Book description
The Second Edition of Security Strategies in Linux Platforms and Applications covers every major aspect of security on a Linux system. Written by an industry expert, this book is divided into three natural parts to illustrate key concepts in the field. It opens with a discussion of the risks, threats, and vulnerabilities associated with Linux as an operating system using current examples and cases. Part 2 discusses how to take advantage of the layers of security available to Linux--user and group options, filesystems, and security options for important services, as well as the security modules associated with AppArmor and SELinux. The book closes with a look at the use of both open source and proprietary tools when building a layered security strategy for Linux operating system environments. Using real-world examples and exercises, this useful resource incorporates hands-on activities to walk readers through the fundamentals of security strategies related to the Linux system.
Table of contents
- Cover
- Title Page
- Copyright
- Contents
- Dedication
- Preface
- Acknowledgments
-
Part One Is Linux Really Secure?
- Chapter 1 Security Threats to Linux
-
Chapter 2 Basic Components of Linux Security
- Linux Security Relates to the Kernel
- Securing a System During the Boot Process
- Linux Security Issues Beyond the Basic Operating System
- Linux User Authentication Databases
- Protecting Files with Ownership, Permissions, and Access Controls
- Firewalls and Mandatory Access Controls in a Layered Defense
- Protecting Networks Using Encrypted Communication
- Tracking the Latest Linux Security Updates
- The Effect of Virtualization on Security
- Variations Between Distributions
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
-
Part Two Layered Security and Linux
- Chapter 3 Starting Off: Getting Up and Running
-
Chapter 4 User Privileges and Permissions
- The Shadow Password Suite
- Available User Privileges
- Securing Groups of Users
- Configuring the Hierarchy of Administrative Privileges
- Regular and Special Permissions
- Tracking Access Through Logs
- Pluggable Authentication Modules
- Authorizing Access with the Polkit
- Network User Verification Tools
- Best Practices: User Privileges and Permissions
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
-
Chapter 5 Filesystems, Volumes, and Encryption
- Filesystem Organization
- How Options for Journals, Formats, and File Sizes Affect Security
- Using Encryption
- Local File and Folder Permissions
- Networked File and Folder Permissions
- Configuring and Implementing Quotas on a Filesystem
- How to Configure and Implement Access Control Lists on a Filesystem
- Best Practices: Filesystems, Volumes, and Encryption
- Chapter Summary
- Key Concepts and Terms
- Chapter 5 Assessment
- Chapter 6 Securing Services
-
Chapter 7 Networks, Firewalls, and More
- Services on Every TCP/IP Port
- Obscurity and the Open Port Problem
- Protect with TCP Wrapper
- Packet-Filtering Firewalls
- Alternate Attack Vectors
- Wireless-Network Issues
- Security Enhanced Linux
- Setting Up AppArmor Profiles
- Best Practices: Networks, Firewalls, and TCP/IP Communications
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
-
Chapter 8 Networked Filesystems and Remote Access
- Basic Principles for Systems with Shared Networking Services
- Securing NFS as If It Were Local
- Keeping vsftp Very Secure
- Linux as a More Secure Windows Server
- Making Sure SSH Stays Secure
- Basic Principles of Encryption on Networks
- Helping Users Who Must Use Telnet
- Securing Modem Connections
- Moving Away from Cleartext Access
- Best Practices: Networked Filesystems and Remote Access
- Chapter Summary
- Key Concepts and Terms
- Chapter 8 Assessment
-
Chapter 9 Networked Application Security
- Options for Secure Web Sites with Apache
- Working with Squid
- Protecting DNS Services with BIND
- Mail Transfer Agents
- Using Asterisk
- Limiting Printers
- Protecting Time Services
- Obscuring Local and Network Services
- Best Practices: Networked Application Security
- Chapter Summary
- Key Concepts and Terms
- Chapter 9 Assessment
-
Chapter 10 Kernel Security Risk Mitigation
- Distribution-Specific Functional Kernels
- The Stock Kernel
- Managing Security and Kernel Updates
- Development Software for Custom Kernels
