Atjaunināt sīkdatņu piekrišanu

Security Strategies in Linux Platforms and Applications [Mīkstie vāki]

3.78/5 (16 ratings by Goodreads)
  • Formāts: Paperback / softback, 512 pages, weight: 850 g
  • Izdošanas datums: 17-Sep-2010
  • Izdevniecība: Jones and Bartlett Publishers, Inc
  • ISBN-10: 076379189X
  • ISBN-13: 9780763791896
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 106,73 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Security Strategies in Linux Platforms and ApplicationsPalielināt
  • Formāts: Paperback / softback, 512 pages, weight: 850 g
  • Izdošanas datums: 17-Sep-2010
  • Izdevniecība: Jones and Bartlett Publishers, Inc
  • ISBN-10: 076379189X
  • ISBN-13: 9780763791896
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9780763791896.html
Keywords:
Security Strategies in Linux Platforms and Applications covers every major aspect of security on a Linux system. Written by an industry expert, this book is divided into three natural parts to illustrate key concepts in the field. It opens with a discussion of the risks, threats, and vulnerabilities associated with Linux as an operating system using examples from Red Hat Enterprise Linux and Ubuntu. Part 2 discusses how to take advantage of the layers of security available to Linux---user and group options, filesystems, and security options for important services, as well as the security modules associated with AppArmor and SELinux. The book closes with a look at the use of both open source and proprietary tools when building a layered security strategy for Linux operating system environments. Using real-world examples and exercises, this useful resource incorporates hands-on activities to walk readers through the fundamentals of security strategies realted to the Linux system.

The Jones & Barlett Learining Information Systems Security & Assurance Series delivers fundamental IT security principles packed with real-world applications and examples for IT security. Cybersecurity, Information Assurance, and Information Systems Security programs. Authored by Certified Information Systems Security Professionals (CISSPs), and reviewed by leading technical experts in the field, these books are current, forward-thinking resources that enable readers to solve the cybersecurity challenges of today and tommorrow.
Preface xix
Acknowledgments xxiii
PART ONE Is Linux Really Secure?
1(52)
Chapter 1 Security Threats to Linux
2(26)
The Fundamentals of Linux Information Security
4(1)
Security As a Process in the Open Source World
5(1)
Laws and Regulatory Requirements in Information Security
6(1)
Measuring Information Security
7(3)
Confidentiality
7(1)
Possession or Control
8(1)
Integrity
8(1)
Authenticity
9(1)
Availability
9(1)
Utility
9(1)
The Open Source Security Testing Methodology Manual
10(7)
Measures of OSSTMM Compliance
10(1)
OSSTMM Channels
10(1)
OSSTMM Test Methodologies
11(5)
OSSTMM Certifications
16(1)
Linux and the Seven Domains of a Typical IT Infrastructure
17(5)
Linux in the User Domain
20(1)
Linux in the Workstation Domain
20(1)
Linux in the LAN Domain
20(1)
Linux in the LAN-to-WAN Domain
20(1)
Linux in the System/Application Domain
21(1)
Linux in the Remote Access Domain
21(1)
Linux in the WAN Domain
21(1)
Attacks on Open Source Software
22(1)
Security in an Open Source World
22(1)
Costs and Benefits of Linux Security Measures
23(2)
The Costs of Security
23(1)
The Benefits of Security
24(1)
The Effects of Virtualization
