Linux Hardening In Hostile Networks Server Security From Tls To Tor 1st Kyle Rankin by Kyle Rankin 9780134173269, 0134173260 instant download after payment.

Implement Industrial-Strength Security on Any Linux Server
In an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods—especially if you’re responsible for Internet-facing services. In Linux® Hardening in Hostile Networks, Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.
Rankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious, but now essential to mainstream Linux security. He also includes a full chapter on effective incident response.
Each chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.
Learn how to
Apply core security techniques including 2FA and strong passwords
Protect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods
Use the security-focused Tails distribution as a quick path to a hardened workstation
Compartmentalize workstation tasks into VMs with varying levels of trust
Harden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions
Establish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used
Configure a software load balancer to terminate SSL/TLS connections and initiate new ones downstream
Set up standalone Tor services and hidden Tor services and relays
Secure Apache and Nginx web servers, and take full advantage of HTTPS
Perform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls
Strengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC
Harden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC
Systematically protect databases via network access control, TLS traffic encryption, and encrypted data storage
Respond to a compromised server, collect evidence, and prevent future attacks
Kyle Rankin is the vice president of engineering operations for Final, Inc.; the author of DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks, and Ubuntu Hacks; and a contributor to a number of other books. Rankin is an award-winning columnist for Linux Journal and has written for PC Magazine, TechTarget websites, and other publications. He speaks frequently on Open Source software, including a keynote at SCALE 11x and numerous other talks at SCALE, O’Reilly Security Conference, OSCON, CactusCon, Linux World Expo, Penguicon, and a number of Linux Users’ Groups. In his free time Kyle does much of what he does at work—plays with Linux and computers in general. He’s also interested in brewing, BBQing, playing the banjo, 3D printing, and far too many other hobbies.