Overview

Covers Red Hat and SUSEWhen something goes wrong with your Linux firewall, you need to fix it--right now. You don t have time for endless newsgroup searches, confusing man pages, emails to the developers...it s an emergency! One book brings together all the step-by-step solutions and proven problem-solving techniques you ll need when the time comes: Troubleshooting Linux Firewalls.Authors Michael Shinn and Scott Shinn are among the world s leading firewall experts; they ve even been hired to protect computer security at the White House. In this book, they cover every area where Linux firewalls can go wrong: rules and filtering problems, Layer 2/3/4 issues, trouble with individual services, DNS/DHCP failures, even misconfigured VPNs. They also present an easy, start-to-finish troubleshooting methodology that ll help you identify even the newest or most obscure firewall problem fast--and solve it!Inside, you will find in-depth information on the following areas: What you must know about iptables and netfilter to troubleshoot and avoid problems Using loggers, sniffers, and other tools to diagnose even the most obscure firewall problems Making sure your firewall rules work the way they re supposed to Resolving problems with Network Address Translation and IP Forwarding Troubleshooting SMTP, Apache, Squid, NFS, FTP, instant messaging, and other Web-based services Finding and fixing common problems with IPsec VPN configuration Making your firewalls more failure-resistant: recommendations from the expertsIf you depend on a Linux firewall, what will you do if it goes down? With Troubleshooting Linux Firewalls, you can be confident that the solutions are right at hand--so you can sleep at night!(c) Copyright Pearson Education. All rights reserved.

Full Product Details

Author:   Michael Shinn ,  Scott Shinn
Publisher:   Pearson Education (US)
Imprint:   Addison-Wesley Educational Publishers Inc
Dimensions:   Width: 18.10cm , Height: 1.80cm , Length: 23.40cm
Weight:   0.568kg
ISBN:  

9780321227232

ISBN 10:   0321227239
Pages:   384
Publication Date:   13 January 2005
Audience:   College/higher education ,  Tertiary & Higher Education
Format:   Paperback
Publisher's Status:   Out of Print
Availability:   Out of print, replaced by POD  
We will order this item for you from a manufatured on demand supplier.