24(1)
Chapter Summary
25(1)
Key Concepts and Terms
25(1)
Chapter 1 Assessment
26(2)
Chapter 2 Basic Components of Linux Security
28(25)
Linux Security Starts with the Kernel
29(4)
The Basic Linux Kernel Philosophy
30(1)
Basic Linux Kernels
30(1)
Distribution-Specific Linux Kernels
31(1)
Custom Linux Kernels
31(2)
Linux Kernel Security Options
33(1)
Security in the Boot Process
33(2)
Physical Security
33(1)
The Threat of the Live CD
34(1)
Boot Process Security
34(1)
More Boot Process Issues
35(1)
Virtual Physical Security
35(1)
Linux Security Issues Beyond the Basic Operating System
35(2)
Service Process Security
35(2)
Security Issues with the GUI
37(1)
The User Authentication Databases
37(2)
File Ownership, Permissions, and Access Controls
39(1)
Firewalls and Mandatory Access Controls
40(2)
Firewall Support Options
40(1)
Mandatory Access Control Support
41(1)
Networks and Encrypted Communication
42(1)
The Latest Linux Security Updates
43(2)
Linux Security Updates for Regular Users
43(1)
Linux Security Updates for Home Hobbyists
44(1)
Linux Security Updates for Power Users
44(1)
Security Updates for Linux Administrators
44(1)
Linux Security Updates Administration
45(1)
Continuity and Resiliency with Virtualization
45(1)
Variations Between Distributions
46(3)
A Basic Comparison: Red Hat and Ubuntu
47(1)
More Diversity in Services
48(1)
Chapter Summary
49(1)
Key Concepts and Terms
50(1)
Chapter 2 Assessment
50(3)
PART TWO Layered Security and Linux
53(262)
Chapter 3 Basic Security: Facilities Through the Boot Process
54(29)
Security in the Server Room and the Physical Server
55(2)
Physical and Environmental Security Factors
55(1)
Security and Form Factors
56(1)
Physical Access Ports
56(1)
Security Beyond the Server
57(1)
Open Source Trusted Platform Modules and Open Trusted Computing
57(5)
The Basics of Trusted Computing
58(1)
Objections to TPM
59(1)
TPM in an Open Source World
60(1)
Configure TPM on a Linux System
61(1)
Security on Virtual Hosts and Guests
62(2)
Security on Virtual Hosts
62(1)
Security on Virtual Guests
63(1)
Locking Down Boot Hardware
64(1)
Locking Down Boot Loaders
64(9)
Back Up the Current Boot Loader
65(1)
Securing LILO
66(2)
Security and Traditional GRUB
68(2)
Security and GRUB 2.0
70(2)
Configure TrustedGRUB
72(1)
Challenges with a Standard Supported Kernel
73(2)
Questions with Standard Kernals
73(1)
Standard Virtual Machine Kernals
74(1)
Limits on Standard Kernels
74(1)
The Costs and Benefits of Obscurity
75(3)
Obscurity in the Boot Menus
75(1)
Obscurity in the Linux Boot Loader
76(1)
Obscurity in Other Linux Boot Configuration Files
76(1)
Obscurity in Services
77(1)
Basic Security and the Five Process Controls
78(1)
Nonrepudiation
78(1)
Confidentiality
78(1)
Privacy
78(1)
Integrity
79(1)
Alarm
79(1)
Best Practices: Basic Security
79(2)
Chapter Summary
81(1)
Key Concepts and Terms
81(1)
Chapter 3 Assessment
82(1)
Chapter 4 User Privileges and Permissions
83(31)
The Shadow Password Suite
84(6)
/etc/passwd
85(1)
/etc/group
86(1)
/etc/shadow
86(1)
/etc/gshadow
87(2)
Defaults for the Shadow Password Suite
89(1)
Shadow Password Suite Commands
90(1)
A Variety of Choices with User Privileges
90(3)
Securing Groups of Users
93(1)
User Private Group Scheme
93(1)
Create a Special Group
93(1)
A Hierarchy of Administrative Privileges
94(5)
Administrative Privileges in Services
95(1)
The su and sg Commands
95(1)
Options with Sudo and /etc/sudoers
96(3)
