文档介绍:U S E I P T A B L E S T O
D E T E C T A N D
P R E V E N T LL I I N N U U X X
N E T W O R K - B A S E D
NUX FI ALLS L L WA E IR F X U IN L
NUX FI ALLS L L WA E IR F X U IN L
A T T A C K S FF I I R R E E W W A A L L L L S S
A T T A C K D E T E C T I O N A N D R E S P O N S E W I T H
System administrators need to stay ahead of new • Tools for visualizing iptables logs I P T A B L E S , P S A D , A N D F W S N O R T
security vulnerabilities that leave works exposed
• Passive OS fingerprinting with iptables
every day. A firewall and an intrusion detection system
(IDS) are two important weapons in that fight, enabling Perl and C code snippets offer practical examples M I C H A E L R A S H
you to proactively deny access and work that will help you to maximize your deployment of
traffic for signs of an attack. Linux firewalls.
Linux Firewalls discusses the technical details of the If you’re responsible for keeping work secure, Linux Firewalls is a great book.
iptables firewall and filter framework that are you’ll find Linux Firewalls invaluable in your attempt to —From the foreword by Richard Bejtlich
built into the Linux kernel, and it explains how they understand attacks and use iptables—along with psad of
provide strong filtering, Network Address Translation and fwsnort—to detect and even promises.
(NAT), state tracking, and application layer inspection
A B O U T T H E A U T H O R
capabilities that rival mercial tools. You’ll
learn how to deploy iptables as an IDS with psad and Michael Rash is a security architect with Enterasys
fwsnort and how to build a strong, passive authentica- Networks, Inc., where he develops the Dragon
tion layer around iptables with fwknop. intrusion detection and prevention system. He is a
frequent contributor to open source projects and the
Concrete examples illustrate concepts such as firewall
creator of psad, fwknop, and fwsnort. Rash is an
log analysis and policies, work authentica-
exp