Book review: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort by <i>Michael Rash</i>

Book review: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash


The stability of an enterprise-wide infrastructure depends on understanding innovative, defensive security-related software. Linux Firewalls: Attack Detection and Response with iptables, psad and fwsnort written by Michael Rash and published by No Starch Press, outlines viable approaches that enable a defensive solution in depth.

The book’s coverThe book’s cover

Linux Firewalls primarily details the use of iptables as a security mechanism. It's a succinct book with useful help for a busy administrator,

Thankfully the book avoids the obvious, and via the knockout blow of the PSAD and fwsnort combination explains in detail how to create a wall that will adapt to penetrative automated attacks.

explains in detail how to create a wall that will adapt to penetrative automated attacks

iptables is a firewall that takes advantage of hooks within the Linux kernel (part of the netfilter framework) to deliver impressive filtering and logging functionality. PSAD is an iptables log processor that effortlessly supports pattern recognition of attack signatures. Michael Rash’s book goes further and applies PSAD to adapt the firewall policy based on the firewalls logging.

The contents

The book is the right size: 336 pages, 14 chapters and 2 appendices. The author is clearly an expert and clever practitioner in the online security field: starting with a basic introduction of iptables (the default firewall for Linux) and then moving through attacks and defenses, this book is fat free and accurate.

this book is fat free and accurate

For an experienced system administrator the story really starts to get going when discussing PSAD in chapter 5-7. Log analysis has the potential to reveal attack vectors and PSAD is an effective tool.

Being of a Perl-biased nature, I enjoyed the Perl scripts that were scattered across the book, particularly the IP spoofing example on page 41. The clear example makes it obvious that you should never trust the source IP address; otherwise, you may react against an innocent victim or allow black hats past the entrance.

The discussion of Snort rules (Snort being an intrusion detection system) and the translation to iptables rules via fwsnort is particularly handy for infrastructure hardening. Though fwsnort discards many rules in translation, the remaining collection are viable and detailed.

The list of technologies mentioned goes further with examples of the use of DShield and Nmap.

Who’s this book for?

This effective book is for the busy system administrator involved in the daily routine of hard knocks and bot attacks. The system administrator should find information about good practices and helpful new approaches. It's also a nice bedtime read for those of you that want to make the black hats life a little harder.

A second target group could well be IT students looking for a practical understanding of modern Linux orientated security practices.

Relevance to free software

One of the many major selling points of GNU/Linux servers over Windows is GNU/Linux’s reputed default security level. The correct configuration of iptables and an ever expanding role for PSAD can only help enhancing that reputation.

All the software mentioned in the book is free (as in freedom); since security by obscurity is considered bad practice, diving into source code is crucial.

Pros

The book is easy to read, and chock full of attack vectors and subtle (and not so subtle) iptables configuration tips. This well researched book heightens an average system administrator’s awareness to the vulnerabilities in his or her infrastructure, and the potential to find hardening solutions.

Cons

If you are looking for a beginners' guide to security flaws, and are not after practical configuration tricks, then this book may not be for you. Further, the book is Linux biased, and hence not for a Windows only enterprise-wide monoculture.
Title Linux Firewalls. Attack Detection and Response with iptables, psad, and fwsnort
Author Michael Rash
Publisher NO STARCH PRESS
ISBN 9781593271411
Year 2007
Pages 336
CD included No
FS Oriented 10
Over all score 9

In short

Category: 
Reviews
Tagging: 
linux
security
firewall
License: 
CC-BY-NC-SA

Most forwarded

Interview with Dave Mohyla, of DTIDATA

Dave Mohyla is the president and founder of dtidata.com, a hard drive recovery facility based in Tampa, Florida.

TM: Where are you based? What does your company do?
DTI Data recovery is based in South Pasadena, Florida which is a suburb of Tampa. We have been here for over 10 years. We operate a bio-metrically secured class 100 clean room where we perform hard drive recovery on all types of hard disks, from laptop hard drives to multi drive RAID systems.

Anybody up to writing good directory software?

Since the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).

Interview with Mark Shuttleworth

Mark Shuttleworth is the founder of Thawte, the first Certification Authority to sell public SSL certificates. After selling Thawte to Verisign, Mark moved on to training as an astronaut in Russia and visiting space. Once he got back he founded Ubuntu, the leading GNU/Linux distribution. He agreed on releasing a quick interview to Free Software Magazine.

Is better education the key to finding better software?

I read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.

Most emailed

Free Open Document label templates

If you’ve ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned “There has got to be a better way to do this,” here’s the solution you’ve been looking for. Working smarter, not harder! Worldlabel.com, a manufacture of labels offers Open Office / Libre Office labels templates for downloading in ODF format which will save you time, effort, and (if you want) make really cool-looking labels

Creating a user-centric site in Drupal

A little while ago, while talking in the #drupal mailing list, I showed my latest creation to one of the core developers there. His reaction was "Wow, I am always surprised what people use Drupal for". His surprise is somehow justified: I did create a site for a bunch of entertainers in Perth, a company set to use Drupal to take over the world with Entertainers.Biz.

Update: since writing this article, I have updated the system so that the whole booking process happens online. I will update the article accordingly!

So, why, why do people and companies develop free software?

More and more people are discovering free software. Many people only do so after weeks, or even months, of using it. I wonder, for example, how many Firefox users actually know how free Firefox really is—many of them realise that you can get it for free, but find it hard to believe that anybody can modify it and even redistribute it legally.

When the discovery is made, the first instinct is to ask: why do they do it? Programming is hard work. Even though most (if not all) programmers are driven by their higher-than-normal IQs and their amazing passion for solving problems, it’s still hard to understand why so many of them would donate so much of their time to creating something that they can’t really show off to anybody but their colleagues or geek friends.

Sure, anybody can buy laptops, and just program. No need to get a full-on lab or spend thousands of dollars in equipment. But... is that the full story?

Fun articles

Santa Claus - the most successful open source project

It dawned on me the other day, as I was shopping for the dozens of gifts it seems I have to buy every December, that Santa Claus is the most successful open source project in history. (Bridget @ Illiterarty would agree with that). Santa Claus is essentially a marketing development that is embodied by everyone who stuffs a sock, gives a gift, hosts a dinner or wishes Merry Christmas over the holiday season.

Most emailed

Editorial

When I first started thinking about Free Software Magazine, I was feeling enthusiastic about the dream. I had Dave, Gianluca, and Alan willing to help me, I had established members of the free software community willing to help me out, I had writers volunteering their time and energy for free, and I had a generous offer from OpenHosting for servers, all before I'd proved myself. There was a sense of excitement in the air, and I thought maybe, just maybe, I could make this work.

Free Software Magazine uses Apollo project management software and CRM for its everyday activities!