Regular and Special Permissions
99(2)
The Set User ID Bit
99(1)
The Set Group ID Bit
100(1)
The Sticky Bit
100(1)
Tracking Access Through Logs
101(1)
Authorization Log Options
101(1)
Authorization Log Files
102(1)
Pluggable Authentication Modules
102(3)
The Structure of a PAM Configuration File
103(1)
PAM Configuration for Users
104(1)
Authorizing Access with the PolicyKit
105(4)
How the PolicyKit Works
105(1)
PolicyKit Concepts
106(1)
More on the PolicyKit Configuration
107(1)
The PolicyKit and Local Authority
108(1)
Network User Verification Tools
109(2)
NIS If You Must
109(1)
LDAP Shares Authentication
110(1)
Best Practices: User Privileges and Permissions
111(1)
Chapter Summary
112(1)
Key Concepts and Terms
112(1)
Chapter 4 Assessment
113(1)
Chapter 5 Filesystems, Volumes, and Encryption
114(32)
Filesystem Organization
115(6)
Filesystem Basics
115(1)
The Filesystem Hierarchy Standard (FHS)
116(2)
Good Volume Organization Can Help Secure a System
118(2)
Read-Only Filesystems
120(1)
Journal, Formats, and File Sizes
121(2)
Partition Types
121(1)
The Right Format Choice
122(1)
Available Format Tools
123(1)
Using Encryption
123(6)
Encryption Tools
123(1)
Encrypted Files
124(3)
Encrypted Directories
127(1)
Encrypted Partitions and Volumes
128(1)
Local File and Folder Permissions
129(4)
Basic File Ownership Concepts
130(1)
Basic File-Permission Concepts
130(1)
Changing File Permissions
131(2)
Networked File and Folder Permissions
133(4)
NFS Issues
133(1)
Samba/CIFS Network Permissions
134(2)
Network Permissions for the vsFTP Daemon
136(1)
Filesystems and Quotas
137(3)
The Quota Configuration Process
138(1)
Quota Management
138(2)
Quota Reports
140(1)
Filesystems and Access Control Lists
140(2)
Configure a Filesystem for ACLs
140(1)
ACL Commands
141(1)
Configure Files and Directories with ACLs
141(1)
Best Practices: Filesystems, Volumes, and Encryption
142(1)
Chapter Summary
143(1)
Key Concepts and Terms
144(1)
Chapter 5 Assessment
144(2)
Chapter 6 Every Service is a Potential Risk
146(30)
Basic Bastion Hardening
147(7)
A Minimal Ubuntu Installation
149(1)
A Minimal Red Hat Installation
149(1)
Service Reviews
150(1)
Package Reviews
151(3)
Bastions in a Virtualized Environment
154(2)
Systems Customized for a Virtual Machine
155(1)
Virtual Machine Networks
155(1)
The Risks of Source Code and Development Tools
156(2)
Development Tools
156(2)
Build Packages
158(1)
Uninstalling Default Services
158(8)
Uninstall When Possible
159(1)
Deactivate if Still in Work
159(2)
Services in Question
161(5)
Managing Super Servers and Deactivating Service Scripts
166(2)
The Original Super Server
166(1)
The Extended Internet Super Server
166(1)
Regular Service Scripts
167(1)
Isolate with chroot Jails
168(1)
Avoid X Servers and X Clients Where Possible
168(2)
If You Must Have a GUI
169(1)
The Surprising Generic Text Tool
169(1)
Test With Text Tools
170(1)
The Risks of Productivity Tools
170(2)
Browsers
171(1)
Office Suites
171(1)
E-mail
172(1)
Best Practices: Service Deployment
172(2)
Chapter Summary
174(1)
Key Concepts and Terms
174(1)
Chapter 6 Assessment
174(2)
Chapter 7 Networks, Firewalls, and More
176(42)
Services on Every TCP/IP Port
177(2)
Protocols and Numbers in /etc/services
178(1)
Protection by the Protocol and Number
179(1)
Obscurity and the Open Port Problem
179(1)
Obscure Ports
179(1)
Opening Obscure Open Ports
179(1)
Obscurity by Other Means
180(1)
Protect with TCP Wrappers
180(3)
What Services Are TCP Wrapped?
