售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Table of Contents
Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter
Credits
About the Author
About the Reviewer
Preface
What This Book Covers
Conventions
Reader Feedback
Customer Support
Downloading the Example Code for the Book
Errata
Questions
1. Networking Fundamentals
The OSI Model
OSI Layer 7: Application
OSI Layer 6: Presentation
OSI Layer 5: Session
OSI Layer 4: Transport
OSI Layer 3: Network
OSI Layer 2: Data Link
OSI Layer 1: Physical
OSI Functionality Example and Benefits
The TCP/IP Model
The TCP/IP Application Layer
The TCP/IP Transport Layer
The Transmission Control Protocol (TCP)
The User Datagram Protocol (UDP)
The TCP/IP Internet Layer
The TCP/IP Network Access Layer
TCP/IP Protocol Suite Summary
OSI versus TCP/IP
IP Addressing, IP Subnetting, and IP Supernetting
Obtaining an IP Address
IP Classes
Reserved IP Addresses
Public and Private IP Addresses
IP Subnetting
The Subnet Mask
Everything Divided in Two
A Different Approach
IP Supernetting or CIDR
How the Internet Works
Summary
2. Security Threats
Layer 1 Security Threats
Layer 2 Security Threats
MAC Attacks
DHCP Attacks
ARP Attacks
STP and VLAN-Related Attacks
Layer 3 Security Threats
Packet Sniffing
IP Spoofing
Routing Protocols Attacks
ICMP Attacks
Teardrop Attacks
Layer 4 Security Threats
TCP Attacks
UDP Attacks
TCP and UDP Port Scan Attacks
Layer 5, 6, and 7 Security Threats
BIND Domain Name System (DNS)
Apache Web Server
Version Control Systems
Mail Transport Agents (MTA)
Simple Network Management Protocol (SNMP)
Open Secure Sockets Layer (OpenSSL)
Protect Running Services—General Discussion
Summary
3. Prerequisites: netfilter and iproute2
netfilter/iptables
Iptables — Operations
Filtering Specifications
Target Specifications
A Basic Firewall Script—Linux as a Workstation
iproute2 and Traffic Control
Network Configuration: "ip" Tool
Traffic Control: tc
Queuing Packets
Classless Queuing Disciplines (Classless qdiscs)
Classful Queuing Disciplines
tc qdisc, tc class, and tc filter
A Real Example
Summary
4. NAT and Packet Mangling with iptables
A Short Introduction to NAT and PAT (NAPT)
SNAT and Masquerade
DNAT
Full NAT (aka Full Cone NAT)
PAT or NAPT
NAT Using iptables
Setting Up the Kernel
The netfilter nat Table
SNAT with iptables
DNAT with iptables
Transparent Proxy
Setting Up the Script
Verifying the Configuration
A Less Normal Situation: Double NAT
Packet Mangling with iptables
The netfilter mangle Table
Summary
5. Layer 7 Filtering
When to Use L7-filter
How Does L7-filter Work?
Installing L7-filter
Applying the Kernel Patch
Applying the iptables Patch
Protocol Definitions
Testing the Installation
L7-filter Applications
Filtering Application Data
Application Bandwidth Limiting
Accounting with L7-filter
IPP2P: A P2P Match Option
Installing IPP2P
Using IPP2P
IPP2P versus L7-filter
Summary
6. Small Networks Case Studies
Linux as SOHO Router
Setting Up the Network
Defining the Security Policy
Building the Firewall
Setting Up the Firewall Script
Verifying the Firewall Configuration
QoS—Bandwidth Allocation
The QoS Script
Verifying the QoS Configuration
Linux as Router for a Typical Small to Medium Company
Setting Up the Router
Defining the Security Policy
A Few Words on Applications
Creating the Firewall Rules
Setting Up the Firewall Script
QoS—Bandwidth Allocation
The QoS Script
Summary
7. Medium Networks Case Studies
Example 1: A Company with Remote Locations
The Network
Building the Network Configuration
Designing the Firewalls
Building the Firewalls
Sites B and C
Site A
Headquarters
Make the Network Intelligent by Adding QoS
Example 2: A Typical Small ISP
The Network
Building the Network Configuration
Designing and Implementing the Firewalls
The Intranet Server: 1.2.3.10
The Wireless Server: 1.2.3.130
The AAA Server: 1.2.3.1
The Database Server: 1.2.3.2
The Email Server: 1.2.3.3
The Web Server: 1.2.3.4
A Few Words on the Access Server: 1.2.3.131
The Core Router—First Line of Defense
QoS for This Network
QoS on the Wireless Server for Long-Range Wireless Users
QoS on the Intranet Server for the Internal Departments
QoS on the Core Router
Summary
8. Large Networks Case Studies
Thinking Large, Thinking Layered Models
A Real Large Network Example
A Brief Network Overview
City-1
City-2
City-3 and City-4
The Core Network Configuration
Core-2
Core-1, Core-3, and Core-4
Security Threats
Core Routers INPUT Firewalls
Protecting the Networks behind the Core Routers
Denial of Service Attacks
City-1 Firewall for Business-Critical Voice Equipment
Securing the Voice Network
QoS Implementation
Traffic Shaping for Clients
Summary
Index
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