Features
- Cover Type: Paperback with 336 pages
- Published by: No Starch Press September 15, 2007
- Written in: English
- ISBN 10 Number: 1593271417
- ISBN 13 Number: 978-1593271411
-
Book Dimensions:
9.1 x 6.9 x 1.1 inches
- Weighs: 1.4 pounds
Book Description
Linux firewalls provide capabilities that rival commercial firewalls, and are built upon the powerful Netfilter infrastructure in the Linux kernel.
Linux Firewalls: Attack Detection and Response explores using Netfilter as an intrusion detection system (IDS) by combining it with Snort rulesets and custom open source
software created by the author. Providing concrete examples to illustrate concepts, the book discusses Linux firewall log analysis and policies, passive network authentication and authorization, exploit packet traces and Snort ruleset emulation, and more. Perl and C code snippets are included to help readers maximize the deployment of Linux firewalls as effective mechanisms for the detection and prevention of various network-based attacks.
About The Author
Michael Rash is a Security Architect on the Dragon Intrusion Detection System with Enterasys Networks, Inc., and is a frequent contributor to open source projects. As the creator of psad, fwknop, and fwsnort, Rash is an expert on firewalls, IDSs, OS fingerprinting, and the Snort rules language. He is co-author of the book Snort 2.1 Intrusion Detection,lead-author and technical editor of the book Intrusion Prevention and Active Response, and has written security articles for Linux Journal, SysAdmin, and ;login:.
Reader ReviewsDisclaimer: I wrote the foreword for this book, so obviously I am biased. However, I am not financially compensated for this book's success. In the foreword I note that Linux Firewalls is a "great book." As a FreeBSD user, Linux Firewalls is good enough to make me consider using Linux in certain circumstances! Mike's book is exceptionally clear, organized, concise, and actionable. You should be able to read it and implement everything you find by following his examples. You will not only learn tools and techniques, but you will be able to appreciate Mike's keen defensive insights. The majority of the world's digital security professionals focus on defense, because offense is left to the bad guys, police, and military. I welcome books like Linux Firewalls that bring real defensive tools and techniques to the masses in a form that can be digested and deployed for minimum cost and effort. One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. I've read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience. Mike is exceptionally detail-oriented (see the RST vs RST ACK issue on p 63 and elsewhere) and he often cites sources and additional references. Linux Firewalls very nicely integrates sample network traffic to make numerous points; Ch 11 has several great examples. The sections on Fwsnort even improved my understanding of Snort itself. The bottom line is that if you are a user of non-Microsoft operating systems (Linux, BSD, etc.) and you want to know how Linux can help defend your network, you will enjoy reading Linux Firewalls.
Search for books at
