Linux Server Security (2nd Edition( [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Linux Server Security (2nd Edition( [Electronic resources] - نسخه متنی

Michael D. Bauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Section 6.1. DNS Basics

Section 6.2. DNS Security Principles

Section 6.3. Selecting a DNS Software Package

Section 6.4. Securing BIND

Section 6.5. djbdns

Section 6.6. Resources

Chapter 7. Using LDAP for Authentication

Section 7.1. LDAP Basics

Section 7.2. Setting Up the Server

Section 7.3. LDAP Database Management

Section 7.4. Conclusions

Section 7.5. Resources

Chapter 8. Database Security

Section 8.1. Types of Security Problems

Section 8.2. Server Location

Section 8.3. Server Installation

Section 8.4. Database Operation

Section 8.5. Resources

Chapter 9. Securing Internet Email

Section 9.1. Background: MTA and SMTP Security

Section 9.2. Using SMTP Commands to Troubleshootand Test SMTP Servers

Section 9.3. Securing Your MTA

Section 9.4. Sendmail

Section 9.5. Postfix

Section 9.6. Mail Delivery Agents

Section 9.7. A Brief Introduction to Email Encryption

Section 9.8. Resources

Chapter 10. Securing Web Servers

Section 10.1. Web Security

Section 10.2. The Web Server

Section 10.3. Web Content

Section 10.4. Web Applications

Section 10.5. Layers of Defense

Section 10.6. Resources

Chapter 11. Securing File Services

Section 11.1. FTP Security

Section 11.2. Other File-Sharing Methods

Section 11.3. Resources

Chapter 12. System Log Management and Monitoring

Section 12.1. syslog

Section 12.2. Syslog-ng

Section 12.3. Testing System Logging with logger

Section 12.4. Managing System Logfiles with logrotate

Section 12.5. Using Swatch for Automated Log Monitoring

Section 12.6. Some Simple Log-Reporting Tools

Section 12.7. Resources

Chapter 13. Simple Intrusion Detection Techniques

Section 13.1. Principles of Intrusion Detection Systems

Section 13.2. Using Tripwire

Section 13.3. Other Integrity Checkers

Section 13.4. Snort

Section 13.5. Resources

Colophon
توضیحات
افزودن یادداشت جدید








Chapter 3. Hardening Linux and Using iptables


There's tremendous value in isolating your
bastion
(Internet-accessible) hosts in a DMZ network, protected by a
well-designed firewall and other external controls. And just as a
good DMZ is designed assuming that sooner or later, even
firewall-protected hosts may be compromised, good bastion server
design dictates that each host should be hardened as though there
were no firewall at all.


Obviously, the bastion-host services to which your firewall allows
access must be configured as securely as possible and kept up to date
with security patches. But that isn't enough: you
must also secure the bastion host's operating-system
configuration and disable unnecessary servicesin short,
"bastionize" or
"harden" it as much as possible.


If you don't do this, you won't
have a bastion server: you'll simply have a server
behind a firewallone that's at the mercy of
the firewall and the effectiveness of its own
applications' security features. But if you do
bastionize it, your server can defend itself should some other host
in the DMZ be compromised and used to attack it. (As you can see,
pessimism is an important element in risk management!) Hardening a Linux system is not a trivial task: it's
as much work to bastionize Linux as Solaris, Windows, and other
popular operating systems. This is a natural result of having so many
different types of software available for these OSes, and at least as
much variation between the types of people who use them.


Unlike many other OSes, however, Linux gives you extremely granular
control over system and application behavior, from a high level
(application settings, user interfaces, etc.) to a very low level,
even as far down as the kernel code itself. Linux also benefits from
lessons learned over the three-decade history of Unix and Unix-like
operating systems. Unix security is extremely well understood and
well documented. Furthermore, over the course of those 30-plus years,
many powerful security tools have been developed and refined,
including chroot, sudo,
TCPwrappers, Tripwire, and shadow.


This chapter lays the groundwork for much of what follows. Whereas
most of the rest of this book is about hardening specific
applications, this chapter covers system-hardening principles and
specific techniques for hardening the core operating system.



/ 94