Building Linux and OpenBSD Firewalls

It's now more important than ever before to protect your data and computers from people trying to hack into your network. Without the proper security, the wrong person can gain access to your system and read critical documents, change data, delete items and much worse. With this book, you'll quickly learn how to protect your network from such attacks as you build a Linux or OpenBSD firewall. From determining how much security you'll need to configuring the firewall and monitoring your system, authors Tom Yates and Wes Sonnenreich clearly guide you through all the necessary steps to improve your security.

They show you how to:

• Build Linux and OpenBSD firewalls that meet your security needs
• Choose the appropriate hardware for each operating system and put the machine together
• Configure a firewall that allows network services such as email, newsgroups, and Internet and intranet access
• Monitor and update your system to close any holes in security
• Detect intruders and restore your network security

• Part I
1. The ABCs of Network Security
• Why Is Security an Issue?
• What Are You Protecting?
• Data
• Computers
• Reputation
• Internal Security
• Physical Security
• Network Security
• Password Security
• Administrative Security
• Host-Based Security
• In General
• Threats from Outside
• Summary
2. Fundamental Internet Security Issues
• How the Internet Works: The Quick Explanation
• The Network Driver
• The Internet Protocol
• How Data Moves on the Internet
• Who Are the Protocols in Your Neighborhood?
• The Foundation: IP
• The Control Freak: TCP
• The Free Spirit: UDP
• The Translator: ARP/RARP
• The Gimp: IGMP
• Speedy Delivery: Your Friendly Network Routing Service
• Static Routing: ICMP
• Dynamic Routing: RIP and OSPF
• Buffer, the IP Slayer
• Summary
3. How Secure Should Your Network Be?
• The Physical Network
• The DMZ
• IP Masquerading
• Network Topologies
• Other Thoughts on Security
• Network Services
• Permit Everything That Is Not Explicitly Denied
• Deny Everything That Is Not Explicitly Permitted
• Domain Name Translation
• DNS: The Domain Name Service
• Email
• POP: The Post Office Protocol
• IMAP: The Internet Message Access Protocol
• SMTP: The Simple Mail Transport Protocol
• The Web
• HTTP: The HyperText Transfer Protocol
• HTTPS: Secure Web Service 
• Web Clients
• Transferring Files between Machines
• FTP: The File Transfer Protocol
• Other File Transfer Options
• Newsgroups
• NNTP: The Network News Transfer Protocol
• Streaming Services
• Internet Relay Chat
• Streaming Media
• Providing Command Level Access
• Telnet
• Rlogin
• ssh
• Remote Window Interface Control
• The X Window System
• VNC
• Microsoft Windows-Based Products
• Distributed Computing
• RMI
• CORBA/IIOP
• Other Services
• NTP
• NIS
• Yet Other Services
• Should Your Firewall Provide Services?
• Commercial Firewall Systems
• Creating Your Own Policy
• Summary
• Part II
4. Choosing an OS: Linux versus OpenBSD
• The Abridged History of Unix
• The Berkeley Bunch
• The Finnish Upstart
• Why Free Software Exists
• The Laws and Politics of Free Software
• The GNU General Public License
• The Berkeley License
• The Great Divide
• Choosing the Right OS
• The Core Issues
• Miscellaneous Issues
• Summary
5. Getting the Right Hardware
• Hardware Overview
• Inter, or What?
• Buying the System
• The Components
• Building the Box
• BIOS Tweaking
• CD-ROM Troubleshooting
• What to Do if Your CD Still Isn't Working
• Burn-In (or Burning?)
• Summary
6. Installing Linux
• The Red Hat Install
• Chapter 2
• Chapter 3
• Chapter 4
  • Chapter 6
• The Firewall Install
• Installing Extra Packages
• Removing Unwanted Packages
• Modem-Based Firewalls
• Ethernet-Based Firewalls
• Other Important Information
• Summary
7. Configuring the Firewall under Linux
• Rules and Chains
• Chains
• Rules
• Used-Defined Chains
• Practical Chain-Making
• Flush the Chains
• Try Out a Rule or Two
• Masquerading
• Forwarding
• Practical Firewalling
• Starting the Firewall
• Input, Output, Forward
• Source Routing
• No Compiler?
• Port Forwarding
• IPChains Reference
• Summary
8. Installing OpenBSD
• But First…
• Preparing Your System
• The Install
• Setting Up the Hard Drive
• Configuration the Network
• Basic System Configuration
• Configuring Network Cards
• Connecting to the Internet via Modem
• Fine-Tuning the System
• Keeping Your Machine Secure
• Summary
9. Configuring the Firewall under OpenBSD
• IPFilter Theory
• IPF
• Practical Rule Making
• Adding Rules
• Set the Default Policies
• Basic Concepts
• Network Address Translation
• Practical Firewalling
• Starting the Firewall
• The (Mostly) Complete Guide to Writing, Testing and Monitoring Firewall Rules
• IPF
• IPNAT
• IPFTEST
• IPFSTAT
• IPMON
• Summary
10. Tuning Your Firewall
• Implementing Your Security Policy
• Basic Policies
• Stopping Blatantly Hacked Packets
• Filtering by Protocol
• Individual Services
• Masquerading/Network Address Translation
• Linux
• OpenBSD
• Now I Can Do Anything
• Linux
• OpenBSD
• Tying Things Down Tighter
• Routing
• Summary
• Part III
11. Intrusion Detection and Response
• Know Thine Enemies
• Script kiddies
• Public Service Hackers: Friend or Fiend?
• The Pros
• Monitoring Systems
• Network Monitors
• Host Monitors
• Crack in Progress, Keptin
• During an Incident
• After an Incident
• Laptops
• Summary
12. Loose Notes
• References by Chapter
• Chapter 1
• Chapter 3
• Chapter 10
• Chapter 11
• Chapter 12
• A Brief vi Tutorial
• Create a Test Document
• How Do I ESCape?
• How Do I Type Something?
• How Do I Move Around?
• How Do I Delete?
• How Do I Undo that Last Mistake?
• How Do I Cut, Copy, and Paste?
• Now How Do I Quit?
• Look After Your Colon
• How Do I Get More Help?
• The Security Policy
• What Is a Security Policy?
• Creating a Security Policy
• Scripts
• OpenBSD Uninstall Script
• Firewall Startup under Linux
• Some Closing Thoughts

Increadibly easy to digest, and practical to boot. The title sums it up neatly.