181(1)
Configure TCP Wrapper Protection
181(2)
Packet Filtering Firewalls
183(12)
Basic Firewall Commands
184(9)
A Firewall for the Demilitarized Zone (DMZ)
193(1)
A Firewall for the Internal Network
194(1)
Alternate Attack Vectors---Modems and More
195(3)
Attacks Through Nonstandard Connections
195(2)
Attacks on Nonstandard Services
197(1)
Wireless-Network Issues
198(3)
The OSSTMM Wireless Security Expert
199(1)
Default Wireless Hardware
199(1)
Linux and Wireless Hardware
199(1)
Cracks in Wireless Security
199(1)
Bluetooth Connections
200(1)
Security-Enhanced Linux (SELinux)
201(9)
The Power of SELinux
202(1)
Basic SELinux Configuration
202(1)
Configuration from the Command Line
202(3)
The SELinux Administration Tool
205(1)
The SELinux Troubleshooter
205(1)
SELinux Boolean Settings
206(4)
Setting Up AppArmor Profiles
210(5)
Basic AppArmor Configuration
210(1)
AppArmor Configuration Files
211(1)
AppArmor Profiles
212(1)
AppArmor Access Modes
212(1)
Sample AppArmor Profiles
212(1)
AppArmor Configuration and Management Commands
213(1)
An AppArmor Configuration Tool
213(2)
Best Practices: Networks, Firewalls, and TCP/IP Communications
215(1)
Chapter Summary
216(1)
Key Concepts and Terms
216(1)
Chapter 7 Assessment
217(1)
Chapter 8 Networked Filesystems and Remote Access
218(33)
One System, One Shared Network Service
219(5)
Configure an NTP Server
220(1)
Install and Configure a Kerberos Server
220(1)
Basic Kerberos Configuration
221(2)
Additional Kerberos Configuration Options
223(1)
Secure NFS as if It Were Local
224(1)
Configure NFS Kerberos Tickets
224(1)
Configure NFS Shares for Kerberos
224(1)
Keeping vsFTP Very Secure
225(2)
Configuration Options for vsFTP
225(2)
Additional vsFTP Configuration Files
227(1)
Linux as a More Secure Windows Server
227(6)
Samba Global Options
228(4)
Samba as a Primary Domain Controller (PDC)
232(1)
Make Sure SSH Stays Secure
233(5)
The Secure Shell Server
233(3)
The Secure Shell Client
236(1)
Create a Secure Shell Passphrase
236(2)
Networks and Encryption
238(3)
Host-to-Host IPSec on Red Hat
239(1)
Host-to-Host IPSec on Ubuntu
239(2)
Network-to-Network IPSec on Red Hat
241(1)
Network-to-Network IPSec on Ubuntu
241(1)
When You "Must" Use Telnet
241(2)
Persuade Users to Convert to SSH
242(1)
Install More Secure Telnet Servers and Clients
242(1)
Rememebr the Modem
243(2)
The Basics of RADIUS
243(2)
RADIUS Configuration Files
245(1)
Moving Away from Clear-Text Access
245(2)
The Simple rsync Solution
246(1)
E-mail Clients
246(1)
Best Practices: Networked Filesystems and Remote Access
247(2)
Chapter Summary
249(1)
Key Concepts and Terms
249(1)
Chapter 8 Assessment
250(1)
Chapter 9 Networked Application Security
251(32)
Web Services: Apache and Friends
252(9)
The LAMP Stack
253(1)
Apache Modules
254(1)
Security-Related Apache Directives
255(4)
Configure Protection on a Web Site
259(1)
Configure a Secure Web Site
259(1)
Configure a Certificate Authority
260(1)
Working With Squid
261(3)
Basic Squid Configuration
262(1)
Security-Related Squid Directives
263(1)
Limit Remote Access with Squid
264(1)
DNS: BIND and More
264(3)
The Basics of DNS on the Internet
264(1)
DNS Network Configuration
265(1)
Secure BIND Configuration
266(1)
A BIND Database
267(1)
DNS Targets to Protect
267(1)
Mail Transfer Agents: sendmail, Sendmail, Postfix, and More
