Linux Hardening in Hostile Networks: Server Security from TLS to Tor (Paperback)

Kyle Rankin

買這商品的人也買了...

商品描述

Implement Industrial-Strength Security on Any Linux Server

 

In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.

 

Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.

 

Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.

  • Apply core security techniques including 2FA and strong passwords
  • Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
  • Use the security-focused Tails distribution as a quick path to a hardened workstation
  • Compartmentalize workstation tasks into VMs with varying levels of trust
  • Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
  • Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
  • Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
  • Set up standalone Tor services and hidden Tor services and relays
  • Secure Apache and Nginx web servers, and take full advantage of HTTPS
  • Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
  • Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
  • Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
  • Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
  • Respond to a compromised server, collect evidence, and prevent future attacks

Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.

 

商品描述(中文翻譯)

在任何Linux伺服器上實施工業級安全

在大規模監控的時代,當先進的網絡戰爭武器迅速進入每個駭客的工具包時,你不能依賴過時的安全方法,尤其是如果你負責面向互聯網的服務。在《Linux® Hardening in Hostile Networks》中,Kyle Rankin幫助你實施現代化的保護措施,以最小的努力獲得最大的影響,並且去除不再值得花時間的舊技術。

Rankin提供了關於現代工作站、伺服器和網絡硬化的清晰、簡潔的指導,並解釋了如何加固特定的服務,例如網絡伺服器、電子郵件、DNS和數據庫。在此過程中,他對曾被視為過於複雜或神秘的技術進行了解密,而這些技術現在對於主流Linux安全至關重要。他還包括了一整章關於有效的事件應對,DevOps和SecOps都可以使用它來撰寫自己的事件應對計劃。

每一章開始時,都會介紹一些系統管理員可以快速使用的技術,以保護免受入門級駭客的攻擊,並提供中級和高級技術,以防範複雜且有知識的攻擊者,甚至是國家級行動者。在整個過程中,你將了解每種技術的功能、工作原理、它能夠保護和不能保護的內容,以及它在你的環境中是否有用。

- 應用核心安全技術,包括雙因素認證和強密碼
- 通過鎖定屏幕、磁碟加密、BIOS密碼和其他方法來保護管理工作站
- 使用以安全為重點的Tails發行版快速建立一個硬化的工作站
- 將工作站任務分隔到具有不同信任級別的虛擬機中
- 通過SSH加固伺服器,使用apparmor和sudo限制攻擊者可能造成的損害,並設置遠程syslog伺服器來跟踪他們的行動
- 使用OpenVPN建立安全的VPN,並在無法使用VPN時利用SSH進行流量隧道
- 配置軟件負載均衡器以終止SSL/TLS連接並在下游建立新連接
- 設置獨立的Tor服務和隱藏的Tor服務和中繼
- 保護Apache和Nginx網絡伺服器,充分利用HTTPS
- 使用HTTPS前向保密和ModSecurity網絡應用防火牆進行高級網絡伺服器硬化
- 通過SMTP中繼驗證、SMTPS、SPF記錄、DKIM和DMARC加強電子郵件安全
- 加固DNS伺服器,防止其在DDoS攻擊中被濫用,並完全實施DNSSEC
- 通過網絡訪問控制、TLS流量加密和加密數據存儲系統地保護數據庫
- 對受到入侵的伺服器做出回應,收集證據,並防止未來的攻擊

註冊你的產品以便在informit.com/register上方便地獲取下載、更新和更正。