LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Review: Linux Firewalls Print E-mail
User Rating:      How can I rate this item?
Posted by Administrator   
Book Reviews Security is at the forefront of everyone's mind and a firewall can be an integral part of your Linux defense. But is Michael's Rash's "Linux Firewalls," the newest release from NoStarchPress, up for the challenge? Eckie S. here at Linuxsecurity.com gives you the low-down on this newest addition to the Linux security resource library and how it's one of the best ways to crack down on attacks to your Linux network.


Vitals:

Title: Linux Firewalls
Author: Michael Rash
Pages: 281
ISBN: ISBN-10 1-59327-141-7
ISBN-13 978-1-59327-141-1
Publisher: No Starch Press
Edition: 1st Edition
Purchase: No Starch Press: Firewalls

Overview:

"Linux Firewalls" by Michael Rash is an answer to the perpetual problem of the one true constant in life - change. The strategies for an attacker wishing to compromise a client fall into the same niche as a boxer constantly looking for openings from all angles. In 2007, attackers have sidestepped operating systems and are jabbing straight for the end-user applications. With a new attack approach comes the need for a solid defensive measure.

Rash's book provides a concise yet detailed look into the application of firewalls in Linux. The reader will be able to gain an understanding of host and network based firewalls as well as having a chance to implement them through clear examples. A variety of both common and bleeding edge attacks are analyzed and broken down to their essentials. Along with the installation, configuration, and deployment of firewalls, Rash provides methods to help the user render logs and traffic to gain a better understanding of what lies beneath the code. This book is intended for readers who have had previous experience with Linux and iptables as far as basic installation and administration. Those who have no idea what the kernel is will find this book beyond the scope of what they need.

Review Summary:

The first chapter of "Linux Firewalls" provides the reader with the basics of iptables from installation, configuration, to deployment. Rash goes over concepts such as packet filtering, tables, and chains with concise examples.

There are even kernel build specifics for the home-kernel brewers! This chapter will provide a good introduction for those wanting to know more about iptables administration and the basics of policy testing.

Chapters two through four cover layers three, four, and seven, respectively, of the OSI Reference Model. The second chapter deals with a variety of network layer attacks as well as defense. Readers will learn the basics of logging packet header info and get a deeper look under the ICMP hood. Attack definitions such as header abuse, network stack exploits, and bandwidth saturation are analyzed yet countered with filter responses.

Chapter three provides a good explanation of the transport layer's specific attack definitions such as connection resource exhaustion, header abuses, and transport stack exploits. Need to read up on the different types of port scans that can hit your system and how to properly respond? This chapter is for you!

Chapter four deals with application layer attacks and will be of most interest to any web developers out there wanting to know the do's and don'ts of application design. Learn how to use iptables and string match against bad data that is intended to be injected into your application. Combine the firewall rules with Snort signatures to counter buffer overflows and SQL injection attacks!

Chapters five through eight provides a look into the Port Scan Attack Detector (PSAD). The chapters are almost like a mini-book, providing the reader the means to install, configure, and deploy PSAD. System administrators will appreciate the configuration examples as well as how to integrate PSAD with syslog and email alerts. Forensics enthusiasts will want to read chapter seven for its emphasis on OS fingerprinting and signature matching. Many readers will find chapter eight to be the most interesting as Rash explains how to actively respond to attacks with PSAD including responses to SYN scans, Nmap version scans, and anyone attempting to maliciously spoof a scan. Finally, in keeping with the *nix tradition, Rash provides ways to integrate PSAD with third party tools and the command-line interface.

As a reviewer I found chapters nine through eleven the most interesting as Rash goes into an active defense against attacks through the combination of iptables and fwsnort. There is an excellent overview of target based intrusion detection and network layer defragmentation. End users will be able to install, configure, and deploy fwsnort while complementing it with iptables. Command line options are explained, bleeding edge attacks are countered, and the reader will even be able to set up whitelists and blacklists.

On a side note, Rash goes head to head with one of the more prominent exploit frameworks, Metasploit, by explaining how to thwart any updates attempted by the system. This is a great example of how a properly configured firewall can stop even the latest in exploit technology.

Chapters twelve and thirteen look into the concept of single packet authorization vs. port knocking. These chapters are for anyone looking to learn more about access piggybacking via NAT addresses and thwarting zero-day attack problems through Nmap and target identification phases. Rash also introduces fwknop (Firewall Knock Operator), the first port-knocking implementation to allow OS fingerprinting. Fwknop installation, configuration, and deployment is explained along with how to integrate it with SPA. Users will enjoy the fwknop OpenSSH integration patch explanation for more secure connections.

Chapter fourteen wraps up "Linux Firewalls" with a look into the visualization of iptables logs. System administrators will enjoy this chapter as Rash introduces applications such as GNUplot and Afterglow to help them gain a better understanding of what traffic is going through their system.

In conclusion, if you or anyone you know is responsible for keeping a secure network, "Linux Firewalls" is an invaluable resource to have by your side. You will gain a better understanding of attacks, how to use iptables, PSAD, and fwsnort - all in an effort to properly defend and respond to attempted compromises.

Comments
How does it compare to Linux Firewalls?Written by Chris K on 2007-11-01 15:44:38
There is another book by the same name published by New Riders. The author is Robert Ziegler. Zieglers book is also very good, although Rashs book may have more current information. Has anyone read both who can compare/contrast?
UNIX/Linux Systems Security AdministratoWritten by Joshua Gimer on 2007-11-02 12:03:26
I also had the privilege of reviewing this book. I use many of the tools that are described in the book on all of my production systems. This is a great read for anyone that is looking at a new approach to securing there systems, without using an outdated security approach.
Book AuthorWritten by Michael Rash on 2007-11-03 21:32:13
In response to the first comment, Robert Ziegler's book has a lot of great information and is very detailed when it comes to discussing traditional firewall concepts (deployment architectures, policy management, UNIX sys admin issues, etc.). This is definitely a set of topics that needs to be covered in book form, and Ziegler's book accomplishes this. 
 
My book in contrast is focused on the actual attacks that can be detected with advanced iptables usage. For example, a central concept in my book is the application of the iptables string match extension to detect application layer attacks. Also, significant coverage is devoted to showing how iptables policies can emulate the Snort rule set with fwsnort, and how port scans and probes for backdoor programs can be detected with psad. This is a very different approach to security than Ziegler's book, and is more about intrusion detection with facilities provided by iptables than anything else. 
 
Thanks for reading.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Infosec geniuses hack a Canon PRINTER and install DOOM
How network virtualization is used as a security tool
Here's What Hackers Can Do With Your CRM Data
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.