Linux Firewalls

Building a secure networked Linux box? Then you better know your firewalls. While they’re only one aspect of security, firewalls are often the first line of defense. Linux applications like iptables and fwsnort can provide this support in addition to other features like network address translation (NAT). Unfortunately, as with many firewall applications, the arcane can be important. This book does an excellent job of exposing and explaining how a networked Linux system should work. The book is comprehensive and a relatively easy read for anyone familiar with networking, TCP/IP, and Linux. This is not an introduction to any of these, so don’t drop this book on your parents’ coffee table unless one of them knows how to do a lot more than just turning on a PC. The book starts with the basics like iptables, the main routing application that runs on Linux. It then moves into attacks and defenses, covering applications like psad, which is used to check for port scanner attacks. A sizable chunk of the book addresses the snort firewall (fwsnort), an intrusion detection system. These chapters are well-worth reading since snort is not always part of a system installation. The book wraps up with coverage of port knocking and the author’s Single Packet Authorization (SPA) support for fwknop (FireWall KNock OPerator). Encrypted port knocking can be combined with OS fingerprinting to provide a secure mechanism for initiating VPN links across an unsecured network like the Internet. I keep this book within easy reach since I have a number of different Linux systems running in the lab. Since some of the issues involved are so complex, I uncover something new every time I open it.