{"product_id":"linux-hardening-hostile-networks","title":"Linux Hardening Hostile Networks","description":"\u003cp\u003e\u003cstrong\u003eImplement Industrial-Strength Security on Any Linux Server\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eIn an age of mass surveillance, when advanced cyberwarfare weapons rapidly migrate into every hacker’s toolkit, you can’t rely on outdated security methods–especially if you’re responsible for Internet-facing services. In \u003cem\u003e\u003cstrong\u003eLinux® Hardening in Hostile Networks,\u003c\/strong\u003e\u003c\/em\u003e Kyle Rankin helps you to implement modern safeguards that provide maximum impact with minimum effort and to strip away old techniques that are no longer worth your time.\u003c\/p\u003e \u003cp\u003eRankin provides clear, concise guidance on modern workstation, server, and network hardening, and explains how to harden specific services, such as web servers, email, DNS, and databases. Along the way, he demystifies technologies once viewed as too complex or mysterious but now essential to mainstream Linux security. He also includes a full chapter on effective incident response that both DevOps and SecOps can use to write their own incident response plan.\u003c\/p\u003e \u003cp\u003eEach chapter begins with techniques any sysadmin can use quickly to protect against entry-level hackers and presents intermediate and advanced techniques to safeguard against sophisticated and knowledgeable attackers, perhaps even state actors. Throughout, you learn what each technique does, how it works, what it does and doesn’t protect against, and whether it would be useful in your environment.\u003c\/p\u003e \u003cul\u003e  \u003cli\u003eApply core security techniques including 2FA and strong passwords\u003c\/li\u003e  \u003cli\u003eProtect admin workstations via lock screens, disk encryption, BIOS passwords, and other methods\u003c\/li\u003e  \u003cli\u003eUse the security-focused Tails distribution as a quick path to a hardened workstation\u003c\/li\u003e  \u003cli\u003eCompartmentalize workstation tasks into VMs with varying levels of trust\u003c\/li\u003e  \u003cli\u003eHarden servers with SSH, use apparmor and sudo to limit the damage attackers can do, and set up remote syslog servers to track their actions\u003c\/li\u003e  \u003cli\u003eEstablish secure VPNs with OpenVPN, and leverage SSH to tunnel traffic when VPNs can’t be used\u003c\/li\u003e  \u003cli\u003eConfigure a software load balancer to terminate SSL\/TLS connections and initiate new ones downstream\u003c\/li\u003e  \u003cli\u003eSet up standalone Tor services and hidden Tor services and relays\u003c\/li\u003e  \u003cli\u003eSecure Apache and Nginx web servers, and take full advantage of HTTPS\u003c\/li\u003e  \u003cli\u003ePerform advanced web server hardening with HTTPS forward secrecy and ModSecurity web application firewalls\u003c\/li\u003e  \u003cli\u003eStrengthen email security with SMTP relay authentication, SMTPS, SPF records, DKIM, and DMARC\u003c\/li\u003e  \u003cli\u003eHarden DNS servers, deter their use in DDoS attacks, and fully implement DNSSEC\u003c\/li\u003e  \u003cli\u003eSystematically protect databases via network access control, TLS traffic encryption, and encrypted data storage\u003c\/li\u003e  \u003cli\u003eRespond to a compromised server, collect evidence, and prevent future attacks\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003cem\u003eRegister your product at \u003ca href=\"http:\/\/informit.com\/register\" target=\"\" title=\"\"\u003einformit.com\/register\u003c\/a\u003e for convenient access to downloads, updates, and corrections as they become available.\u003c\/em\u003e\u003c\/p\u003e","brand":"MediaPlace","offers":[{"title":"Default Title","offer_id":57319518536062,"sku":"NW9780134173269","price":26.68,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1379\/1261\/files\/9780134173269.jpg?v=1778727995","url":"https:\/\/mediaplace.com\/products\/linux-hardening-hostile-networks","provider":"MediaPlace","version":"1.0","type":"link"}