Implement Industrial-Strength Security on Any Linux Server In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time. Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan. Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment. Apply core security techniques including 2FA and strong passwords Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods Use the security-focused Tails distribution as a quick path to a hardened workstation Compartmentalize workstation tasks into VMs with varying levels of trust Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream Set up standalone Tor services and hidden Tor services and relays Secure Apache and Nginx web servers, and take full advantage of HTTPS Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage Respond to a compromised server, collect evidence, and prevent future attacks Register your product at informit.com/register for convenient access to downloads, updates, and corrections as they become available.
DNSSEC Specifications DNSSEC Specifications provides a complete overview and exhaustive coverage of the requirements and features of the DNS Security Extensions. All of the important RFCs defining DNSSEC are collected in this volume. The indexed book covers DNS threats, DNS clarifications and protocol modifications, digital signatures, security algorithms, public and private keys, EDNS0, on-line signing, deployment steps, key rollovers, DNSSEC Lookaside Validation, and more.
This book will give you an all encompassing view of the domain name ecosystem combined with a comprehensive set of operations strategies.Key FeaturesManage infrastructure, risk, and management of DNS name servers. Get hands-on with factors like types of name servers, DNS queries and and so on. Practical guide for system administrators to manage mission-critical serversBased on real-world experience - Written by an industry veteran who has made every possible mistake within this field.Book DescriptionManaging your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.What you will learnAnatomy of a domain - how a domain is the sum of both its DNS zone and its registration data, and why that matters.The domain name ecosystem - the role of registries, registrars and oversight bodies and their effect on your names.How DNS queries work - queries and responses are examined including debugging techniques to zero in on problems.Nameserver considerations - alternative nameserver daemons, numbering considerations, and deployment architectures.DNS use cases - the right way for basic operations such as domain transfers, large scale migrations, GeoDNS, Anycast DNS.Securing your domains - All aspects of security from registrar vendor selection, to DNSSEC and DDOS mitigation strategies.Who this book is forIdeal for sysadmins, webmasters, IT consultants, and developers-anyone responsible for maintaining your organization's core DNS Table of ContentsThe Domain name EcosystemCommon PitfallsDomain Policies you must be aware ofThe Two Major Roles of Nameservers DNS Queries In Action Types and Uses of Common Resource Records "Quasi-" Record Types Common Nameserver Software Debugging without tears: DNS Diagnostic Tools Domain Operations & DNS Use Cases Nameserver Considerations Securing your Domains and DNS DNS and DDoS Attacks IPv6 Considerations IPv6 Considerations
This is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book. Learn, prepare, and practice for MCSA 70-741 exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification. Master MCSA 70-741 exam topics Assess your knowledge with chapter-ending quizzes Review key concepts with exam preparation tasks MCSA 70-741 Cert Guide is a best-of-breed exam study guide. Leading technology trainer and consultant Michael S. Schulz shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan. Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time. The study guide helps you master all the topics on the MCSA 70-741 exam for Windows Server 2016, including DNS implementation, including server configuration, zones, records, policies, DNSSEC, and DANE DHCP, including server installation, configuration, and scopes IPAM, including installation/configuration, DNS/DHCP management, and auditing Network connectivity and remote access solutions, including VPN, DirectAccess, NPS Radius, and wired clients Core and distributed network solutions, including IPv4 and IPv6 addressing, DFS, and branch office solutions Advanced network infrastructure
The Domain Name System (DNS) is arguably one of the most important network infrastructure services. As the enabler of almost every web, email, instant messaging, and e-commerce transaction, it is the central nervous system of the Internet. DNS is also a critical component for new and emerging applications such as Voice over LTE (VoLTE) in cellular networks, Voice over IP (VoIP) Telephony, Radio Frequency IDs (RFID), and Content Distribution Networks (CDN). Now in IEEE ComSoc's Best Readings, this book gives the reader an in-depth understanding of how DNS works, its security vulnerabilities, how to monitor and detect security related events and how to prevent and mitigate attacks. After reading the book, the reader will be able to recognize and explain the major issues around DNS security, and know the best practices to setup, operate, and protect DNS service. This book provides a comprehensive coverage of DNS security and is mainly addressed to Information Systems security professionals such as network and system analysts and administrators, network and security operations personnel, network designers and architects, as well as the research community. Sections of the book can be used as assigned reading for undergraduate or graduate classes in network/application security. The book is organized in six chapters. Chapter 1 gives an introduction to the topic, illustrating the importance of DNS Security and providing the motivation for in-depth study of the topic. Chapter 2 gives a comprehensive overview of the protocol, common service architectures, and most common applications using DNS. In Chapter 3, we describe security vulnerabilities at the architectural, protocol, configuration and implementation levels. In Chapter 4, we review how to monitor DNS traffic in different environments and examine techniques to detect security related events. Chapter 5 examines how to prevent, protect against and mitigate attacks. Finally, in Chapter 6 we examine in detail the DNSSEC protocol and its implementation. We conclude examining DNSCurve, an alternative proposal for securing DNS transactions.Awarded IEEE Communication Society's best readings (Books category)
This book covers the topics of Windows 2012 Server and its many new features and improvements. It covers topics on Hyper-V, Clustering, DHCP, IPAM, Security, SAN functionality, and ReFS. It is a good introduction if you have read little or nothing on Windows 2012 Server, and for administrators who want to determine the benefits it offers, it will give you a knowledge needed to help determine if it has what you need. The author crafted this while building his case for the upgrade, and then turned the material into a book for others to view. It delves into the many new changes to the Hyper-Visor. It gives lots of detail on the benefits it brings to clustering. It shows how Microsoft is leveling the playing field with VMware.
The fourth edition of the Official (ISC)2® Guide to the SSCP CBK® is a comprehensive resource providing an in-depth look at the seven domains of the SSCP Common Body of Knowledge (CBK). This latest edition provides an updated, detailed guide that is considered one of the best tools for candidates striving to become an SSCP. The book offers step-by-step guidance through each of SSCP’s domains, including best practices and techniques used by the world's most experienced practitioners. Endorsed by (ISC)² and compiled and reviewed by SSCPs and subject matter experts, this book brings together a global, thorough perspective to not only prepare for the SSCP exam, but it also provides a reference that will serve you well into your career.
Prepare-se para o Exame 70-412 da Microsoft e mostre todo o seu conhecimento de configuração dos serviços avançados do Windows Server 2012 R2. Feita para profissionais de tecnologia da informação experientes, prontos para dar o próximo passo em sua carreira, a série Exam Ref foca no pensamento crítico e nas habilidades de tomada de decisão necessários para o sucesso na obtenção das certificações MCSA e MCSE.Foco na expertise, medida por estes objetivos:• Configurar e gerenciar a alta disponibilidade• Configurar soluções de arquivo e armazenamento• Implementar a continuidade do negócio e a recuperação de desastres• Configurar serviços de rede• Configurar a infraestrutura do Active Directory• Configurar soluções de identidade e acessoO Exam Ref 70-412:• Está totalmente atualizado para o Windows Server 2012 R2.• Está organizado por objetivos do exame.• Apresenta cenários estratégicos desafiadores.• Parte do princípio de que você já tem experiência na administração da infraestrutura básica do Windows Server 2012 R2.
The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenariosIncludes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so onLoaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout
This book will be the first covering the subject of IP address management (IPAM). The practice of IPAM includes the application of network management disciplines to IP address space and associated network services, namely DHCP (Dynamic Host Configuration Protocol) and DNS (Domain Name System). The consequence of inaccurately configuring DHCP is that end users may not be able to obtain IP addresses to access the network. Without proper DNS configuration, usability of the network will greatly suffer as the name-to-address lookup process may fail. Imagine having to navigate to a website or send an email or an instant message by IP address instead of by name! It's equally important that these DHCP and DNS configurations be based on a common IP address plan, which maps out the IP address hierarchy, subnets, address pools, and domains. IPAM applies management disciplines to these core services, including configuration, change control, auditing, reporting and so on, and they are necessary given the absolute requirement for properly managing IP space and DHCP and DNS servers. The linkages among an IP address plan, DHCP server configuration and DNS server configuration are inseparable; a change of an IP address will affect DNS information and perhaps DHCP as well. These functions provide the foundation for today's converged services IP networks, so they need to be managed using a rigorous approach. Today, there is no single book that covers the management of these linkages and services they provide; IP Address Management Principles and Practice will fill that gap. While several books are available for leading vendors' DHCP and DNS services implementations, few exist for IP address planning, and none exist that unifies these three topics. To obtain a free copy of the IPAM Configuration Guide please send an email to: firstname.lastname@example.org