No Starch Press just published a new security related book – “Linux Firewalls”. The book is designed to show sysadmins how to design and implement a firewall and intrusion detection system (IDS) that will proactively deny access and monitor network traffic for signs of attack.
Linux Firewalls (October 2007, 336 pp., ISBN 978-1-59327-141-1) discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel. No Starch Press publisher Bill Pollock commented:
This book will really do its part to move the field of firewalling forward. We didn’t want to publish just any firewalls book; we wanted to publish a groundbreaking one. Sure, almost anyone can build a simple firewall, but it’s not easy to build a robust firewall. That’s where Linux Firewalls comes in.
The Author shows how to use iptables and Netfilter to provide strong filtering, NAT (network address translation), state tracking, and application layer inspection capabilities that rival many commercial tools. Readers learn how to use psad and fwsnort to deploy iptables as an IDS and how to use fwknop to build a strong, passive authentication layer around iptables. Readers will find coverage of:
- Application layer attack detection with the iptables string match extension and fwsnort
- Building an iptables ruleset that emulates a Snort ruleset
- Port knocking versus single packet authorization (SPA)
- Tools for visualizing iptables logs
- Passive OS fingerprinting with iptables
Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more. Perl and C code snippets offer practical examples that help sys admins maximize their deployment of Linux firewalls.