Linux Firewalls: Attack Detection and Response and over one million other books are available for Amazon Kindle. Learn more

Quantity:

Buy New


	Amazon Prime Free Trial required. Sign up when you check out. Learn More

Buy Used

Used - Good See details

$33.79 & this item ships for FREE with Super Saver Shipping. Details

Fulfilled by Amazon

Kindle Edition Read the Kindle edition on Kindle, iPhone, iPad, Android, BlackBerry, PC and Mac.

Sell Back Your Copy

For a $28.81 Gift Card

Learn more

More Buying Choices

Have one to sell? Sell yours here

See all product images
See 1 customer image

Share your own customer images

Search inside this book

Start reading Linux Firewalls: Attack Detection and Response on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort [Paperback]

Michael Rash (Author)

5.0 out of 5 stars See all reviews (12 customer reviews) |

List Price:	$49.95
Price:	$39.75 & this item ships for FREE with Super Saver Shipping. Details
Deal Price:
You Save:	$10.20 (20%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 4 left in stock--order soon (more on the way).

Want it delivered Monday, January 30? Choose One-Day Shipping at checkout. Details

Formats	Amazon Price		New from	Used from
Kindle Edition	$31.96		--	--
Paperback	$39.75		--	--

Sell Back Your Copy for $28.81

Whether you buy it used on Amazon for $26.95 or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $28.81.

› See more product promotions

Book Description

Publication Date: September 15, 2007

System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection systems (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.

Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. You'll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.

Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of these topics:

Passive network authentication and OS fingerprinting

iptables log analysis and policies

Application layer attack detection with the iptables string match extension

Building an iptables ruleset that emulates a Snort ruleset

Port knocking vs. Single Packet Authorization (SPA)

Tools for visualizing iptables logs

Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls. If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables-along with psad and fwsnort-to detect and even prevent compromises.

--This text refers to the Kindle Edition edition.

#outer_postBodyPS { display: none; } #psGradient { display: none; } #psPlaceHolder { display: none; } #psExpand { display: none; }

Passive network authentication and OS fingerprinting

iptables log analysis and policies

Application layer attack detection with the iptables string match extension

Building an iptables ruleset that emulates a Snort ruleset

Port knocking vs. Single Packet Authorization (SPA)

Tools for visualizing iptables logs

Frequently Bought Together

Price For All Three: $74.96

Show availability and shipping details

Buy the selected items together

This item: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort by Michael Rash Paperback $39.75

In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
Linux iptables Pocket Reference by Gregor N. Purdy Paperback $9.95

In Stock.
Ships from and sold by Amazon.com.
Eligible for FREE Super Saver Shipping on orders over $25. Details
Linux Firewalls (3rd Edition) by Steve Suehring Paperback $25.26

In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details

Customers Who Bought This Item Also Bought

Linux iptables Pocket Reference by Gregor N. Purdy
4.7 out of 5 stars (6)

$9.95
Hardening Linux by James Turnbull
4.4 out of 5 stars (8)

$29.84
Linux Firewalls (3rd Edition) by Steve Suehring
4.4 out of 5 stars (38)

$25.26
Linux Networking Cookbook by Carla Schroder
4.6 out of 5 stars (12)

$29.69
Metasploit: The Penetration Tester's Guide by David Kennedy
4.7 out of 5 stars (37)

$27.24
Nmap Network Scanning: The Official Nmap Pr... by Gordon Fyodor Lyon
4.8 out of 5 stars (36)

$32.64

Product Details

Paperback: 336 pages
Publisher: No Starch Press; 1 edition (September 15, 2007)
Language: English
ISBN-10: 1593271417
ISBN-13: 978-1593271411
Product Dimensions: 9.1 x 7.1 x 1 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)

Average Customer Review: 5.0 out of 5 stars See all reviews (12 customer reviews)

Amazon Best Sellers Rank: #511,445 in Books (See Top 100 in Books)

Would you like to update product info or give feedback on images?

More About the Author

› Visit Amazon's Michael Rash Page

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

12 Reviews

5 star:		(12)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Average Customer Review

5.0 out of 5 stars (12 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

20 of 20 people found the following review helpful:

5.0 out of 5 stars EXCELLENT on what it's on, but it may not be on what you think., January 10, 2008

GoClick - See all my reviews

Amazon Verified Purchase(What's this?)

