Linux Hardening in Hostile Networks: Server Security from TLS to Tor, 1st edition

Published by Addison-Wesley Professional (July 17, 2017) © 2018

  • Kyle Rankin
Products list
$37.99
Buy nowOpens in a new tab
Sold by InformIT and ebook resellers
  • Available for purchase from all major ebook resellers, including InformIT.com
Products list
$31.99

Price Reduced From: $39.99

Details

  • A print text
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

This product is expected to ship within 3-6 business days for US and 5-10 business days for Canadian customers.

Rankin begins with a user-oriented guide to safeguarding your own personal data with PGP, Off-the-Record Messaging (OTR), Tor, and the Tails "amnesic incognito" live Linux distribution. Next, he guides you through setting up secured versions of the services you manage every day, including web, email, and database servers that communicate over TLS; locked-down DNS servers with DNSSEC; Tor servers, and hidden services.

Each category of solution is presented in its own chapter, with techniques organized based on difficulty level, time commitment, and overall threat. In each case, Rankin begins with techniques any system administrator can quickly implement to protect against entry-level hackers. Next, he moves on to intermediate and advanced techniques intended to safeguard against sophisticated and knowledgeable attackers. An accompanying CDROM contains a full, pre-configured copy of the Tails live Linux distribution, making it simple for any sysadmin to bootstrap a highly-secure, privacy-protecting environment in minutes.

Foreword xiii

Preface xv

Acknowledgments xxiii

About the Author xxv

 

Chapter 1: Overall Security Concepts 1

Section 1: Security Fundamentals 1

Section 2: Security Practices Against a Knowledgeable Attacker 10

Section 3: Security Practices Against an Advanced Attacker 20

Summary 24

 

Chapter 2: Workstation Security 25

Section 1: Security Fundamentals 25

Section 2: Additional Workstation Hardening 33

Section 3: Qubes 37

Summary 52

 

Chapter 3: Server Security 53

Section 1: Server Security Fundamentals 53

Section 2: Intermediate Server-Hardening Techniques 58

Section 3: Advanced Server-Hardening Techniques 68

Summary 74

 

Chapter 4: Network 75

Section 1: Essential Network Hardening 76

Section 2: Encrypted Networks 87

Section 3: Anonymous Networks 100

Summary 107

 

Chapter 5: Web Servers 109

Section 1: Web Server Security Fundamentals 109

Section 2: HTTPS 113

Section 3: Advanced HTTPS Configuration 118

Summary 131

 

Chapter 6: Email 133

Section 1: Essential Email Hardening 133

Section 2: Authentication and Encryption 137

Section 3: Advanced Hardening 141

Summary 156

 

Chapter 7: DNS 157

Section 1: DNS Security Fundamentals 158

Section 2: DNS Amplification Attacks and Rate Limiting 161

Section 3: DNSSEC 166

Summary 175

 

Chapter 8: Database 177

Section 1: Database Security Fundamentals 177

Section 2: Database Hardening 185

Section 3: Database Encryption 191

Summary 195

 

Chapter 9: Incident Response 197

Section 1: Incident Response Fundamentals 197

Section 2: Secure Disk Imaging Techniques 200

Section 3: Walk Through a Sample Investigation 209

Summary 214

 

Appendix A: Tor 215

What Is Tor? 215

How Tor Works 216

Security Risks 219


Appendix B: SSL/TLS 221

What Is TLS? 221

How TLS Works 222

TLS Troubleshooting Commands 224

Security Risks 224

 

Index 229

Need help? Get in touch