Building Secure Servers with Linux (Paperback)

Michael D. Bauer

  • 出版商: O'Reilly
  • 出版日期: 2002-11-01
  • 定價: $1,480
  • 售價: 5.0$740
  • 語言: 英文
  • 頁數: 464
  • 裝訂: Paperback
  • ISBN: 0596002173
  • ISBN-13: 9780596002176
  • 相關分類: Linux
  • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

商品描述

Linux consistently turns up high in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services like DNS and routing mail. But security is uppermost on the mind of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well.

As the cost of broadband and other high-speed Internet connectivity has gone down, and its availability has increased, more Linux users are providing or considering providing Internet services such as HTTP, Anonymous FTP, etc., to the world at large. At the same time, some important, powerful, and popular Open Source tools have emerged and rapidly matured--some of which rival expensive commercial equivalents--making Linux a particularly appropriate platform for providing secure Internet services.

Building Secure Servers with Linux will help you master the principles of reliable system and network security by combining practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the larger Internet--and shows readers how to harden their hosts against attacks. Author Mick Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. The book does not cover firewalls, but covers the more common situation where an organization protects its hub using other systems as firewalls, often proprietary firewalls.

The book includes:

  • Precise directions for securing common services, including the Web, mail, DNS, and file transfer.
  • Ancillary tasks, such as hardening Linux, using SSH and certificates for tunneling, and using iptables for firewalling.
  • Basic installation of intrusion detection tools.


Writing for Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Building Secure Servers with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages. An all-inclusive resource for Linux users who wish to harden their systems, the book covers general security as well as key services such as DNS, the Apache Web server, mail, file transfer, and secure shell. With this book in hand, you'll have everything you need to ensure robust security of your Linux system.

Table of Contents

Preface

1. Threat Modeling and Risk Management

2. Designing Perimeter Networks

3. Hardening Linux

4. Secure Remote Administration

5. Tunneling

6. Securing Domain Name Services (DNS)

7. Securing Internet Email

8. Securing Web Services

9. Securing File Services

10. System Log Management and Monitoring

11. Simple Intrusion Detection Techniques

Appendix: Two Complete Iptables Startup Scripts

Index

商品描述(中文翻譯)

Linux在熱門的網際網路伺服器清單中一直名列前茅,不論是用於網頁、匿名FTP還是像DNS和郵件路由這樣的一般服務。但對於提供此類服務的人來說,安全性是首要考慮的問題。任何伺服器每天都會遭受數十次的隨意探測嘗試,還會時常遭受嚴重的入侵嘗試。

隨著寬頻和其他高速網際網路連接的成本下降,以及其可用性的增加,越來越多的Linux使用者正在提供或考慮提供像HTTP、匿名FTP等網際網路服務給大眾。與此同時,一些重要、強大且受歡迎的開源工具已經出現並迅速成熟,其中一些與昂貴的商業對應產品相媲美,使Linux成為提供安全網際網路服務的特別適合的平台。

《使用Linux建立安全伺服器》將幫助您通過結合實用建議和對確保安全所需的技術工具的深入了解,掌握可靠的系統和網路安全原則。本書專注於Linux的最常見用途,即作為向組織或更大的網際網路提供服務的樞紐,並向讀者展示如何加強其主機的防禦能力以抵禦攻擊。作者Mick Bauer是一位安全顧問、網路架構師,也是Linux Journal中受歡迎的Paranoid Penguin專欄的主要作者,他仔細概述了安全風險,定義了可以減少這些風險的預防措施,並提供了強大安全的方法。本書不涵蓋防火牆,但涵蓋了更常見的情況,即組織使用其他系統作為防火牆來保護其樞紐,通常是專有防火牆。

本書包括:
- 精確指南,用於保護常見服務,包括網頁、郵件、DNS和檔案傳輸。
- 附加任務,例如加固Linux、使用SSH和憑證進行隧道連接,以及使用iptables進行防火牆設定。
- 基本入侵檢測工具的安裝。

作者針對對安全性知識有限的Linux使用者,以清晰的語言解釋安全概念和技術,從基礎知識開始。《使用Linux建立安全伺服器》提供了一個獨特的平衡,既涵蓋了超越特定軟體套件和版本號碼的“大局觀”原則,又提供了保護這些軟體套件的非常明確的程序。這本書是一個全面的資源,適用於希望加強系統安全性的Linux使用者,涵蓋了一般安全性以及關鍵服務,如DNS、Apache網頁伺服器、郵件、檔案傳輸和安全外殼。有了這本書,您將擁有確保Linux系統強大安全性所需的一切。

目錄:
前言
1. 威脅建模和風險管理
2. 設計邊界網路
3. 加固Linux
4. 安全遠程管理
5. 隧道連接
6. 保護域名服務(DNS)
7. 保護網際網路郵件
8. 保護網頁服務
9. 保護檔案服務
10. 系統日誌管理和監控
11. 簡單入侵檢測技術
附錄:兩個完整的iptables啟動腳本
索引