VandenBrink Rob / Ванденбринк Роб - Linux for Networking Professionals: Securely configure and operate Linux network services for the enterprise / Linux для сетевых специалистов [2021, PDF, EPUB, ENG]

Примеры страниц

Оглавление

Preface
Section 1: Linux Basics
1
Welcome to the Linux Family
Why Linux is a good fit for a
networking team 4
Why is Linux important? 5
The history of Linux 7
Mainstream data center Linux 8
Red Hat 8
Oracle/Scientific Linux 9
SUSE 9
Ubuntu 9
BSD/FreeBSD/OpenBSD 10
Specialty Linux distributions 10
Open source firewalls 11
Kali Linux 11
SIFT 11
Security Onion 11
Virtualization 12
Linux and cloud computing 12
Picking a Linux distribution for
your organization 13
Summary 14
Further reading 14
2
Basic Linux Network Configuration and
Operations – Working with Local Interfaces
Technical requirements 18
Working with your network
settings – two sets of commands 18
Displaying interface IP
information 21
Displaying routing information 24
IPv4 addresses and
subnet masks 26
Special-purpose addresses 27
Private addresses – RFC 1918 29
Assigning an IP address to an
interface 30
Adding a route 32
Adding a route using legacy approaches 34
Disabling and enabling an interface 34
Setting the MTU on an interface 35
More on the nmcli command 36
Summary 39
Questions 39
Further reading 39
Section 2: Linux as a Network Node and
Troubleshooting Platform
3
Using Linux and Linux Tools for Network Diagnostics
Technical requirements 44
Network basics – the OSI model 45
Layer 2 – relating IP and MAC
addresses
using ARP 47
MAC address OUI values 53
Layer 4 – how TCP and UDP
ports work 54
Layer 4 – TCP and the three-way
handshake 55
Local port enumeration – what
am I connected to? What am I
listening for? 57
Remote port enumeration
using native tools 68
Remote port and service
enumeration – nmap 74
NMAP scripts 82
Are there limits to Nmap? 88
Wireless diagnostic operations 89
Summary 95
Questions 96
Further reading 96
4
The Linux Firewall
Technical requirements 98
Configuring iptables 98
iptables from a high level 99
The NAT table 105
The mangle table 107
Order of operations in iptables 108
Configuring nftables 110
nftables basic configuration 111
Using include files 112
Removing our Firewall Configuration 113
Table of Contents ix
Summary 113
Questions 114
Further reading 114
5
Linux Security Standards with Real-Life Examples
Technical requirements 116
Why do I need to secure my
Linux hosts? 116
Cloud-specific security
considerations 117
Commonly encountered
industry-specific security
standards 118
The Center for Internet
Security critical controls 119
Getting a start on CIS critical security
controls 1 and 2 123
OSQuery – critical controls 1 and 2,
adding in controls 10 and 17 131
The Center for Internet
Security benchmarks 136
Applying a CIS benchmark – securing
SSH on Linux 137
SELinux and AppArmor 144
Summary 146
Questions 146
Further reading 147
Section 3: Linux Network Services
6
DNS Services on Linux
Technical requirements 152
What is DNS? 152
Two main DNS server
implementations 153
An organization's "internal" DNS
server (and a DNS overview) 153
An internet-facing DNS server 157
Common DNS implementations 159
Basic installation: BIND for internal use 159
BIND: Internet-facing implementation
specifics 163
DNS troubleshooting and
reconnaissance 165
DoH 166
DoT 169
knot-dnsutils 171
Implementing DoT in Nmap 174
DNSSEC 175
Summary 177
Questions 177
Further reading 177
7
DHCP Services on Linux
How does DHCP work? 181
Basic DHCP operation 182
DHCP requests from other subnets
(forwarders, relays, or helpers) 183
DHCP options 185
Securing your DHCP services 187
Rogue DHCP server 187
Rogue DHCP client 190
Installing and configuring a
DHCP server 191
Basic configuration 191
Static reservations 194
Simple DHCP logging and
troubleshooting in everyday use 195
Summary 197
Questions 198
Further reading 198
8
Certificate Services on Linux
Technical requirements 200
What are certificates? 200
Acquiring a certificate 201
Using a certificate – web
server example 204
Building a private
Certificate Authority 208
Building a CA with OpenSSL 208
Requesting and signing a CSR 212
Securing your Certificate
Authority infrastructure 215
Legacy tried-and-true advice 215
Modern advice 215
CA-specific risks in modern
infrastructures 216
Certificate Transparency 217
Using Certificate Authority for
inventory or reconnaissance 218
Certificate automation and
the ACME protocol 219
OpenSSL cheat sheet 221
Summary 224
Questions 224
Further reading 224
9
RADIUS Services for Linux
Technical requirements 228 RADIUS basics – what is
RADIUS and how does it work? 228
