Linux Server Security (2nd Edition( [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Linux Server Security (2nd Edition( [Electronic resources] - نسخه متنی

Michael D. Bauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Section 6.1. DNS Basics

Section 6.2. DNS Security Principles

Section 6.3. Selecting a DNS Software Package

Section 6.4. Securing BIND

Section 6.5. djbdns

Section 6.6. Resources

Chapter 7. Using LDAP for Authentication

Section 7.1. LDAP Basics

Section 7.2. Setting Up the Server

Section 7.3. LDAP Database Management

Section 7.4. Conclusions

Section 7.5. Resources

Chapter 8. Database Security

Section 8.1. Types of Security Problems

Section 8.2. Server Location

Section 8.3. Server Installation

Section 8.4. Database Operation

Section 8.5. Resources

Chapter 9. Securing Internet Email

Section 9.1. Background: MTA and SMTP Security

Section 9.2. Using SMTP Commands to Troubleshootand Test SMTP Servers

Section 9.3. Securing Your MTA

Section 9.4. Sendmail

Section 9.5. Postfix

Section 9.6. Mail Delivery Agents

Section 9.7. A Brief Introduction to Email Encryption

Section 9.8. Resources

Chapter 10. Securing Web Servers

Section 10.1. Web Security

Section 10.2. The Web Server

Section 10.3. Web Content

Section 10.4. Web Applications

Section 10.5. Layers of Defense

Section 10.6. Resources

Chapter 11. Securing File Services

Section 11.1. FTP Security

Section 11.2. Other File-Sharing Methods

Section 11.3. Resources

Chapter 12. System Log Management and Monitoring

Section 12.1. syslog

Section 12.2. Syslog-ng

Section 12.3. Testing System Logging with logger

Section 12.4. Managing System Logfiles with logrotate

Section 12.5. Using Swatch for Automated Log Monitoring

Section 12.6. Some Simple Log-Reporting Tools

Section 12.7. Resources

Chapter 13. Simple Intrusion Detection Techniques

Section 13.1. Principles of Intrusion Detection Systems

Section 13.2. Using Tripwire

Section 13.3. Other Integrity Checkers

Section 13.4. Snort

Section 13.5. Resources

Colophon
توضیحات
افزودن یادداشت جدید







Chapter 13. Simple Intrusion Detection Techniques


Last night someone came into my house and replaced everything with an
exact duplicate.

Steven Wright Comprehensive logging, preferably with automated monitoring and
notification, can help keep you abreast of system security status
(besides being invaluable in picking up the pieces after a crash or a
security incident). But as a security tool,
logging only goes so
far: it's no more sophisticated than the
operating-system processes and applications that write those log
messages. Events not anticipated by those processes and applications
may be logged with a generic message or, worse still, not at all. And
what if the processes, applications, or their respective logs are
tampered with?

That's where Intrusion
Detection Systems (IDS) come in. A simple host-based IDS can
alert you to unexpected changes in important system files based on
stored checksums. A network IDS
(NIDS) can alert you to a potential attack in progress, based on a
database of known attack signatures or even on differences between
your network's current state and what the IDS
considers its normal state. Some of these attacks (especially those
at the application level, such as web exploits) might breeze through
your firewalls. Multiple layers of defense are better than one. In
the 2004 CSI/FBI Computer Crime and Security
Survey (http://www.gocsi.com/), 98% of the
organizations surveyed used a firewall, and 68% used an IDS.

Between simple host-based IDSes and advanced statistical NIDSes,
there is a lot of information I can't do justice to
in one chapter: I highly recommend Northcutt's and
Amoroso's books (listed in the
"Resources" section at the end of
this chapter) if you're interested in learning about
this topic in depth. But as it happens, you can achieve a high degree
of intrusion detection potential without a lot of effort, using free,
well-documented tools such as Tripwire
Open Source and Snort.

This chapter describes some basic intrusion detection concepts and
how to put them to work without doing a lot of work yourself.


/ 94