Linux Server Security (2nd Edition( [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Linux Server Security (2nd Edition( [Electronic resources] - نسخه متنی

Michael D. Bauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Section 6.1. DNS Basics

Section 6.2. DNS Security Principles

Section 6.3. Selecting a DNS Software Package

Section 6.4. Securing BIND

Section 6.5. djbdns

Section 6.6. Resources

Chapter 7. Using LDAP for Authentication

Section 7.1. LDAP Basics

Section 7.2. Setting Up the Server

Section 7.3. LDAP Database Management

Section 7.4. Conclusions

Section 7.5. Resources

Chapter 8. Database Security

Section 8.1. Types of Security Problems

Section 8.2. Server Location

Section 8.3. Server Installation

Section 8.4. Database Operation

Section 8.5. Resources

Chapter 9. Securing Internet Email

Section 9.1. Background: MTA and SMTP Security

Section 9.2. Using SMTP Commands to Troubleshootand Test SMTP Servers

Section 9.3. Securing Your MTA

Section 9.4. Sendmail

Section 9.5. Postfix

Section 9.6. Mail Delivery Agents

Section 9.7. A Brief Introduction to Email Encryption

Section 9.8. Resources

Chapter 10. Securing Web Servers

Section 10.1. Web Security

Section 10.2. The Web Server

Section 10.3. Web Content

Section 10.4. Web Applications

Section 10.5. Layers of Defense

Section 10.6. Resources

Chapter 11. Securing File Services

Section 11.1. FTP Security

Section 11.2. Other File-Sharing Methods

Section 11.3. Resources

Chapter 12. System Log Management and Monitoring

Section 12.1. syslog

Section 12.2. Syslog-ng

Section 12.3. Testing System Logging with logger

Section 12.4. Managing System Logfiles with logrotate

Section 12.5. Using Swatch for Automated Log Monitoring

Section 12.6. Some Simple Log-Reporting Tools

Section 12.7. Resources

Chapter 13. Simple Intrusion Detection Techniques

Section 13.1. Principles of Intrusion Detection Systems

Section 13.2. Using Tripwire

Section 13.3. Other Integrity Checkers

Section 13.4. Snort

Section 13.5. Resources

Colophon
توضیحات
افزودن یادداشت جدید







Chapter 2. Designing Perimeter Networks


A
well-designed perimeter network (the part or parts
of your internal network that have direct contact with the outside
worlde.g., the Internet) can prevent entire classes of attacks
from even reaching protected servers. Equally important, it can
prevent a compromised system on your network from being used to
attack other systems. Secure network design is therefore a key
element in risk management and containment.

But what constitutes a
"well-designed" perimeter network?
Since perimeter networks always involve firewalls, you might be
tempted to think that a well-configured firewall equals a secure
perimeter, but there's a bit more to it than that.
In fact, there's more than one
"right" way to design the
perimeter, and this chapter describes several. One simple concept,
however, drives all good perimeter network designs: systems that are
at a relatively high risk of being compromised should be segregated
from the rest of the network. Such segregation is, of course, best
achieved (enforced) by firewalls and other
network access-control devices.

This chapter, then, is about creating network
topologies that isolate your publicly accessible servers from your
private systems while still providing those public systems some level
of protection. This isn't a
chapter about how to pull Ethernet cable or even about how to
configure firewalls; the latter, in particular, is a complicated
subject worthy of its own book (there are many, in fact). But it
should give you a start in deciding where to put your servers before
you go to the trouble of building them.

By the way, whenever possible, the
security
of an Internet-connected perimeter network should be designed and
implemented before any servers are connected to
it. It can be extremely difficult and disruptive to change a
network's architecture while that network is in use.
If you think of building a server as similar to building a house,
network design can be considered analogous to urban planning. The
latter really must precede the former.

The Internet is only one example of an external network to which you
might be connected. If your organization has a dedicated Wide Area
Network (WAN) circuit or a Virtual Private Network (VPN) connection
to a vendor or partner, the part of your network on which that
connection terminates is also part of your perimeter.[1] [1] Actually, "perimeter" has a
much broader definition than it used to. It used to mean
"the outer edge of your network,"
but nowadays it means "any place trusted systems
meet untrusted traffic." For example, in many
organizations, it's become common for external
vendors to support internal systems (e.g., via VPN connections or
modems); in that scenario, the perimeter extends as far inside the
network as the external vendors go.


Most of what follows in this chapter is applicable to any part of
your perimeter network, not just the part that's
connected to the Internet.


/ 94