This review is from: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort (Paperback)

Make no mistake, this book is on what it says it's about "Attack Detection and Response with iptables, psad, and fwsnort" it contains very little information about setting up iptables to block unwanted external traffic.

HOWEVER setting up iptables (in the basic sense) doesn't require an entire book. Sure there are whole books on that topic but there is no need for a 300 page book on it, that just seems to be the size computer books have to be in order to get published. Which means other books on iptables are probably going to about 250 pages of fluff.

Incidentally this book actually only spends about the first 35 pages describing that, the remainder is fantastic, useful, well written information about doing the things that make iptables truly useful. "detection and response" ACTIVELY securing your system.

In addition to being comprehensive and useful this book happens to be well written, far better than most technical books.

If you're thinking about buying a book on Linux firewalls, make it this one, but if you're not already familiar with iptables expect to read the first 35 pages, then a couple online tutorials and then come back to this book.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

14 of 14 people found the following review helpful:

5.0 out of 5 stars One of the best technical books published in 2007, December 20, 2007

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)

This review is from: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort (Paperback)

Disclaimer: I wrote the foreword for this book, so obviously I am biased. However, I am not financially compensated for this book's success.

In the foreword I note that Linux Firewalls is a "great book." As a FreeBSD user, Linux Firewalls is good enough to make me consider using Linux in certain circumstances! Mike's book is exceptionally clear, organized, concise, and actionable. You should be able to read it and implement everything you find by following his examples. You will not only learn tools and techniques, but you will be able to appreciate Mike's keen defensive insights.

The majority of the world's digital security professionals focus on defense, because offense is left to the bad guys, police, and military. I welcome books like Linux Firewalls that bring real defensive tools and techniques to the masses in a form that can be digested and deployed for minimum cost and effort.

One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. I've read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience. Mike is exceptionally detail-oriented (see the RST vs RST ACK issue on p 63 and elsewhere) and he often cites sources and additional references. Linux Firewalls very nicely integrates sample network traffic to make numerous points; Ch 11 has several great examples. The sections on Fwsnort even improved my understanding of Snort itself.

The bottom line is that if you are a user of non-Microsoft operating systems (Linux, BSD, etc.) and you want to know how Linux can help defend your network, you will enjoy reading Linux Firewalls.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

14 of 14 people found the following review helpful:

5.0 out of 5 stars Nice, accurate and interesting. Not like other books about firewalls., December 5, 2007

L. Garcia (Spain.) - See all my reviews
(REAL NAME)

This review is from: Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort (Paperback)

When I bought "Linux Firewalls" I was expecting a good book because I already knew that the work of Michael Rash is excellent. However, I expected the traditional Iptables handbook that looks more like a "man page". Surprisingly I found that the book was much better than that. Instead of detailing every single feature of the Iptables infrastructure, Michael Rash explains how Iptables can be used as a powerful (and free) Intrusion Detection/Prevention System. To achieve that, Rash presents three open source tools developed by himself: psad, an iptables-based port scan detector, fwsnort, a tool that translates snort rules into iptables sentences, and fwknop, a Port Knocking and SPA authentication system.

The book is very practical. It's amazing how everything is presented so clearly and with such useful examples. The author first introduces the potential threats that are associated with the Network Layer, Transport Layer and Application Layer (I loved those chapters). Then he starts discussing the detection of malicious attackers that try to break into the system. Finally he presents active response mechanisms against attackers and ways to secure the whole system with additional layers of security.

The book is great if what you want is to secure your Linux system using IPtables and the open source tools developed by Rash. Rash is an expert on firewalls and intrusion detection systems. If you follow his suggestions you'll build a very secure system. Firewall enthusiasts and TCP/IP fans will also enjoy reading the book because its written by a geek and its written for geeks. However, if you are looking for an Iptables handbook, you are looking for a theoretical book about Firewalls or you want to use other tools than the ones presented in the book, then "Linux Firewalls" may not be the best option for you.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

Share your thoughts with other customers: Create your own review

› See all 12 customer reviews...

Most Recent Customer Reviews

5.0 out of 5 stars Outstanding book
Get this book. Do as it suggests, and you'll be shocked at how many burglers are constantly knocking at your door.

Published 5 months ago by J. H. Morgan

5.0 out of 5 stars Detailed view of Linux security
The authors have created a practical book that can help me become better at security administration. Read more

Published 5 months ago by SK Kim

5.0 out of 5 stars great!
This was a great book! Helped me understand networking, linux, and iptables better. Michael Rash has written some great software, and this is also a definitive guide on it.