267(6)
Open Source sendmail
268(3)
Commercial Sendmail
271(1)
The Postfix Alternative
271(1)
Dovecot for POP and IMAP
272(1)
More E-mail Services
273(1)
If You Asterisk
273(2)
Basic Asterisk Configuration
274(1)
Security Risks with Asterisk
274(1)
Limit Those Printers
275(3)
Printer Administrators
276(1)
Shared Printers
276(1)
Remote Administration
276(1)
The CUPS Administrative Tool
277(1)
Protect Your Time Services
278(1)
Options for Obscurity: Different Ports, Alternative Services
278(1)
Best Practices: Networked Application Security
279(1)
Chapter Summary
280(1)
Key Concepts and Terms
281(1)
Chapter 9 Assessment
281(2)
Chapter 10 Kernel Security Risk Mitigation
283(32)
Functional Kernels for Your Distribution
284(3)
Kernels by Architecture
284(1)
Kernels for Different Functions
285(2)
The Stock Kernel
287(2)
Kernel Numbering Systems
287(1)
Production Releases and More
288(1)
Download the Stock Kernel
288(1)
Stock Kernel Patches and Upgrades
289(1)
Security and Kernel Update Issues
290(2)
Stock Kernel Security Issues
290(1)
Distribution-Specific Kernel Security Issues
290(1)
Installing an Updated Kernel
291(1)
Kernel Development Software
292(1)
Red Hat Kernel Development Software
292(1)
Ubuntu Kernel Development Software
293(1)
Kernel Development Tools
293(10)
Before Customizing a Kernel
294(1)
Start the Kernel Customization Process
295(1)
Kernel Configuration Options
295(8)
Build Your Own Secure Kernel
303(4)
Download Kernel Source Code
303(2)
Istall Required Development Tools
305(1)
Navigate to the Directory with the Source Code
305(1)
Open a Kernel Configuration Tool
305(1)
Compile the Kernel with the New Custom Configuration
305(1)
Install the New Kernel and More
306(1)
Check the Bootloader
307(1)
Test the Result
307(1)
Kernels and the /proc/Filesystem
307(4)
Don't Reply to Broadcasts
308(1)
Protect from Bad ICMP Messages
309(1)
Protect from SYN Floods
309(1)
Activate Reverse Path Filtering
309(1)
Close Access to Routing Tables
309(1)
Avoid Source Routing
310(1)
Don't Pass Traffic Between Networks
310(1)
Log Spoofed, Source-Routed, and Redirected Packets
311(1)
Best Practices: Kernel Security Risk Mitigation
311(2)
Chapter Summary
313(1)
Key Concepts and Terms
313(1)
Chapter 10 Assessment
314(1)
PART THREE Building a Layered Linux Security Strategy
315(154)
Chapter 11 Managing Security Alerts and Updates
316(36)
Keep Up to Speed with Distribution Security
317(3)
Red Hat Alerts
318(1)
Ubuntu Alerts
319(1)
Keep Up to Speed with Application Security
320(4)
User Applications
320(1)
The OpenOffice.org Suite
320(2)
Service Applications
322(2)
Linux Has Antivirus Systems Too
324(3)
The Clam AntiVirus System
325(1)
AVG Antivirus Option
325(1)
The Kaspersky Antivirus Alternative
326(1)
SpamAssassin
326(1)
Detecting Other Malware
326(1)
Get Into the Details with Bug Reports
327(4)
Ubuntu's Launchpad
327(1)
Red Hat's Bugzilla
328(1)
Application-Specific Bug Reports
329(1)
Service-Specific Bug Reports
330(1)
Security in an Open Source World
331(2)
The Institute for Security and Open Methodologies
331(1)
The National Security Agency
332(1)
The Free Software Foundation
332(1)
User Procedures
332(1)
Automated Updates or Analyzed Alerts
333(2)
Do You Trust Your Distribution?
334(1)
Do You Trust Application Developers?
