Building Secure Servers with Linux
In particular, this book is about "bastionizing" Linux servers. The term bastion host can legitimately be used several ways, one of which is as a synonym for firewall.
Building Secure Servers with Linux
Chapter 1. Threat Modeling and Risk ManagementChapter 2. Designing Perimeter Networks
Chapter 3. Hardening Linux
Chapter 4. Secure Remote Administration
Chapter 5. Tunneling
Chapter 6. Securing Domain Name Services (DNS)
Chapter 7. Securing Internet Email
Chapter 8. Securing Web Services
Chapter 9. Securing File Services
Chapter 10. System Log Management and Monitoring
Chapter 11. Simple Intrusion Detection Techniques
Appendix A. Two Complete Iptables Startup Scripts
Who needs to secure their Linux systems? Arguably, anybody who has one connected to a network. This book should therefore be useful both for the Linux hobbyist with a web server in the basement and for the consultant who audits large companies' enterprise systems.
Obviously, the stakes and the scale differ greatly between those two types of users, but the problems, risks, and threats they need to consider have more in common than not. The same buffer-overflow that can be used to "root" a host running "Foo-daemon Version X.Y.Z" is just as much of a threat to a 1,000-host network with 50 Foo-daemon servers as it is to a 5-host network with one.
This book is addressed, therefore, to all Linux system administrators — whether they administer 1 or 100 networked Linux servers, and whether they run Linux for love or for money.