Published on September 10, 2009 by Rich Lundeen

5.0 out of 5 stars The result is a fine pick for any programmer's library.
Libraries catering to system administrators will find LINUX FIREWALLS an essential acquisition, discussing the technical aspects of the iptables firewall and Netfilter built into... Read more

Published on January 6, 2008 by Midwest Book Review

5.0 out of 5 stars VERY VERY HIGHLY RECOMMENDED!!
Do you have any familiarity with TCP/IP networking concepts and Linux system administration? If you do, then this book is for you. Read more

Published on November 20, 2007 by John R. Vacca

5.0 out of 5 stars A bit techy but good book

Customer Video Review

Length:: 2:41 Mins

Published on November 1, 2007 by Anthony Lawrence

5.0 out of 5 stars Ready to Increase Your Personal Computing Security at LOW Cost?
If so, this gem will walk you through the process of implementing three low-footprint applications which will create an additional ring of security, decreasing an attackers... Read more

Published on October 31, 2007 by Harvey Muller

5.0 out of 5 stars A great book
I have been looking forward to getting this book into my hands, since the other projects Michael Rash has led so far look quite impressive to me. Looking at his website [... Read more

Published on October 15, 2007 by Franck Joncourt

5.0 out of 5 stars An obligatory reference for everyone involved with firewalls.
Es uno de los mejores libros escritos en este tema que todo profesional en seguridad debería leer y una referencia obligatoria para todo aquel involucrado con los... Read more

Published on October 8, 2007 by Carlos A. Ayala Rocha

› See all 12 customer reviews...

Inside This Book (learn more)

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
volume serial number, server hostname, selective acknowledgment, iptables policy, iptables data, string match extension, fwsnort chains, deploying fwsnort, logging prefix, tcp pkts, dsize option, port knocking, honeynet systems, tar xfj, syslog hostname, knock sequence, internal webserver, network layer attacks, pkts bytes target prot opt, stream preprocessor, using psad, protocol decode listening, snort rules, active response mechanism, iptables policies

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Single Packet Authorization, Port Unreachable, Starting Nmap, Michael Rash, Translating Snort Rules, Echo Requests, Parsing Snort, Maximum Segment Size, Bleeding Snort, Denial of Service, Linux Firewalls, Detecting Suspicious Traffic, Honeynet Project, External Scanner, Desktop Hostname, The Part Scan Attack Detector, The Port Scan Attack Detector, Tue Jul, Echo Reply, Internal Scanner Hostname, Testing the Policy, Check Point, Internet Hostname, Netfilter Configuration, Parse Perl

What Other Items Do Customers Buy After Viewing This Item?

Linux iptables Pocket Reference by Gregor N. Purdy Paperback
4.7 out of 5 stars (6)

$9.95

Hardening Linux by James Turnbull Paperback
4.4 out of 5 stars (8)

$29.84

Linux Firewalls (3rd Edition) by Steve Suehring Paperback
4.4 out of 5 stars (38)

$25.26

Linux Networking Cookbook by Carla Schroder Paperback
4.6 out of 5 stars (12)

$29.69

› Explore similar items

Tags Customers Associate with This Product

(What's this?)

Click on a tag to find related items, discussions, and people.

linux(13)

firewalls(11)

iptables(10)

linux security(7)

network security(5)

security(5)

intrusion detection(4)

bejtlich(3)

port knocking(3)

taosecurity(3)

Agree with these tags?

See all 28 tags...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }

Customer Discussions

This product's forum

Discussion	Replies	Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight

Start a new discussion

Topic:

First post:

Receive e-mail when new posts are made

Prompts for sign-in

Guidelines

Active discussions in related forums

Discussion	Replies	Latest Post
Textbook Buyback forum Name on book	0	5 hours ago
Textbook Buyback forum Ebooks	6	6 hours ago
Textbook Buyback forum Returned book in bad condition/Sent as new	2	11 hours ago
Textbook Buyback forum Books containing highlights	7	2 days ago
Textbook Buyback forum Is it OK if I used it to nudge several people towards Death Valley with it?	2443	3 days ago
Textbook Buyback forum Book's condition	13	3 days ago
Textbook Buyback forum Pre-paid shipping label help	4	3 days ago
Textbook Buyback forum textbook trade in	4	5 days ago