Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage Respond to a compromised server, collect evidence, and prevent future attacks Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.
Licens varighed:
Bookshelf online: 180 dage fra købsdato.
Bookshelf appen: 180 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: -1 sider kan printes ad gangen
Copy: højest -1 sider i alt kan kopieres (copy/paste)
Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage Respond to a compromised server, collect evidence, and prevent future attacks Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.
Licens varighed:
Bookshelf online: 90 dage fra købsdato.
Bookshelf appen: 90 dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: -1 sider kan printes ad gangen
Copy: højest -1 sider i alt kan kopieres (copy/paste)
Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage Respond to a compromised server, collect evidence, and prevent future attacks Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.
Licens varighed:
Bookshelf online: 5 år fra købsdato.
Bookshelf appen: 5 år fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: -1 sider kan printes ad gangen
Copy: højest -1 sider i alt kan kopieres (copy/paste)
Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker's toolkit, you can't rely on outdated security methods-especially if you're responsible for Internet-facing services. In
Linux(R) Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.
Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.
Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn't protect against, and whether it would be useful in your environment.
- Apply core security techniques including 2FA and strong passwords
- Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
- Use the security-focused Tails distribution as a quick path to a hardened workstation
- Compartmentalize workstation tasks into VMs with varying levels of trust
- Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
- Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can't be used
- Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
- Set up standalone Tor services and hidden Tor services and relays
- Secure Apache and Nginx web servers, and take full advantage of HTTPS
- Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
- Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
- Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
- Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
- Respond to a compromised server, collect evidence, and prevent future attacks
Normal 0 false false false EN-US X-NONE X-NONE
Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available. Normal 0 false false false EN-US X-NONE X-NONE
Foreword xiii Preface xv Acknowledgments xxiii About the Author xxv
Chapter 1: Overall Security Concepts 1 Section
1: Security Fundamentals 1 Section
2: Security Practices Against a Knowledgeable Attacker 10 Section
3: Security Practices Against an Advanced Attacker 20 Summary 24
Chapter 2: Workstation Security 25 Section
1: Security Fundamentals 25 Section
2: Additional Workstation Hardening 33 Section
3: Qubes 37 Summary 52
Chapter 3: Server Security 53 Section
1: Server Security Fundamentals 53 Section
2: Intermediate Server-Hardening Techniques 58 Section
3: Advanced Server-Hardening Techniques 68 Summary 74
Chapter 4: Network 75 Section
1: Essential Network Hardening 76 Section
2: Encrypted Networks 87 Section
3: Anonymous Networks 100 Summary 107
Chapter 5: Web Servers 109 Section
1: Web Server Security Fundamentals 109 Section
2: HTTPS 113 Section
3: Advanced HTTPS Configuration 118 Summary 131
Chapter 6: Email 133 Section
1: Essential Email Hardening 133 Section
2: Authentication and Encryption 137 Section
3: Advanced Hardening 141 Summary 156
Chapter 7: DNS 157 Section
1: DNS Security Fundamentals 158 Section
2: DNS Amplification Attacks and Rate Limiting 161 Section
3: DNSSEC 166 Summary 175
Chapter 8: Database 177 Section
1: Database Security Fundamentals 177 Section
2: Database Hardening 185 Section
3: Database Encryption 191 Summary 195
Chapter 9: Incident Response 197 Section
1: Incident Response Fundamentals 197 Section
2: Secure Disk Imaging Techniques 200 Section
3: Walk Through a Sample Investigation 209 Summary 214 Appendix A: Tor 215 What Is Tor? 215 How Tor Works 216 Security Risks 219 Appendix B: SSL/TLS 221 What Is TLS? 221 How TLS Works 222 TLS Troubleshooting Commands 224 Security Risks 224 Index 229