Table of Contents

I. GETTING STARTED. 1. Introduction. Why We Wrote This Book How This Book Is Organized Goals of This Book The Methodical Approach and the Need for a Methodology Firewalls, Security, and Risk Management How to Think About Risk Management Computer Security Principles Firewall Recommendations and Definitions Why Do I Need a Firewall? Do I Need More Than a Firewall? What Kinds of Firewalls Are There? Firewall Types The Myth of Trustworthy or Secure Software Know Your Vulnerabilities Creating Security Policies Training Defense in Depth Summary 2. Getting Started. Risk Management Basic Elements of Risk Management Seven Steps to Managing Risk Phase I: Analyze Inventory Quantify the Value of the Asset Threat Analysis Phase II: Document Create Your Plan Create a Security Policy Create Security Procedures Phase III: Secure the Enterprise Implement Policies Implement Procedures Deploy Security Technology and Counter Measures Securing the Firewall Itself Isolating Assets Filtering Ingress/Egress Filtering Phase IV: Implement Monitoring Phase V: Test Phase VI: Integrate Phase VII: Improve Summary 3. Local Firewall Security. The Importance of Keeping Your Software Up to Date yum red carpet up2date emerge apt-get Over Reliance on Patching Turning Off Services Using TCP Wrappers and Firewall Rules Running Services with Least Privilege Restricting the File System Security Tools to Install Log Monitoring Tools Network Intrusion Detection Host Intrusion Detection Remote Logging Correctly Configure the Software You Are Using Use a Hardened Kernel Other Hardening Steps Summary 4. Troubleshooting Methodology. Problem Solving Methodology Recognize, Define, and Isolate the Problem Gather Facts Define What the End State Should Be Develop Possible Solutions and Create an Action Plan Analyze and Compare Possible Solutions Select and Implement the Solution Critically Analyze the Solution for Effectiveness Repeat the Process Until You Resolve the Problem Finding the Answers or...Why Search Engines Are Your Friend Websites Summary II. TOOLS AND INTERNALS. 5. The OSI Model: Start from the Beginning. Internet Protocols at a Glance Understanding the Internet Protocol (IP) Understanding ICMP Understanding TCP Understanding UDP Troubleshooting with This Perspective in Mind Summary 6. netfilter and iptables Overview. How netfilter Works How netfilter Parses Rules Netfilter States What about Fragmentation? Taking a Closer Look at the State Engine Summary 7. Using iptables. Proper iptables Syntax Examples of How the Connection Tracking Engine Works Applying What Has Been Covered So Far by Implementing Good Rules Setting Up an Example Firewall Kernel Options iptables Modules Firewall Rules Quality of Service Rules Port Scan Rules Bad Flag Rules Bad IP Options Rules Small Packets and Rules to Deal with Them Rules To Detect Data in Packets Using the String Module Invalid Packets and Rules to Drop Them A Quick Word on Fragments SYN Floods Polite Rules Odd Port Detection and Rules to Deny Connections to Them Silently Drop Packets You Don't Care About Enforcement Rules IP Spoofing Rules Egress Filtering Send TCP Reset for AUTH Connections Playing Around with TTL Values State Tracking Rules STEALTH Rules Shunning Bad Guys ACCEPT Rules Summary 8. A Tour of Our Collective Toolbox. Old Faithful Sniffers Analyzing Traffic Utilization Network Traffic Analyzers Useful Control Tools Network Probes Probing Tools Firewall Management and Rule Building Summary 9. Diagnostics. Diagnostic Logging Scripts To Do This for You The catch all Logging Rule The iptables TRACE Patch Checking the Network Using a Sniffer to Diagnose Firewall Problems Memory Load Diagnostics Summary III. DIAGNOSTICS. 10. Testing Your Firewall Rules (for Security!). INSIDE->OUT Testing with nmap and iplog Interpreting the Output from an INSIDE->OUT Scan Testing from the OUTSIDE->IN Reading Output from nmap Testing your Firewall with fragrouter VLANs Summary 11. Layer 2/Inline Filtering. Common Questions Tools Discussed in this Part Building an Inline Transparent Bridging Firewall with ebtables (Stealth Firewalls) Filtering on MAC Address Bound to a Specific IP Address with ebtables Filtering Out Specific Ports with ebtables Building an Inline Transparent Bridging Firewall with iptables (Stealth Firewalls) MAC Address Filtering with iptables DHCP Filtering with ebtables Summary 12. NAT (Network Address Translation) and IP Forwarding. Common Questions about Linux NAT Tools/Methods Discussed in this Part Diagnostic Logging Viewing NAT Connections with netstat-nat Listing Current NAT Entries with iptables Listing Current NAT and Rule Packet Counters Corrective Actions Summary 13. General IP (Layer 3/Layer 4). Common Question Inbound: Creating a Rule for a New TCP Service Inbound: Allowing SSH