Book description
The Second Edition of Security Strategies in Linux Platforms and Applications covers every major aspect of security on a Linux system. Written by an industry expert, this book is divided into three natural parts to illustrate key concepts in the field. It opens with a discussion of the risks, threats, and vulnerabilities associated with Linux as an operating system using current examples and cases. Part 2 discusses how to take advantage of the layers of security available to Linux--user and group options, filesystems, and security options for important services, as well as the security modules associated with AppArmor and SELinux. The book closes with a look at the use of both open source and proprietary tools when building a layered security strategy for Linux operating system environments. Using real-world examples and exercises, this useful resource incorporates hands-on activities to walk readers through the fundamentals of security strategies related to the Linux system.Table of contents
- Cover
- Title Page
- Copyright
- Contents
- Dedication
- Preface
- Acknowledgments
-
Part One Is Linux Really Secure?
- Chapter 1 Security Threats to Linux
-
Chapter 2 Basic Components of Linux Security
- Linux Security Relates to the Kernel
- Securing a System During the Boot Process
- Linux Security Issues Beyond the Basic Operating System
- Linux User Authentication Databases
- Protecting Files with Ownership, Permissions, and Access Controls
- Firewalls and Mandatory Access Controls in a Layered Defense
- Protecting Networks Using Encrypted Communication
- Tracking the Latest Linux Security Updates
- The Effect of Virtualization on Security
- Variations Between Distributions
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
-
Part Two Layered Security and Linux
- Chapter 3 Starting Off: Getting Up and Running
-
Chapter 4 User Privileges and Permissions
- The Shadow Password Suite
- Available User Privileges
- Securing Groups of Users
- Configuring the Hierarchy of Administrative Privileges
- Regular and Special Permissions
- Tracking Access Through Logs
- Pluggable Authentication Modules
- Authorizing Access with the Polkit
- Network User Verification Tools
- Best Practices: User Privileges and Permissions
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
-
Chapter 5 Filesystems, Volumes, and Encryption
- Filesystem Organization
- How Options for Journals, Formats, and File Sizes Affect Security
- Using Encryption
- Local File and Folder Permissions
- Networked File and Folder Permissions
- Configuring and Implementing Quotas on a Filesystem
- How to Configure and Implement Access Control Lists on a Filesystem
- Best Practices: Filesystems, Volumes, and Encryption
- Chapter Summary
- Key Concepts and Terms
- Chapter 5 Assessment
- Chapter 6 Securing Services
-
Chapter 7 Networks, Firewalls, and More
- Services on Every TCP/IP Port
- Obscurity and the Open Port Problem
- Protect with TCP Wrapper
- Packet-Filtering Firewalls
- Alternate Attack Vectors
- Wireless-Network Issues
- Security Enhanced Linux
- Setting Up AppArmor Profiles
- Best Practices: Networks, Firewalls, and TCP/IP Communications
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
-
Chapter 8 Networked Filesystems and Remote Access
- Basic Principles for Systems with Shared Networking Services
- Securing NFS as If It Were Local
- Keeping vsftp Very Secure
- Linux as a More Secure Windows Server
- Making Sure SSH Stays Secure
- Basic Principles of Encryption on Networks
- Helping Users Who Must Use Telnet
- Securing Modem Connections
- Moving Away from Cleartext Access
- Best Practices: Networked Filesystems and Remote Access
- Chapter Summary
- Key Concepts and Terms
- Chapter 8 Assessment
-
Chapter 9 Networked Application Security
- Options for Secure Web Sites with Apache
- Working with Squid
- Protecting DNS Services with BIND
- Mail Transfer Agents
- Using Asterisk
- Limiting Printers
- Protecting Time Services
- Obscuring Local and Network Services
- Best Practices: Networked Application Security
- Chapter Summary
- Key Concepts and Terms
- Chapter 9 Assessment
-
Chapter 10 Kernel Security Risk Mitigation
- Distribution-Specific Functional Kernels
- The Stock Kernel
- Managing Security and Kernel Updates
- Development Software for Custom Kernels
