home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] help make a future linux firewalls book better -- savage the proposal

  • Subject: Re: [OCLUG-Tech] help make a future linux firewalls book better -- savage the proposal
  • From: "Robert P. J. Day" <rpjday [ at ] crashcourse [ dot ] ca>
  • Date: Mon, 10 Mar 2014 05:44:28 -0400 (EDT)
On Mon, 10 Mar 2014, Brenda J. Butler wrote:

> I think the linux mailing list strips attachments.

  yup, noticed that, so here's the original book proposal rendered as
plain text. again, the idea is to comment on whether this is a viable
book proposal, what's missing, etc, etc. and, yes, like the rest of
you, i believe that many books start to get dated the instant they hit
the shelves, so another issue is whether this type of book would have
staying power.

  thoughts?

Part I: Packet-Filtering and Basic Security Measures

1. Preliminary Concepts Underlying Packet-Filtering Firewalls
a. The OSI Networking Model
b. The IP
i. IPv4
ii. IPv6
c. Transport Mechanisms
d. Don't Forget ARP
e. Hostnames and IP Addresses
f. Routing
g. Service Ports
h. Summary

2. Packet Filtering Concepts
a. A Packet-Filtering Firewall
b. Choosing a default Packet-Filtering Policy
c. Rejecting Versus Denying a Packet
d. Filtering Incoming Packets
e. Filtering Outgoing Packets
f. Private Versus Public Network Services
g. Summary

3. iptables: The Linux Firewall Administration Program
a. Differences between IPFW and Netfilter
b. Basic iptables Syntax
c. Iptables Features
d. Iptables Syntax
e. Summary

4. nftables: The New Linux Firewall Administration Program
a. Differences between iptables and nftables
b. Basic nftables Syntax
c. nftables Features
d. nftables Syntax
e. Summary


5. Building and Installing a Standalone Firewall with iptables and nftables
a. Initializing the Firewall
b. Wired and Wireless Networking and Firewalls
c. Protecting Services on Assigned Unprivileged Ports
d. Enabling Basic, required Internet Services
e. Enabling Common TCP Services
f. Enabling Common UDP Services
g. Filtering ICMP control and Status Messages
h. Logging Dropped Incoming Packets
i. Logging Dropped Outgoing Packets
j. Denying Access to Problem Sites Up Front
k. Installing the Firewall
l. Summary


Part II: Advanced Issues, Multiple Firewalls, and Perimeter Networks

6. Firewall Optimization
a. Rule Organization
b. User-Defined Chains
c. Optimized Example
d. What Did Optimization Buy?
e. Summary

7. Packet Forwarding
a. The Limitations of a Standalone Firewall
b. Basic Gateway Firewall Setups
c. LAN Security Issues
d. Configuration Options for a Trusted Home LAN
e. Configuration Options for a Larger or Less Trusted LAN
f. A Formal Screened-Subnet Firewall
g. Converting the gateway from Local Services to Forwarding
h. Summary

8. NAT – Network Address Translation
a. The Conceptual Background of NAT
b. Iptables NAT Semantics
c. Examples of SNAT and Private LANs
d. Examples of DNAT, LANs, and Proxies
e. Summary

9. Debugging the Firewall Rules
a. General Firewall-Development Tips
b. Listing the Firewall Rules
c. Interpreting the System Logs
d. Checking for Open Ports
e. Summary

10. Virtual Private Networks
a. Overview of Virtual Private Networks (VPN)
b. Types of VPN
c. VPN Protocols
d. Linux and VPN Products
e. VPN Configurations
f. Connecting Networks
g. VPN and Firewalls


Part III: Beyond Iptables

11.  Intrusion Detection, Response and Reporting
a. Detecting Intrusions
b. Symptoms of Compromised Systems
c. What to Do if Your System Is Compromised
d. Incident Reporting
e. Summary
12.  Tools of Intrusion Detection
a. Intrusion Detection Tooklit
b. Rootkit Checks
c. Filesystem Integrity
d. Log Monitoring
e. How to Not Become Compromised
13.  Detecting Attacks on your Network
a. Listening to the Ether
b. TCPDump Overview
c.	Using TCPDump to Capture Specific Protocols
d.	Automated Intrusion Monitoring with Snort
e.  Monitoring with Arpwatch
14.  Filesystem Integrity
a. Filesystem Integrity Overview
b. Installing Samhain
c. Configuring Samhain
d. Using Samhain
e. Summary


Part IV: Appendices

A. Security Resources
a. Security Information Sources
b. Software Collections
c. Security Tools
d. Firewall Tools
e. Reference Papers and FAQs
f. General Web Sites
g. Books

B. Firewall Examples and Support Scripts
a. iptables Firewall for a Standalone System from Chapter 5
b. Otimized iptables Firewall from Chapter 6
c. Iptables Firewall for a Choke Firewall from Chapter 7
d. Special Purpose Support Scripts
e. DHCP and pump: Firewall Support with a Dynamic IP Address and Name Servers