Muutke küpsiste eelistusi

E-raamat: Linux Hardening in Hostile Networks: Server Security from TLS to Tor

3.86/5 (27 hinnangut Goodreads-ist)
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 29,94 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Linux Hardening in Hostile Networks: Server Security from TLS to TorSuurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Implement Industrial-Strength Security on Any Linux Server

 

In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods—especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.

 

Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious, but now essential to mainstream Linux security. He also includes a full chapter on effective incident response.

 

Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.

 

Learn how to

  • Apply core security techniques including 2FA and strong passwords
  • Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
  • Use the security-focused Tails distribution as a quick path to a hardened workstation
  • Compartmentalize workstation tasks into VMs with varying levels of trust
  • Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
  • Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
  • Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
  • Set up standalone Tor services and hidden Tor services and relays
  • Secure Apache and Nginx web servers, and take full advantage of HTTPS
  • Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
  • Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
  • Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
  • Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
  • Respond to a compromised server, collect evidence, and prevent future attacks
Foreword xiii
Preface xv
Acknowledgments xxiii
About the Author xxv
1 Overall Security Concepts
1(24)
Section 1 Security Fundamentals
1(9)
Essential Security Principles
2(2)
Basic Password Security
4(6)
Section 2 Security Practices Against a Knowledgeable Attacker
10(10)
Security Best Practices
10(3)
Password-Cracking Techniques
13(3)
Password-Cracking Countermeasures
16(4)
Section 3 Security Practices Against an Advanced Attacker
20(5)
Advanced Password-Cracking Techniques
20(2)
Advanced Password-Cracking Countermeasures
22(2)
Summary
24(1)
2 Workstation Security
25(28)
Section 1 Security Fundamentals
25(8)
Workstation Security Fundamentals
25(2)
Web Security Fundamentals
27(2)
Introduction to Tails
29(1)
Download, Validate, and Install Tails
29(1)
Use Tails
30(3)
Section 2 Additional Workstation Hardening
33(4)
Workstation Disk Encryption
33(1)
BIOS Passwords
33(1)
Tails Persistence and Encryption
34(3)
Section 3 Qubes
37(16)
Introduction to Qubes
38(3)
Qubes Download and Installation
41(2)
The Qubes Desktop
43(3)
An AppVM Compartmentalization Example
46(3)
Split GPG
49(1)
USB VM
50(3)
3 Server Security
53(22)
Section 1 Server Security Fundamentals
53(5)
Fundamental Server Security Practices
53(1)
SSH Configuration
54(4)
Section 2 Intermediate Server-Hardening Techniques
58(10)
SSH Key Authentication
58(5)
AppArmor
63(3)
Remote Logging
66(2)
Section 3 Advanced Server-Hardening Techniques
68(7)
Server Disk Encryption
68(2)
Secure NTP Alternatives
70(2)
Two-Factor Authentication with SSH
72(2)
Summary
74(1)
4 Network
75(34)
Section 1 Essential Network Hardening
76(11)
Network Security Fundamentals
76(2)
Man-in-the-Middle Attacks
78(1)
Server Firewall Settings
79(8)
Section 2 Encrypted Networks
87(13)
OpenVPN Configuration
87(6)
SSH Tunnels
93(2)
SSL/TLS-Enabled Load Balancing
95(5)
Section 3 Anonymous Networks
100(9)
Tor Configuration
101(5)
Tor Hidden Services
106(1)
Summary
107(2)
5 Web Servers
109(24)
Section 1 Web Server Security Fundamentals
109(4)
Permissions
109(1)
HTTP Basic Authentication
110(3)
Section 2 HTTPS
113(5)
Enable HTTPS
114(1)
Redirect HTTP to HTTPS
115(1)
HTTPS Reverse Proxy
116(1)
HTTPS Client Authentication
117(1)
Section 3 Advanced HTTPS Configuration
118(15)
HSTS
118(1)
HTTPS Forward Secrecy
119(1)
Web Application Firewalls
120(11)
Summary
131(2)
6 Email
133(24)
Section 1 Essential Email Hardening
133(4)
Email Security Fundamentals
134(1)
Basic Email Hardening
135(2)
Section 2 Authentication and Encryption
137(4)
SMTP Authentication
138(1)
SMTPS
139(2)
Section 3 Advanced Hardening
141(16)
SPF
141(5)
DKIM
146(6)
DMARC
152(4)
Summary
156(1)
7 DNS
157(64)
Section 1 DNS Security Fundamentals
158(3)
Authoritative DNS Server Hardening
159(1)
Recursive DNS Server Hardening
160(1)
Section 2 DNS Amplification Attacks and Rate Limiting
161(5)
DNS Query Logging
162(1)
Dynamic DNS Authentication
163(3)
Section 3 DNSSEC
166(55)
How DNS Works
166(2)
DNS Security Issues
168(1)
How DNSSEC Works
168(3)
DNSSEC Terminology
171(1)
Add DNSSEC to a Zone
172(3)
Summary
175(46)
B SSL/TLS
221(8)
What Is TLS?
221(1)
Why Use TLS?
221(1)
How TLS Works
222(1)
Deciphering Cipher Names
223(1)
TLS Troubleshooting Commands
224(1)
View the Contents of a Certificate
224(1)
View the Contents of a CSR
224(1)
Troubleshoot a Protocol over TLS
224(1)
Security Risks
224(1)
Man-in-the-Middle Attacks
225(1)
Downgrade Attacks
225(1)
Forward Secrecy
226(3)
Index 229
Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks, and Ubuntu Hacks; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, OReilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users Groups. In his free time Kyle does much of what he does at workplays with Linux and computers in general. Hes also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801341733132e.html
Märksõnad: