Language Selection

English French German Italian Portuguese Spanish

Book Review: Linux Firewalls - Attack Detection and Response with iptables, psad, and fwsnort

Working in a university environment, one gets used to doing more with less. Security, particularly, seems to never get the budget it deserves though it has increased in recent years. For all their limitations, open-source tools are the vital lifeblood that makes IT work, and work securely, in academia.

Using Netfilter (or commonly called iptables) for the firewalls have managed to reduce costs but provide stable and secure service to the users. However, for some time we've been looking to get more out of our firewalls to enhance the security and data reporting from the firewalls. The syslogs are all fine and good, but no one is seriously going to review them without some application doing the heavy lifting of making the data presentable.

Linux Firewalls, in this regard, is a great resource. It provided insight and helpful information into additional tools to get the most out of iptables and to add in additional functionality. The book covers basic iptables fundamentals and then covers the additional applications of psad, fwsnort, fwknop and data visualization of firewall logs.

More Here




More in Tux Machines

Linus Torvalds: 'I don't trust security people to do sane things'

Linus Torvalds has offered his thoughts on Linux security approaches, branding some security professionals as "f*cking morons" for focusing on process-killing rather than debugging. Torvalds, the creator and principal developer of the Linux kernel, does not often pull his punches when it comes to the kernel's behaviors and security. The engineer carried on the tradition over the weekend, as Google Pixel developer Kees Cook submitted a pull request for hardened usercopy changes for v4.15-rc1, which according to Cook, narrows areas of memory "that can be copied to/from userspace in the face of usercopy bugs by adding explicit whitelisting for slab cache regions." Read more Also: Linux creator slams security bods

Sustainable Open Source is About Evolution as a Group

The role of a CMO in a software company is fundamentally different from that in any other category. We have a really interesting role in marketing and technology, and it’s one of education and guidance. There used to be a place 20 years ago where, as a marketer, you would come up with a simple pithy message and buy a bunch of advertising and people would believe it. That’s not true anymore. Now we have to position ourselves alongside the architectures and the thought leadership that our customers are interested in to prove our value. Read more

Games: SuperTuxKart, PAWARUMI, Radar Warfare and More

GNU Linux-libre 4.14-gnu: -ENOFIRMWARE is now available

GNU Linux-libre 4.14-gnu sources and tarballs are now available at http://www.fsfla.org/selibre/linux-libre/download/releases/4.14-gnu/ . It didn't require any deblobbing changes since -rc6-gnu. Binaries are expected to show up over the next few days. The biggest change in this release is that the firmware subtree was removed upstream (thus the codename -ENOFIRMWARE), removing from the Linux kernel distribution a few pieces of Free firmware, and a number of non-Free ones. Alas, there are still a few pieces of non-Free firmware remaining in Linux 4.14; hopefully this problem will be addressed in a future release, and Linux will then be Free Software again. For the time being, it still requires some cleaning up to be Free Software, and plenty of additional cleaning up to meet the GNU Free Software Distribution Guidelines. The larger problem, that several drivers in Linux will not work at all unless you provide them with pieces of proprietary software, is not affected by this move: the drivers still refuse to work, a number of them for no good reason, and the non-Free firmware is still demanded by the upstream drivers, it is just distributed separately. This avoids legal problems for distributors of the kernel Linux, who refrain from distributing the non-Free firmware. However, that a number of drivers and corresponding firwmare are updated in lockstep suggests that they might actually be a single program, in spite of running on separate CPUs and having pieces distributed separately, and it might even be the case that the firmware happens to be a derivative work of the kernel. If that is so, those who distribute them together, or even just the firmware by itself, might be in violation of the terms of the GNU GPL, the Linux license, and thus losing their license to distribute Linux! Read more Also: GNU Linux-libre 4.14-gnu Released, Still A Battle Deblobbing Driver Firmware