Toxen, Bob.

Real world Linux security : intrusion prevention, detection, and recovery / Bob Toxen. - 2nd edition. - Upper Saddle River, NJ : Prentice Hall, c2003. - xxxi, 810 p. : ill. ; 24 cm. 1 CD-ROM (4 3/4 in.) - Prentice Hall PTR open source technology series .

Chapter 1 Introduction
1.1 introduction to the second edition
1.2 who should read this book
1.3 how this book is organized, etc

Part 1
Securing your system

Chapter 2. Quick fixes for common problems
2.1 understanding Linux security
2.2 the seven most deadly sins
2.3 passwords-A key point for good security, etc

Chapter 3. Quick and easy hacking and how to avoid it
3.1 X marks the Hole
3.2 law of the Jungle-physical security
3.3 physical actions, etc

Chapter 4. Common Hacking by the subsystems
4.1 NFS, mountd, and portmap
4.2 sendmail
4.3 Telnet, etc

Chapter 5. Common Hacker Attacks
5.1 Rootkit attacks (script kiddies)
5.2 packet spoofing explained
5.3 SYN Flood Attack Explained, etc

Chapter 6. Advanced security issues
6.1 configuring netscape for higher security
6.2 stopping access to I/O devices
6.3 scouting Out Apache (httpd) problems, etc

Chapter 7. Establishing security policies
7.1 General policy
7.2 personal use policy
7.3 Accounts policy, etc

Chapter 8. Trusting other computers
8.1 secure systems and insecure systems
8.2 Trust no one-The highest security
8.3 Linux and Unix systems within your control, etc

Chapter 9. Gusty Break-Ins
9.1 Mission impossible techniques
9.2 Spies
9.3 Fanatics and suicide Attacks

Chapter 10. Case studies
10.1 Confessions of a Berkeley system mole
10.2 Knights of the realm (forensics)
10.3 Ken Thompson cracks the Navy, etc

Chapter 11. Recent Break-Ins
11.1 Fragmentation Attacks
11.2 IP masquerading fails for ICMP
11.3 The Ping of Death Sinks Dutch Shipping Company, etc

Part II Preparing for an intrusion

Chapter 12. Hardening your system
12.1 protecting user sessions with SSH
12.2 Virtual Private Networks (VPN)
12.3 Pretty Good Privacy (PGP), ETC

Chapter 13. Preparing your hardware
13.1 Timing Is Everything
13.2 Advanced preparation
13.3 Switch to Auxiliary control (Hot Backups), etc

Chapter 14. Preparing your configurations
14.1 TCP wrappers
14.2 Adaptive firewalls: Raising the Drawbridge with the cracker trap
14.3 Ending cracker servers with a Kernel Mod, etc

Chapter 15. Scanning your system
15.1 The nessus security scanner
15.2 The SARA and SAINT security Auditors
15.3 The nmap network mapper, etc

Part III Detecting an Intrusion

Chapter 16. Monitoring the Activity
16.1 Log files
16.2 log files: measures and countermeasures
16.3 Using Logcheck to check log files you never check, etc

Chapter 17. Scanning your system for anomalies
17.1 Finding suspicious files
17.2 Tripwire
17.3 Detecting deleted Executables, etc

Part IV Recovering from an Intrusion

Chapter 18. Regaining control of your system
18.1 finding the crackers running process
18.2 handling running cracker processes
18.3 Drop the modems, networks, printers and systems, etc

Chapter 19. Finding and repairing the damage
19.1 check your / var / log Logs
19.2 The syslogd and klogd Daemons
19.3 Interpreting log file entries, etc

Chapter 20. Finding the attacker's system
20.1 Tracing a numeric IP Address with nslookup
20.2 Tracing a numeric IP Address with dig
20.3 who is a commie: Finding . com Owners, etc

Chapter 21. Having the Cracker crack Rocks
21.1 police: Dragnet or keystone kops?
21.2 prosecution
21.3 Liability of ISPs allowing illegal activity, etc




Index : p. 795-810


0130464562 (pbk.)


Linux.


Operating systems (Computers)
Computer security.

005.8 / TOX