334(1)
Do You Trust Service Developers?
334(1)
Linux Patch Management
335(4)
Standard yum Updates
336(1)
Standard apt- Updates
337(2)
Options for Update Managers
339(4)
How to Configure Automated Updates
339(2)
Pushing or Pulling Updates
341(1)
Local or Remote Repositories
341(1)
Configure a Local Repository
342(1)
Commercial Update Managers
343(2)
The Red Hat Network
343(1)
Canonical Landscape
344(1)
Novell's ZENworks
345(1)
Open Source Update Managers
345(3)
Various apt- Commands
346(1)
Various yum Commands
346(2)
Red Hat Spacewalk
348(1)
Best Practices: Security Operations Management
348(1)
Chapter Summary
349(1)
Key Concepts and Terms
350(1)
Chapter 11 Assessment
350(2)
Chapter 12 Building and Maintaining a Security Baseline
352(26)
Configure a Simple Baseline
353(3)
A Minimal Red Hat Baseline
354(1)
A Minimal Ubuntu Baseline
355(1)
Read-Only or a Live Bootable Operating System
356(2)
Appropriate Read-Only Filesystems
357(1)
Live CDs and DVDs
358(1)
Update the Baseline
358(3)
A Gold Baseline
358(3)
Baseline Backups
361(1)
Monitor Local Logs
361(5)
The System and Kernel Log Services
361(4)
Logs from Individual Services
365(1)
Consolidate and Secure Remote Logs
366(3)
Default RSyslog Configuration
367(1)
The Standard RSyslog Configuration File
367(2)
Identify a Baseline System State
369(4)
Collect a List of Packages
370(1)
Compare Files, Permissions, and Ownership
370(1)
Define the Baseline Network Configuration
371(1)
Collect Runtime Information
372(1)
Check for Changes with Integrity Scanners
373(2)
Tripwire
373(1)
Advanced Intrusion Detection Environment (AIDE)
374(1)
Best Practices: Build and Maintain a Secure Baseline
375(1)
Chapter Summary
376(1)
Key Concepts and Terms
376(1)
Chapter 12 Assessment
376(2)
Chapter 13 Testing and Reporting
378(40)
Test Every Component of a Layered Defense
379(5)
Test a Firewall
380(1)
Test Various Services
380(3)
Test Passwords
383(1)
Test Mandatory Access Control Systems
384(1)
Check for Open Network Ports
384(10)
The telnet Command
384(1)
The netstat Command
385(3)
The lsof Command
388(1)
The nmap Command
389(5)
Run Integrity Checks of Installed Files and Executables
394(6)
Verify a Package
395(1)
Perform a Tripwire Check
396(1)
Test with the Advanced Instrusion Detection Environment (AIDE)
397(3)
Make Sure Security Does Not Prevent Legitimate Access
400(2)
Reasonable Password Policies
400(1)
Allow Access from Legitimate Systems
401(1)
Monitor That Virtualized Hardware
402(2)
Virtual Machine Hardware
402(1)
Virtual Machine Options
403(1)
Monitoring the Kernel-Based Virtual Machine (KVM)
403(1)
Standard Open Source Security Testing Tools
404(5)
Snort
406(1)
Netcat and the nc Command
407(2)
Commercial Security Test Tools for Linux
409(3)
Nessus
410(1)
System Administrator's Integrated Network Tool (SAINT)
411(1)
The Right Place to Install Security Testing Tools
412(2)
Hint: Not Where Crackers Can Use Them Against You
412(1)
Some Tools Already Available on Live CDs
413(1)
Best Practices: Testing and Reporting
414(1)
Chapter Summary
415(1)
Key Concepts and Terms
416(1)
Chapter 13 Assessment
416(2)
Chapter 14 Detecting and Responding to Security Breaches
418(28)
Regular Performance Audits
419(3)
The Basic Tools: ps and top
420(1)
The System Status Package
421(1)
For Additional Analysis
421(1)
Make Sure Users Stay Within Secure Limits
422(2)
Appropriate Policies
423(1)
Education
423(1)
User Installation of Problematic Services