- Kernel-Development Tools
-
Building Your Own Secure Kernel
- Download Kernel Source Code
- Download Ubuntu Kernel Source Code
- Download Red Hat Kernel Source Code
- Install Required Development Tools
- Navigate to the Directory with the Source Code
- Compile a Kernel on Ubuntu Systems
- Compile a Kernel on Red Hat Systems
- Compile a Stock Kernel
- Install the New Kernel and More
- Check the Boot Loader
- Test the Result
- Increasing Security Using Kernels and the /proc/ Filesystem
- Best Practices: Kernel Security Risk Mitigation
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
-
Part Three Building a Layered Linux Security Strategy
-
Chapter 11 Managing Security Alerts and Updates
- Keeping Up with Distribution Security
- Keeping Up with Application Security
- Antivirus Options for Linux Systems
- Using Bug Reports
- Security in an Open Source World
- Deciding Between Automated Updates or Analyzed Alerts
- Linux Patch Management
- Options for Update Managers
- Commercial Update Managers
- Open Source Update Managers
- Best Practices: Security Operations Management
- Chapter Summary
- Key Concepts and Terms
- Chapter 11 Assessment
-
Chapter 12 Building and Maintaining a Security Baseline
- Configuring a Simple Baseline
- Read-Only or Live Bootable Operating Systems
- Keeping the Baseline Up to Date
- Monitoring Local Logs
- Consolidating and Securing Remote Logs
- Identifying a Baseline System State
- Checking for Changes with Integrity Scanners
- Best Practices: Building and Maintaining a Secure Baseline
- Chapter Summary
- Key Concepts and Terms
- Chapter 12 Assessment
-
Chapter 13 Testing and Reporting
- Testing Every Component of a Layered Defense
- Checking for Open Network Ports
- Running Integrity Checks of Installed Files and Executables
- Ensuring that Security Does Not Prevent Legitimate Access
- Monitoring Virtualized Hardware
- Standard Open Source Security-Testing Tools
- Vulnerability Scanners for Linux
- Where to Install Security-Testing Tools
- Best Practices: Testing and Reporting
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
-
Chapter 14 Detecting and Responding to Security Breaches
- Performing Regular Performance Audits
- Making Sure Users Stay Within Secure Limits
- Logging Access into the Network
- Monitoring Account Behavior for Security Issues
- Creating an Incident Response Plan
- Having Live Linux CDs Ready for Forensics Purposes
- When You Put Your Plan into Action
- Secure Backup and Recovery Tools
- The Right Way to Save Compromised Data as Evidence
- Disaster Recovery from a Security Breach
- How and When to Share with the Open Source Community
- Best Practices: Security Breach Detection and Response
- Chapter Summary
- Key Concepts and Terms
- Chapter 14 Assessment
-
Chapter 15 Best Practices and Emerging Technologies
- Maintaining a Gold Baseline
- Ensuring Availability with Redundancy
- Identifying Your Support Options
- Checking Compliance with Security Policies
- Keeping the Linux Operating System Up to Date
- Keeping Distribution-Related Applications Up to Date
- Managing Third-Party Applications
- Sharing Problems and Solutions with the Community
- Testing New Components Before Putting Them into Production
- Keeping Up with Security on Your Systems
- Chapter Summary
- Key Concepts and Terms
- Chapter 15 Assessment
-
Chapter 11 Managing Security Alerts and Updates
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Glossary of Key Terms
- References
- Index
Product information
- Title: Security Strategies in Linux Platforms and Applications, 2nd Edition
- Author(s):
- Release date: October 2015
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284090666
You might also like
book
Networking Essentials: A CompTIA Network+ N10-007 Textbook, Fifth Edition
Thoroughly updated to reflect the CompTIA Network+ N10-007 exam, Networking Essentials, Fifth Edition is a practical, …
book
The Linux Programming Interface
The Linux Programming Interface is the definitive guide to the Linux and UNIX programming interface—the interface …
book
Security Strategies in Linux Platforms and Applications
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! Security Strategies …
book
Automate the Boring Stuff with Python, 2nd Edition
If you’ve ever spent hours renaming files or updating hundreds of spreadsheet cells, you know how …