Implementing RADIUS with
local Linux authentication 232
RADIUS with LDAP/LDAPS
backend authentication 234
NTLM authentication (AD) –
introducing CHAP 239
Unlang – the unlanguage 246
RADIUS use-case scenarios 247
VPN authentication using user ID
and password 248
Administrative access to
network devices 249
RADIUS configuration for EAP-TLS
authentication 252
Wireless network authentication
using 802.1x/EAP-TLS 254
Wired network authentication using
802.1x/EAP-TLS 257
Using Google Authenticator
for MFA with RADIUS 260
Summary 261
Questions 262
Further reading 262
10
Load Balancer Services for Linux
Technical requirements 266
Introduction to load balancing 266
Round Robin DNS (RRDNS) 266
Inbound proxy – Layer 7 load balancing 268
Inbound NAT – Layer 4 load balancing 270
DSR load balancing 272
Load balancing algorithms 275
Server and service
health checks 276
Data center load balancer
design considerations 277
Data center network and management
considerations 280
Building a HAProxy NAT/proxy
load balancer 284
Before you start configuring – NICs,
addressing, and routing 285
Before you start configuring –
performance tuning 285
Load balancing TCP services – web
services 287
Setting up persistent (sticky)
connections 291
Implementation note 292
HTTPS frontending 292
A final note on load
balancer security 295
Summary 296
Questions 297
Further reading 297
11
Packet Capture and Analysis in Linux
Technical requirements 300
Introduction to packet
capturing – the right places
to look 300
Capturing from either end 300
Switching the monitoring port 301
Intermediate in-line host 302
Network tap 302
Malicious packet capture approaches 304
Performance considerations
when capturing 307
Capturing tools 309
tcpdump 309
Wireshark 309
TShark 310
Other PCAP tools 310
Filtering captured traffic 310
Wireshark capture filters (capturing
your home network traffic) 311
tcpdump capture filters – VoIP phones
and DHCP 313
More capture filters – LLDP and CDP 318
Collecting files from a packet capture 321
Troubleshooting an
application – capturing a
VoIP telephone call 324
Wireshark display filters – separating
specific data in a capture 330
Summary 333
Questions 333
Further reading 334
12
Network Monitoring Using Linux
Technical requirements 336
Logging using Syslog 336
Log size, rotation, and databases 337
Log analysis – finding "the thing" 338
Alerts on specific events 340
Syslog server example – Syslog 342
The Dshield project 348
Network device management
using SNMP 351
SNMP NMS deployment
example – LibreNMS 356
SNMPv3 363
Collecting NetFlow data on
Linux 373
What is NetFlow and its "cousins"
SFLOW, J-Flow,
and IPFIX? 373
Flow collection implementation
concepts 375
Configuring a router or switch for flow
collection 376
An example NetFlow server using
NFDump and NFSen 379
Summary 391
Questions 392 Further reading 392
Commonly used SNMP OIDs 394
13
Intrusion Prevention Systems on Linux
Technical requirements 398
What is an IPS? 398
Architecture options – where
does an IPS fit in your
data center? 399
IPS evasion techniques 404
Detecting a WAF 404
Fragmentation and other IPS
evasion methods 405
Classic/network-based IPS
solutions – Snort and Suricata 407
Suricata IPS example 408
Constructing an IPS rule 420
Passive traffic monitoring 424
Passive monitoring with P0F – example 425
Zeek example – collecting
network metadata 427
Summary 437
Questions 438
Further reading 438
14
Honeypot Services on Linux
Technical requirements 442
Honeypot overview – what is
a honeypot, and why do I
want one? 442
Deployment scenarios and
architecture – where do I put
a honeypot? 444
Risks of deploying honeypots 449
Example honeypots 450
Basic port alerting honeypots –
iptables, netcat, and portspoof 450
Other common honeypots 455
Distributed/community
honeypot – the Internet
Storm Center's DShield
Honeypot Project 456
Summary 470
Questions 470
Further reading 471
Assessments
Chapter 2 – Basic Linux
Network Configuration and
Operations – Working with
Local Interfaces 473
Chapter 3 – Using Linux
and Linux Tools for
Network Diagnostics 474
Chapter 4 – The Linux Firewall 476
Chapter 5 – Linux Security
Standards with Real-Life
Examples 476
Chapter 6 – DNS Services
on Linux 477
Chapter 7 – DHCP Services
on Linux 478
Chapter 8 – Certificate Services
on Linux 482
Chapter 9 – RADIUS Services
for Linux 483
Chapter 10 – Load Balancer
Services for Linux 485
Chapter 11 – Packet Capture
and Analysis in Linux 486
Chapter 12 – Network
Monitoring Using Linux 487
Chapter 13 – Intrusion
Prevention Systems on Linux 488
Chapter 14 – Honeypot
Services on Linux 489
Other Books You May Enjoy
Index