Contents Listing

Credits

Preface

Chapter 1. Unix Host Security
1. Secure Mount Points
2. Scan for SUID and SGID Programs
3. Scan For World- and Group-Writable Directories
4. Create Flexible Permissions Hierarchies with POSIX ACLs
5. Protect Your Logs from Tampering
6. Delegate Administrative Roles
7. Automate Cryptographic Signature Verification
8. Check for Listening Services
9. Prevent Services from Binding to an Interface
10. Restrict Services with Sandboxed Environments
11. Use proftp with a MySQL Authentication Source
12. Prevent Stack-Smashing Attacks
13. Lock Down Your Kernel with grsecurity
14. Restrict Applications with grsecurity
15. Restrict System Calls with Systrace
16. Automated Systrace Policy Creation
17. Control Login Access with PAM
18. Restricted Shell Environments
19. Enforce User and Group Resource Limits
20. Automate System Updates

Chapter 2. Windows Host Security
21. Check Servers for Applied Patches
22. Get a List of Open Files and Their Owning Processes
23. List Running Services and Open Ports
24. Enable Auditing
25. Secure Your Event Logs
26. Change Your Maximum Log File Sizes
27. Disable Default Shares
28. Encrypt Your Temp Folder
29. Clear the Paging File at Shutdown
30. Restrict Applications Available to Users

Chapter 3. Network Security
31. Detect ARP Spoofing
32. Create a Static ARP Table
33. Firewall with Netfilter
34. Firewall with OpenBSD's PacketFilter
35. Create an Authenticated Gateway
36. Firewall with Windows
37. Keep Your Network Self-Contained
38. Test Your Firewall
39. MAC Filtering with Netfilter
40. Block OS Fingerprinting
41. Fool Remote Operating System Detection Software
42. Keep an Inventory of Your Network
43. Scan Your Network for Vulnerabilities
44. Keep Server Clocks Synchronized
45. Create Your Own Certificate Authority
46. Distribute Your CA to Clients
47. Encrypt IMAP and POP with SSL
48. Set Up TLS-Enabled SMTP
49. Detect Ethernet Sniffers Remotely
50. Install Apache with SSL and suEXEC
51. Secure BIND
52. Secure MySQL
53. Share Files Securely in Unix

Chapter 4. Logging
54. Run a Central Syslog Server
55. Steer Syslog
56. Integrate Windows into Your Syslog Infrastructure
57. Automatically Summarize Your Logs
58. Monitor Your Logs Automatically
59. Aggregate Logs from Remote Sites
60. Log User Activity with Process Accounting

Chapter 5. Monitoring and Trending
61. Monitor Availability
62. Graph Trends
63. Run ntop for Real-Time Network Stats
64. Audit Network Traffic
65. Collect Statistics with Firewall Rules
66. Sniff the Ether Remotely

Chapter 6. Secure Tunnels
67. Set Up IPsec Under Linux
68. Set Up IPsec Under FreeBSD
69. Set Up IPsec in OpenBSD
70. PPTP Tunneling
71. Opportunistic Encryption with FreeS/WAN
72. Forward and Encrypt Traffic with SSH
73. Quick Logins with SSH Client Keys
74. Squid Proxy over SSH
75. Use SSH as a SOCKS Proxy
76. Encrypt and Tunnel Traffic with SSL
77. Tunnel Connections Inside HTTP
78. Tunnel with VTun and SSH
79. Automatic vtund.conf Generator
80. Create a Cross-Platform VPN
81. Tunnel PPP

Chapter 7. Network Intrusion Detection
82. Detect Intrusions with Snort
83. Keep Track of Alerts
84. Real-Time Monitoring
85. Manage a Sensor Network
86. Write Your Own Snort Rules
87. Prevent and Contain Intrusions with Snort_inline
88. Automated Dynamic Firewalling with SnortSam
89. Detect Anomalous Behavior
90. Automatically Update Snort's Rules
91. Create a Distributed Stealth Sensor Network
92. Use Snort in High-Performance Environments with Barnyard
93. Detect and Prevent Web Application Intrusions
94. Simulate a Network of Vulnerable Hosts
95. Record Honeypot Activity

Chapter 8. Recovery and Response
96. Image Mounted Filesystems
97. Verify File Integrity and Find Compromised Files
98. Find Compromised Packages with RPM
99. Scan for Root Kits
100. Find the Owner of a Network

Index