11. Intrusion Detection and Response
You’ve now built a firewall with Linux using iptables or nftables. The layered security approach includes both network- and host-based security. Where the firewall provides security for both the network and the hosts, there are also steps that must be taken on the firewall machine itself, as well as on the hosts within the network. Whether it takes the form of filesystem integrity checking, virus/rootkit scanning, or monitoring the network for suspicious activity, these processes help ensure that your data remains safe.
This chapter is about host and network security and intrusion detection. The goal of the chapter is to provide a high-level overview of some of the concepts so that you can do further research ...
Get Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
