Books & Videos

Table of Contents

  1. Chapter 1 CARE AND FEEDING OF IPTABLES

    1. iptables

    2. Packet Filtering with iptables

    3. Installing iptables

    4. Kernel Configuration

    5. Security and Minimal Compilation

    6. Kernel Compilation and Installation

    7. Installing the iptables Userland Binaries

    8. Default iptables Policy

    9. Concluding Thoughts

  2. Chapter 2 NETWORK LAYER ATTACKS AND DEFENSE

    1. Logging Network Layer Headers with iptables

    2. Network Layer Attack Definitions

    3. Abusing the Network Layer

    4. Network Layer Responses

  3. Chapter 3 TRANSPORT LAYER ATTACKS AND DEFENSE

    1. Logging Transport Layer Headers with iptables

    2. Transport Layer Attack Definitions

    3. Abusing the Transport Layer

    4. Transport Layer Responses

  4. Chapter 4 APPLICATION LAYER ATTACKS AND DEFENSE

    1. Application Layer String Matching with iptables

    2. Application Layer Attack Definitions

    3. Abusing the Application Layer

    4. Encryption and Application Encodings

    5. Application Layer Responses

  5. Chapter 5 INTRODUCING PSAD: THE PORT SCAN ATTACK DETECTOR

    1. History

    2. Why Analyze Firewall Logs?

    3. psad Features

    4. psad Installation

    5. psad Administration

    6. psad Configuration

    7. Concluding Thoughts

  6. Chapter 6 PSAD OPERATIONS: DETECTING SUSPICIOUS TRAFFIC

    1. Port Scan Detection with psad

    2. Alerts and Reporting with psad

    3. Concluding Thoughts

  7. Chapter 7 ADVANCED PSAD TOPICS: FROM SIGNATURE MATCHING TO OS FINGERPRINTING

    1. Attack Detection with Snort Rules

    2. psad Signature Updates

    3. OS Fingerprinting

    4. DShield Reporting

    5. Viewing psad Status Output

    6. Forensics Mode

    7. Verbose/Debug Mode

    8. Concluding Thoughts

  8. Chapter 8 ACTIVE RESPONSE WITH PSAD

    1. Intrusion Prevention vs. Active Response

    2. Active Response Trade-offs

    3. Responding to Attacks with psad

    4. Active Response Examples

    5. Integrating psad Active Response with Third-Party Tools

    6. Concluding Thoughts

  9. Chapter 9 TRANSLATING SNORT RULES INTO IPTABLES RULES

    1. Why Run fwsnort?

    2. Signature Translation Examples

    3. The fwsnort Interpretation of Snort Rules

    4. Concluding Thoughts

  10. Chapter 10 DEPLOYING FWSNORT

    1. Installing fwsnort

    2. Running fwsnort

    3. Observing fwsnort in Action

    4. Setting Up Whitelists and Blacklists

    5. Concluding Thoughts

  11. Chapter 11 COMBINING PSAD AND FWSNORT

    1. Tying fwsnort Detection to psad Operations

    2. Revisiting Active Response

    3. Thwarting Metasploit Updates

    4. Concluding Thoughts

  12. Chapter 12 PORT KNOCKING VS. SINGLE PACKET AUTHORIZATION

    1. Reducing the Attack Surface

    2. The Zero-Day Attack Problem

    3. Port Knocking

    4. Single Packet Authorization

    5. Security Through Obscurity?

    6. Concluding Thoughts

  13. Chapter 13 INTRODUCING FWKNOP

    1. fwknop Installation

    2. fwknop Configuration

    3. fwknop SPA Packet Format

    4. Deploying fwknop

    5. Concluding Thoughts

  14. Chapter 14 VISUALIZING IPTABLES LOGS

    1. Seeing the Unusual

    2. Gnuplot

    3. AfterGlow

    4. iptables Attack Visualizations

    5. Concluding Thoughts

  1. Appendix ATTACK SPOOFING

    1. Connection Tracking

  2. Appendix A COMPLETE FWSNORT SCRIPT

  3. COLOPHON