Building Secure Servers with Linux

Building Secure Servers with Linux By Michael D. Bauer
October 2002
Pages: 448

| Table of Contents | Index | Sample Chapter | Colophon

Chapter 1 Threat Modeling and Risk Management
1. Components of Risk
2. Simple Risk Analysis: ALEs
3. An Alternative: Attack Trees
4. Defenses
5. Conclusion
6. Resources
Chapter 2 Designing Perimeter Networks
1. Some Terminology
2. Types of Firewall and DMZ Architectures
3. Deciding What Should Reside on the DMZ
4. Allocating Resources in the DMZ
5. The Firewall
Chapter 3 Hardening Linux
1. OS Hardening Principles
2. Automated Hardening with Bastille Linux
Chapter 4 Secure Remote Administration
1. Why It's Time to Retire Clear-Text Admin Tools
2. Secure Shell Background and Basic Use
3. Intermediate and Advanced SSH
4. Other Handy Tools
Chapter 5 Tunneling
1. Stunnel and OpenSSL: Concepts
Chapter 6 Securing Domain Name Services (DNS)
1. DNS Basics
2. DNS Security Principles
3. Selecting a DNS Software Package
4. Securing BIND
5. djbdns
6. Resources
Chapter 7 Securing Internet Email
1. Background: MTA and SMTP Security
2. Using SMTP Commands to Troubleshoot and Test SMTP Servers
3. Securing Your MTA
4. Sendmail
5. Postfix
6. Resources
Chapter 8 Securing Web Services
1. Web Server Security
2. Build Time: Installing Apache
3. Setup Time: Configuring Apache
4. Runtime: Securing CGI Scripts
5. Special Topics
6. Other Servers and Web Security
Chapter 9 Securing File Services
1. FTP Security
2. Other File-Sharing Methods
3. Resources
Chapter 10 System Log Management and Monitoring
1. syslog
2. Syslog-ng
3. Testing System Logging with logger
4. Managing System-Log Files
5. Using Swatch for Automated Log Monitoring
6. Resources
Chapter 11 Simple Intrusion Detection Techniques
1. Principles of Intrusion Detection Systems
2. Using Tripwire
3. Other Integrity Checkers
4. Snort
5. Resources

Appendix A Two Complete Iptables Startup Scripts
Colophon

Return to Building Secure Servers with Linux

Table of Contents

Chapter 1 Threat Modeling and Risk Management

Components of Risk

Simple Risk Analysis: ALEs

An Alternative: Attack Trees

Defenses

Conclusion

Resources

Chapter 2 Designing Perimeter Networks

Some Terminology

Types of Firewall and DMZ Architectures

Deciding What Should Reside on the DMZ

Allocating Resources in the DMZ

The Firewall

Chapter 3 Hardening Linux

OS Hardening Principles

Automated Hardening with Bastille Linux

Chapter 4 Secure Remote Administration

Why It's Time to Retire Clear-Text Admin Tools

Secure Shell Background and Basic Use

Intermediate and Advanced SSH

Other Handy Tools

Chapter 5 Tunneling

Stunnel and OpenSSL: Concepts

Chapter 6 Securing Domain Name Services (DNS)

DNS Basics

DNS Security Principles

Selecting a DNS Software Package

Securing BIND

djbdns

Resources

Chapter 7 Securing Internet Email

Background: MTA and SMTP Security

Using SMTP Commands to Troubleshoot and Test SMTP Servers

Securing Your MTA

Sendmail

Postfix

Resources

Chapter 8 Securing Web Services

Web Server Security

Build Time: Installing Apache

Setup Time: Configuring Apache

Runtime: Securing CGI Scripts

Special Topics

Other Servers and Web Security

Chapter 9 Securing File Services

FTP Security

Other File-Sharing Methods

Resources

Chapter 10 System Log Management and Monitoring

syslog

Syslog-ng

Testing System Logging with logger

Managing System-Log Files

Using Swatch for Automated Log Monitoring

Resources

Chapter 11 Simple Intrusion Detection Techniques

Principles of Intrusion Detection Systems

Using Tripwire

Other Integrity Checkers

Snort

Resources

Appendix A Two Complete Iptables Startup Scripts

Colophon