to a Local System Forward: SSH to Another System SSH: Connections Timeout telnet: Forwarding telnet Connections to Other Systems MySQL: Allowing MySQL Connections Summary 14. SMTP (e-mail). Common Questions Tools Discussed in this Part Allowing SMTP to/from Your Firewalls Forwarding SMTP to an Internal Mail Server Forcing Your Mail Server Traffic to Use a Specific IP Address with an SNAT Rule Blocking Internal Users from Sending Mail Through Your Firewall Accept Only SMTP Connections from Specific Hosts (ISP) SMTP Server Timeouts/Failures/Numerous Processes Small e-Mail Send/Receive Correctly-Large e-Mail Messages Do Not Summary 15. Web Services (Web Servers and Web Proxies). Common Questions Tools Discussed in this Part Inbound: Running a Local Web Server (Basic Rules) Inbound: Filter: Incoming Web to Specific Hosts Forward: Redirect Local Port 80 to Local Port 8080 Forwarding Connections from the Firewall to an Internal Web Server Forward: To Multiple Internal Servers Forward: To a Remote Server on the Internet Forward: Filtering Access to a Forwarded Server Outbound: Some Websites Are Inaccessible (ECN) Outbound: Block Clients from Accessing Websites Transparent Proxy Servers (squid) on Outbound Web Traffic Summary 16. File Services (NFS and FTP). Tools Discussed in this Part NFS: Cannot Get NFS Traffic to Traverse a NAT or IP Forwarding Firewall FTP Inbound: Running a Local FTP Server (Basic Rules) FTP Inbound: Restricting Access with Firewall Rules FTP Inbound: Redirecting FTP Connections to Another Port on the Server FTP Forward: Forwarding to an FTP Server Behind the Firewall on a DMZ Segment FTP Forward: Forwarding to Multiple FTP Servers Behind the Firewall on a DMZ Segment FTP Forward: From One Internet Server to Another Internet Server FTP Forward: Restricting FTP Access to a Forwarded Server FTP Outbound: Connections are Established, but Directories Cannot Be Listed, and Files Cannot Be Downloaded Summary 17. Instant Messaging. Common Questions/Problems Tools Discussed in This Part NetMeeting and GnomeMeeting Connecting to a Remote NetMeeting/GnomeMeeting Client from Behind an iptables Firewall (Outbound Calls Only) Connecting to a NetMeeting/GnomeMeeting Client Behind a netfilter/iptables Firewall (Inbound/Outbound Calls) Directly from the GnomeMeeting Website's Documentation Blocking Outbound NetMeeting/GnomeMeeting Traffic MSN Messenger Connecting to Other MSN Users Blocking MSN Messenger Traffic at the Firewall Yahoo Messenger Connecting to Yahoo Messenger Blocking Yahoo Messenger Traffic AOL Instant Messenger (AIM) Connecting to AIM Blocking AOL Instant Messenger Traffic ICQ Connecting to ICQ Blocking ICQ Summary Recalling Our Methodology 18. DNS/DHCP. Common Questions Tools Discussed in this Part Forwarding DNS Queries to an Upstream/Remote DNS Server DNS Lookups Fail: Internal Hosts Communicating to an External Nameserver DNS Lookups Fail: Short DNS Name Lookups Work-Long Name Lookups Do Not DNS Lookups Fail: Nameserver Running on the Firewall DNS Lookups Fail: Nameserver Running on the Internal and/or DMZ Network Misleading rDNS Issue: New Mail, or FTP Connections to Remote Systems Take 30 Seconds or More to Start DHCP: Dynamically Updating Firewall Rules with the IP Changes Blocking Outbound DHCP DHCP: Two Addresses on One External Interface DHCP: Redirect DHCP Requests to DMZ Summary 19. Virtual Private Networks. Things to Consider with IPSEC Common Questions/Problems Tools Discussed in this Part IPSEC: Internal Systems-Behind a NAT/MASQ Firewall Cannot Connect to an External IPSEC Server IPSEC: Firewall Cannot Establish IPSEC VPNs IPSEC: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN PPTP: Cannot Establish PPTP Connections Through the Firewall Running a PPTP Server Behind a NAT Firewall PPTP: Firewall Cannot Establish PPTP VPNs PPTP: Firewall Can Establish Connections to a Remote VPN Server, but Traffic Does not Route Correctly Inside the VPN Using a free/openswan VPN to Secure a Wireless Network Summary Index.

Reviews

Author Information

AUTHORS Michael Shinn is managing partner of the Prometheus Group, an IT security consulting firm. He was formerly a member of Cisco's Advanced Network Security Research group and a senior software developer and founding member of the firm's Signatures and Exploits Development Team. Scott Shinn co-founded Plesk, a server management firm. He was formerly a senior network security engineer specializing in penetration testing for Fortune 50 clients at Wheelgroup, a firm later acquired by Cisco. Both authors served on the White House technology staff, specializing in security and penetration testing of both internal and Internet-connected systems. A(c) Copyright Pearson Education. All rights reserved.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions