Linux Hardening in Hostile Networks

Rankin begins with a user-oriented guide to safeguarding your own personal data with PGP Off-the-Record Messaging (OTR) Tor and the Tails amnesic incognito live Linux distribution. Next he guides you through setting up secured versions of the services you manage every day including web email and database servers that communicate over TLS; locked-down DNS servers with DNSSEC; Tor servers and hidden services.Each category of solution is presented in its own chapter with techniques organized based on difficulty level time commitment and overall threat. In each case Rankin begins with techniques any system administrator can quickly implement to protect against entry-level hackers. Next he moves on to intermediate and advanced techniques intended to safeguard against sophisticated and knowledgeable attackers. An accompanying CDROM contains a full pre-configured copy of the Tails live Linux distribution making it simple for any sysadmin to bootstrap a highly-secure privacy-protecting environment in minutes.Features Demystifies high-security technologies like TLS DNSSEC and Tor and guides readers step-by-step through implementing themShows how to systematically harden Linux servers and networks against aggressive new threatsDemonstrates today''s best practices for protect email and other digital assets against intrusions from governments and sophisticated hackersOrganizes countermeasures by complexity so you can quickly implement easier solutions and move on to more difficult techniques when you''re readyBy Kyle Rankin award-winning Linux Journal columnist and author of DevOps Troubleshooting and The Official Ubuntu Server BookTable of Contents Foreword xiiiPreface xvAcknowledgments xxiiiAbout the Author xxv Chapter 1: Overall Security Concepts 1Section 1: Security Fundamentals 1Section 2: Security Practices Against a Knowledgeable Attacker 10Section 3: Security Practices Against an Advanced Attacker 20Summary 24 Chapter 2: Workstation Security 25Section 1: Security Fundamentals 25Section 2: Additional Workstation Hardening 33Section 3: Qubes 37Summary 52 Chapter 3: Server Security 53Section 1: Server Security Fundamentals 53Section 2: Intermediate Server-Hardening Techniques 58Section 3: Advanced Server-Hardening Techniques 68Summary 74 Chapter 4: Network 75Section 1: Essential Network Hardening 76Section 2: Encrypted Networks 87Section 3: Anonymous Networks 100Summary 107 Chapter 5: Web Servers 109Section 1: Web Server Security Fundamentals 109Section 2: HTTPS 113Section 3: Advanced HTTPS Configuration 118Summary 131 Chapter 6: Email 133Section 1: Essential Email Hardening 133Section 2: Authentication and Encryption 137Section 3: Advanced Hardening 141Summary 156 Chapter 7: DNS 157Section 1: DNS Security Fundamentals 158Section 2: DNS Amplification Attacks and Rate Limiting 161Section 3: DNSSEC 166Summary 175 Chapter 8: Database 177Section 1: Database Security Fundamentals 177Section 2: Database Hardening 185Section 3: Database Encryption 191Summary 195 Chapter 9: Incident Response 197Section 1: Incident Response Fundamentals 197Section 2: Secure Disk Imaging Techniques 200Section 3: Walk Through a Sample Investigation 209Summary 214 Appendix A: Tor 215What Is Tor? 215How Tor Works 216Security Risks 219Appendix B: SSL/TLS 221What Is TLS? 221How TLS Works 222TLS Troubleshooting Commands 224Security Risks 224 Index 229