- Kernel-Development Tools
-
Building Your Own Secure Kernel
- Download Kernel Source Code
- Download Ubuntu Kernel Source Code
- Download Red Hat Kernel Source Code
- Install Required Development Tools
- Navigate to the Directory with the Source Code
- Compile a Kernel on Ubuntu Systems
- Compile a Kernel on Red Hat Systems
- Compile a Stock Kernel
- Install the New Kernel and More
- Check the Boot Loader
- Test the Result
- Increasing Security Using Kernels and the /proc/ Filesystem
- Best Practices: Kernel Security Risk Mitigation
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
-
Part Three Building a Layered Linux Security Strategy
-
Chapter 11 Managing Security Alerts and Updates
- Keeping Up with Distribution Security
- Keeping Up with Application Security
- Antivirus Options for Linux Systems
- Using Bug Reports
- Security in an Open Source World
- Deciding Between Automated Updates or Analyzed Alerts
- Linux Patch Management
- Options for Update Managers
- Commercial Update Managers
- Open Source Update Managers
- Best Practices: Security Operations Management
- Chapter Summary
- Key Concepts and Terms
- Chapter 11 Assessment
-
Chapter 12 Building and Maintaining a Security Baseline
- Configuring a Simple Baseline
- Read-Only or Live Bootable Operating Systems
- Keeping the Baseline Up to Date
- Monitoring Local Logs
- Consolidating and Securing Remote Logs
- Identifying a Baseline System State
- Checking for Changes with Integrity Scanners
- Best Practices: Building and Maintaining a Secure Baseline
- Chapter Summary
- Key Concepts and Terms
- Chapter 12 Assessment
-
Chapter 13 Testing and Reporting
- Testing Every Component of a Layered Defense
- Checking for Open Network Ports
- Running Integrity Checks of Installed Files and Executables
- Ensuring that Security Does Not Prevent Legitimate Access
- Monitoring Virtualized Hardware
- Standard Open Source Security-Testing Tools
- Vulnerability Scanners for Linux
- Where to Install Security-Testing Tools
- Best Practices: Testing and Reporting
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
-
Chapter 14 Detecting and Responding to Security Breaches
- Performing Regular Performance Audits
- Making Sure Users Stay Within Secure Limits
- Logging Access into the Network
- Monitoring Account Behavior for Security Issues
- Creating an Incident Response Plan
- Having Live Linux CDs Ready for Forensics Purposes
- When You Put Your Plan into Action
- Secure Backup and Recovery Tools
- The Right Way to Save Compromised Data as Evidence
- Disaster Recovery from a Security Breach
- How and When to Share with the Open Source Community
- Best Practices: Security Breach Detection and Response
- Chapter Summary
- Key Concepts and Terms
- Chapter 14 Assessment
-
Chapter 15 Best Practices and Emerging Technologies
- Maintaining a Gold Baseline
- Ensuring Availability with Redundancy
- Identifying Your Support Options
- Checking Compliance with Security Policies
- Keeping the Linux Operating System Up to Date
- Keeping Distribution-Related Applications Up to Date
- Managing Third-Party Applications
- Sharing Problems and Solutions with the Community
- Testing New Components Before Putting Them into Production
- Keeping Up with Security on Your Systems
- Chapter Summary
- Key Concepts and Terms
- Chapter 15 Assessment
-
Chapter 11 Managing Security Alerts and Updates
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Glossary of Key Terms
- References
- Index
Product information
- Title: Security Strategies in Linux Platforms and Applications, 2nd Edition
- Author(s):
- Release date: October 2015
- Publisher(s): Jones & Bartlett Learning
- ISBN: 9781284090666
You might also like
book
Security Strategies in Windows Platforms and Applications, 3rd Edition
Revised and updated to keep pace with this ever changing field, Security Strategies in Windows Platforms …
book
Security Strategies in Windows Platforms and Applications
PART OF THE NEW JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES! More than …
book
Linux Server Security, Second Edition
Linux consistently appears high up in the list of popular Internet servers, whether it's for the …
book
Building Secure Servers with Linux
Linux consistently turns up high in the list of popular Internet servers, whether it's for the …