
| |
scp: The Secure Copy Remote File Copy Program | |
| |
| |
Providing ssh Services in a Heterogeneous Network | |
| |
| |
ssh Security Issues | |
| |
| |
Additional Resources | |
| |
| |
Summary | |
| |
| |
| |
Linux Internet Security | |
| |
| |
| |
FTP Security | |
| |
| |
File Transfer Protocol | |
| |
| |
FTP's Default Security Features | |
| |
| |
SSLftp | |
| |
| |
Specific FTP Application Security | |
| |
| |
Summary | |
| |
| |
| |
Mail Security | |
| |
| |
SMTP Servers and Clients | |
| |
| |
sendmail Security Basics | |
| |
| |
Replacing sendmail with Qmail | |
| |
| |
Summary | |
| |
| |
| |
Telnet Security | |
| |
| |
Assessing the Need to Provide Telnet Services | |
| |
| |
Telnet's Security History | |
| |
| |
Secure Telnet Systems | |
| |
| |
deslogin | |
| |
| |
SRA Telnet from Texas AandM University | |
| |
| |
The Stanford SRP Telnet/FTP Package | |
| |
| |
Summary | |
| |
| |
| |
Web Server Security | |
| |
| |
Eliminating Nonessential Services | |
| |
| |
Web Server Security | |
| |
| |
Adding Directory Access Control with Basic HTTP | |
| |
| |
Weaknesses in Basic HTTP Authentication | |
| |
| |
HTTP and Cryptographic Authentication | |
| |
| |
Running a chroot Web Environment | |
| |
| |
Accreditation and Certification | |
| |
| |
Summary | |
| |
| |
| |
Secure Web Protocols | |
| |
| |
The Problem | |
| |
| |
Secure Sockets Layer (SSL) from Netscape Communications Corporation | |
| |
| |
Installing Apache-SSL | |
| |
| |
Other Secure Protocols: IPSEC | |
| |
| |
Summary | |
| |
| |
| |
Secure Web Development | |
| |
| |
Development Risk Factors: A Wide Overview | |
| |
| |
Spawning Shells | |
| |
| |
Buffer Overruns | |
| |
| |
Paths, Directories, and Files | |
| |
| |
Other Interesting Security Programming and Testing Tools | |
| |
| |
Other Online Resources | |
| |
| |
Summary | |
| |
| |
| |
Denial-of-Service Attacks | |
| |
| |
What Is a Denial-of-Service Attack? | |
| |
| |
Risks Posed by Denial-of-Service Attacks | |
| |
| |
How This Chapter Is Laid Out | |
| |
| |
Network Hardware DoS Attacks | |
| |
| |
Attacks on Linux Networking | |
| |
| |
Attacks on Linux Applications | |
| |
| |
Other DoS Attacks | |
| |
| |
Defending Against Denial-of-Service Attacks | |
| |
| |
Online Resources | |
| |
| |
Summary | |
| |
| |
| |
Linux and Firewalls | |
| |
| |
What Is a Firewall? | |
| |
| |
Assessing Whether You Really Need a Firewall | |
| |
| |
tcpd: TCP Wrappers | |
| |
| |
ipfwadm | |
| |
| |
ipchains | |
| |
| |
Free Firewall Tools and Add-Ons for Linux | |
| |
| |
Commercial Firewalls | |
| |
| |
Additional Resources | |
| |
| |
Summary | |
| |
| |
| |
Logs and Audit Trails | |
| |
| |
What Is Logging, Exactly? | |
| |
| |
Logging in Linux | |
| |
| |
Other Interesting Logging and Audit Tools | |
| |
| |
Summary | |
| |
| |
| |
Intrusion Detection | |
| |
| |
What Is Intrusion Detection? | |
| |
| |
Basic Intrusion Detection Concepts | |
| |
| |
Some Interesting Intrusion Detection Tools | |
| |
| |
| |
Disaster Recovery | |
| |
| |
What Is Disaster Recovery? | |
| |
| |
Steps to Take Before Building Your Linux Network | |
| |
| |
Choosing Your Backup Tools | |
| |
| |
Simple Archiving: tarring and Zipping Your Files and Directories | |
| |
| |
Types of Backups and Backup Strategies | |
| |
| |
Backup Packages | |
| |
| |
Odds and Ends | |
| |
| |
Summary | |
| |
| |
| |
Appendixes | |
| |
| |
| |
Linux Security Command Reference | |
| |
| |
| |
Linux Security Index--Past Linux Security Issues | |
| |
| |
Summary | |
| |
| |
| |
Other Useful Linux Security Tools | |
| |
| |
| |
Sources for More Information | |
| |
| |
Linux Security Patches, Updates, and Advisories | |
| |
| |
Mailing Lists | |
| |
| |
Usenet Newsgroups | |
| |
| |
| |
Glossary | |
| |
| |
Index | |