Implement Industrial-Strength Security on Any Linux Server In an
age of mass surveillance, when advanced cyberwarfare weapons
rapidly migrate into every hacker's toolkit, you can't rely on
outdated security methods-especially if you're responsible for
Internet-facing services. In Linux (R) Hardening in Hostile
Networks, Kyle Rankin helps you to implement modern safeguards that
provide maximum impact with minimum effort and to strip away old
techniques that are no longer worth your time. Rankin provides
clear, concise guidance on modern workstation, server, and network
hardening, and explains how to harden specific services, such as
web servers, email, DNS, and databases. Along the way, he
demystifies technologies once viewed as too complex or mysterious
but now essential to mainstream Linux security. He also includes a
full chapter on effective incident response that both DevOps and
SecOps can use to write their own incident response plan. Each
chapter begins with techniques any sysadmin can use quickly to
protect against entry-level hackers and presents intermediate and
advanced techniques to safeguard against sophisticated and
knowledgeable attackers, perhaps even state actors. Throughout, you
learn what each technique does, how it works, what it does and
doesn't protect against, and whether it would be useful in your
environment. Apply core security techniques including 2FA and
strong passwords Protect admin workstations via lock screens, disk
encryption, BIOS passwords, and other methods Use the
security-focused Tails distribution as a quick path to a hardened
workstation Compartmentalize workstation tasks into VMs with
varying levels of trust Harden servers with SSH, use apparmor and
sudo to limit the damage attackers can do, and set up remote syslog
servers to track their actions Establish secure VPNs with OpenVPN,
and leverage SSH to tunnel traffic when VPNs can't be used
Configure a software load balancer to terminate SSL/TLS connections
and initiate new ones downstream Set up standalone Tor services and
hidden Tor services and relays Secure Apache and Nginx web servers,
and take full advantage of HTTPS Perform advanced web server
hardening with HTTPS forward secrecy and ModSecurity web
application firewalls Strengthen email security with SMTP relay
authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS
servers, deter their use in DDoS attacks, and fully implement
DNSSEC Systematically protect databases via network access control,
TLS traffic encryption, and encrypted data storage Respond to a
compromised server, collect evidence, and prevent future attacks
Register your product at informit.com/register for convenient
access to downloads, updates, and corrections as they become
available.
General
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!