424(1)
Log Access into the Network
424(1)
Indentify Users Who Have Logged In
424(1)
System Authentication Logs
425(1)
Monitor Account Behavior for Security Issues
425(2)
Downloaded Packages and Source Code
426(1)
Executable Files
426(1)
Create an Incident Response Plan
427(3)
Increased Vigilance
427(1)
Keep the System On (At Least for Now)
428(2)
Have Live Linux CDs Ready for Forensics Purposes
430(5)
Media to Recover Dynamic Data from Compromised Systems
431(3)
Forensic Live Media
434(1)
When You Put Your Plan into Action
435(2)
Confirm the Breach
436(1)
Identify Compromised Systems
436(1)
Have Gold Replacement Systems in Place
436(1)
Backup and Recovery Tools
437(2)
Disk Images for Later Investigation
437(1)
The rsync Command
438(1)
Mount Encrypted Filesystems
439(1)
The Right Way to Save Compromised Data as Evidence
439(1)
Basic Principles for Evidence
439(1)
Remember the Dynamic Data
440(1)
Preserve the Hard Disks
440(1)
Disaster Recovery from a Security Breach
440(2)
Determine What Happened
441(1)
Prevention
441(1)
Replacement
441(1)
Open Source Security Works Only If Everyone Shares
442(1)
If the Security Issue is Known
442(1)
If the Security Issue Has Not Been Reported
442(1)
Best Practices: Security Breach Detection and Response
443(1)
Chapter Summary
444(1)
Key Concepts and Terms
444(1)
Chapter 14 Assessment
445(1)
Chapter 15 Best Practices and Emerging Technologies
446(23)
Maintain a Gold Baseline
447(1)
Monitor Security Reports
448(1)
Work Through Updates
448(1)
Recalibrate System Integrity
448(1)
Redundancy Can Help Ensure Availability
448(3)
A Gold Physical Baseline
449(1)
A Gold Virtual Baseline Host
449(2)
Service-Specific Gold Baseline Systems
451(1)
Trust But Verify Corporate Support
451(2)
Red Hat Support Options
452(1)
Canonical Support Options
452(1)
Open Source Community Support
453(1)
Check Conformance with Security Policies
453(2)
User Security
454(1)
Administrator Security
454(1)
Keep the Linux Operating System Up to Date
455(2)
Baseline Updates
455(1)
Functional Bugs
455(1)
New Releases
456(1)
Keep Distribution-Related Applications Up to Date
457(1)
Server Applications
457(1)
Desktop Applications
458(1)
Manage Third-Party Applications Carefully
458(2)
Licensing Issues
458(1)
Support Issues
459(1)
When Possible, Share Problems and Solutions with the Community
460(2)
Which Community?
460(1)
Share with Developers
461(1)
Share on Mailing Lists
461(1)
Test New Components Before Putting Them into Production
462(1)
Test Updates
462(1)
Document Results
463(1)
Beta Testing
463(1)
Future Trends in Linux Security
463(3)
A New Firewall Command
463(1)
More Mandatory Access Controls
464(1)
Penetration Testing Tools
465(1)
Single Sign-On
465(1)
Chapter Summary
466(1)
Key Conepts and Terms
467(1)
Chapter 15 Assessment
467(2)
Appendix A Answer Key 469(2)
Appendix B Standard Acronyms 471(2)
Glossary of Key Terms 473(18)
References 491(6)
Index 497
Michael Jang (RHCE, LPIC-2, UCP, Linux+, MCP) has been a freelance technical writer since 1998. He had previously worked for more than 10 years as a specialist engineer at Boeing Commercial Airplane Group. Michael has written white papers on new products and processes. Hes also the author of more than two-dozen IT books, including LPIC-1 In Depth (2009) and Ubuntu Server Administration Course (for VTC in 2009). Finally, Michael travels overseas extensively to troubleshoot IT issues and manage projects.