Linux Server Security (2nd Edition( [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Linux Server Security (2nd Edition( [Electronic resources] - نسخه متنی

Michael D. Bauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Section 6.1. DNS Basics

Section 6.2. DNS Security Principles

Section 6.3. Selecting a DNS Software Package

Section 6.4. Securing BIND

Section 6.5. djbdns

Section 6.6. Resources

Chapter 7. Using LDAP for Authentication

Section 7.1. LDAP Basics

Section 7.2. Setting Up the Server

Section 7.3. LDAP Database Management

Section 7.4. Conclusions

Section 7.5. Resources

Chapter 8. Database Security

Section 8.1. Types of Security Problems

Section 8.2. Server Location

Section 8.3. Server Installation

Section 8.4. Database Operation

Section 8.5. Resources

Chapter 9. Securing Internet Email

Section 9.1. Background: MTA and SMTP Security

Section 9.2. Using SMTP Commands to Troubleshootand Test SMTP Servers

Section 9.3. Securing Your MTA

Section 9.4. Sendmail

Section 9.5. Postfix

Section 9.6. Mail Delivery Agents

Section 9.7. A Brief Introduction to Email Encryption

Section 9.8. Resources

Chapter 10. Securing Web Servers

Section 10.1. Web Security

Section 10.2. The Web Server

Section 10.3. Web Content

Section 10.4. Web Applications

Section 10.5. Layers of Defense

Section 10.6. Resources

Chapter 11. Securing File Services

Section 11.1. FTP Security

Section 11.2. Other File-Sharing Methods

Section 11.3. Resources

Chapter 12. System Log Management and Monitoring

Section 12.1. syslog

Section 12.2. Syslog-ng

Section 12.3. Testing System Logging with logger

Section 12.4. Managing System Logfiles with logrotate

Section 12.5. Using Swatch for Automated Log Monitoring

Section 12.6. Some Simple Log-Reporting Tools

Section 12.7. Resources

Chapter 13. Simple Intrusion Detection Techniques

Section 13.1. Principles of Intrusion Detection Systems

Section 13.2. Using Tripwire

Section 13.3. Other Integrity Checkers

Section 13.4. Snort

Section 13.5. Resources

Colophon
توضیحات
افزودن یادداشت جدید







Chapter 1. Threat Modeling and Risk Management


Since this book is about building secure Linux Internet servers from
the ground up, you're probably expecting
system-hardening procedures, guidelines for configuring applications
securely, and other very specific and low-level information. And
indeed, subsequent chapters contain a great deal of this.

But what, really, are we hardening against? The answer to that
question is different from system to system and network to network,
and in all cases, it changes over time. It's also
more complicated than most people realize. In short, threat analysis
is a moving target.

Far from a reason to avoid the question altogether, this means that
threat modeling is an absolutely
essential first step (a recurring step, actually) in securing a
system or a network. Most people acknowledge that a sufficiently
skilled and determined attacker[1] can compromise almost any system,
even if you've carefully considered and planned
against likely attack vectors. It therefore follows that if you
don't plan for even the most
plausible and likely threats to a given system's
security, that system will be particularly
vulnerable.

[1] As an abstraction,
the "sufficiently determined
attacker" (someone theoretically able to compromise
any system on any network, outrun bullets, etc.) has a special place
in the imaginations and nightmares of security professionals. On the
one hand, in practice such people are rare: just like
"physical world" criminals, many if
not most people who risk the legal and social consequences of
committing electronic crimes are fairly predictable. The most likely
attackers therefore tend to be relatively easy to keep out. On the
other hand, if you are targeted by a skilled and
highly motivated attacker, especially one with
"insider" knowledge or access, your
only hope is to have prepared for the worst, and not just the most
likely threats.


This chapter offers some simple methods for threat modeling and
risk management, with
real-life examples of many common threats and their consequences. The
techniques covered should give enough detail about evaluating
security risks to lend context, focus, and the proper air of urgency
to the tools and techniques the rest of the book covers. At the very
least, I hope it will help you to think about network security
threats in a logical and organized way.


/ 94