Request full copy

Linux Hardening in Hostile Networks: Server Security from TLS to Tor, 1st edition

Published by Addison-Wesley Professional (July 26, 2017) © 2018

  • Kyle Rankin

eTextbook

$37.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$31.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

Rankin begins with a user-oriented guide to safeguarding your own personal data with PGP, Off-the-Record Messaging (OTR), Tor, and the Tails "amnesic incognito" live Linux distribution. Next, he guides you through setting up secured versions of the services you manage every day, including web, email, and database servers that communicate over TLS; locked-down DNS servers with DNSSEC; Tor servers, and hidden services.

Each category of solution is presented in its own chapter, with techniques organized based on difficulty level, time commitment, and overall threat. In each case, Rankin begins with techniques any system administrator can quickly implement to protect against entry-level hackers. Next, he moves on to intermediate and advanced techniques intended to safeguard against sophisticated and knowledgeable attackers. An accompanying CDROM contains a full, pre-configured copy of the Tails live Linux distribution, making it simple for any sysadmin to bootstrap a highly-secure, privacy-protecting environment in minutes.

  • Demystifies high-security technologies like TLS, DNSSEC, and Tor, and guides readers step-by-step through implementing them
  • Shows how to systematically harden Linux servers and networks against aggressive new threats
  • Demonstrates today's best practices for protect email and other digital assets against intrusions from governments and sophisticated hackers
  • Organizes countermeasures by complexity, so you can quickly implement easier solutions, and move on to more difficult techniques when you're ready
  • By Kyle Rankin, award-winning Linux Journal columnist and author of DevOps Troubleshooting and The Official Ubuntu Server Book

Foreword xiii

Preface xv

Acknowledgments xxiii

About the Author xxv

 

Chapter 1: Overall Security Concepts 1

Section 1: Security Fundamentals 1

Section 2: Security Practices Against a Knowledgeable Attacker 10

Section 3: Security Practices Against an Advanced Attacker 20

Summary 24

 

Chapter 2: Workstation Security 25

Section 1: Security Fundamentals 25

Section 2: Additional Workstation Hardening 33

Section 3: Qubes 37

Summary 52

 

Chapter 3: Server Security 53

Section 1: Server Security Fundamentals 53

Section 2: Intermediate Server-Hardening Techniques 58

Section 3: Advanced Server-Hardening Techniques 68

Summary 74

 

Chapter 4: Network 75

Section 1: Essential Network Hardening 76

Section 2: Encrypted Networks 87

Section 3: Anonymous Networks 100

Summary 107

 

Chapter 5: Web Servers 109

Section 1: Web Server Security Fundamentals 109

Section 2: HTTPS 113

Section 3: Advanced HTTPS Configuration 118

Summary 131

 

Chapter 6: Email 133

Section 1: Essential Email Hardening 133

Section 2: Authentication and Encryption 137

Section 3: Advanced Hardening 141

Summary 156

 

Chapter 7: DNS 157

Section 1: DNS Security Fundamentals 158

Section 2: DNS Amplification Attacks and Rate Limiting 161

Section 3: DNSSEC 166

Summary 175

 

Chapter 8: Database 177

Section 1: Database Security Fundamentals 177

Section 2: Database Hardening 185

Section 3: Database Encryption 191

Summary 195

 

Chapter 9: Incident Response 197

Section 1: Incident Response Fundamentals 197

Section 2: Secure Disk Imaging Techniques 200

Section 3: Walk Through a Sample Investigation 209

Summary 214

 

Appendix A: Tor 215

What Is Tor? 215

How Tor Works 216

Security Risks 219


Appendix B: SSL/TLS 221

What Is TLS? 221

How TLS Works 222

TLS Troubleshooting Commands 224

Security Risks 224

 

Index 229

Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks, and Ubuntu Hacks; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, O’Reilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users’ Groups. In his free time Kyle does much of what he does at work—plays with Linux and computers in general. He’s also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars