A guide to implementing DIY security solutions and readily available technologies to protect home and small-office networks from attack.
This book is an easy-to-follow series of tutorials that will lead readers through different facets of protecting household or small-business networks from cyber attacks. You’ll learn how to use pfSense to build a firewall, lock down wireless, segment a network into protected zones, configure a VPN (virtual private network) to hide and encrypt network traffic and communications, set up proxies to speed up network performance and hide the source of traffic, block ads, install and configure an antivirus, back up your data securely, and even how to monitor your network for unauthorized activity and alert you to intrusion.
Author(s): Seth Enoka
Edition: 1
Publisher: No Starch Press
Year: 2022
Language: English
Commentary: Publisher's PDF
Pages: 224
City: San Francisco, CA
Tags: Linux; Security; Cybersecurity; Malware Detection; Monitoring; Network Security; Wireless Networks; VPN; Small Business; Firewalls; OpenVPN; Advertisement; Backups; pi-hole; WireGuard; pfSense; Network Segmentation; Squid
Cybersecurity for Small Networks
About the Author
About the Technical Reviewer
Brief Contents
Contents in Detail
Acknowledgments
Introduction
How to Use This Book: What to Expect
Recommended (But Not Required) Knowledge
Recommended Hardware
Summary
Chapter 1. Getting Started with a Base Linux System and Network Map
Linux Operating Systems
#1: Creating an Ubuntu Virtual Machine
Hypervisor Options
VMware Workstation and VMware Player for Windows
VMware Fusion and VMware Fusion Player for macOS
VirtualBox
#2: Creating a Physical Linux System
Bootable USB on Windows
Bootable USB on macOS
Using the Bootable USB
#3: Creating a Cloud--Based Linux System
Finalizing the Linux Installation
Hardening Your Ubuntu System
#4: Installing System Packages
#5: Managing Linux Users
#6: Securing Remote Access
Generating SSH Keys
Remote Login with SSH
#7: Capturing VM Configurations
Taking Snapshots in VMware
Taking Snapshots in VirtualBox
Network Topology
#8: Checking Your IP Address
On Windows
On a Mac
On Linux
#9: Creating a Network Map
#10: Transferring Files
Summary
Chapter 2. Architecting and Segmenting Your Network
Network Devices
Hubs
Switches
Routers
Creating Trust Zones
Physical Segmentation
Logical Segmentation
#11: Segmenting Your Network
Ethernet Segmentation
Summary
Chapter 3. Filtering Network Traffic with Firewalls
Types of Firewalls
iptables
#12: Installing iptables
iptables Firewall Rules
Configuring iptables
Logging iptables Behavior
pfSense
#13: Installing the pfSense Firewall
Hardening pfSense
pfSense Firewall Rules
#14: Testing Your Firewall
Summary
Chapter 4. Securing Wireless Networks
#15: Disabling IPv6
#16: Limiting Network Devices
Creating an Asset List
Static IP Addressing
MAC Address Filtering
#17: Segmenting Your Network
#18: Configuring Wireless Authentication
WEP
WPA/WPA2
WPA3
Summary
Chapter 5. Creating a Virtual Private Network
Drawbacks of Third-Party VPNs and Remote Access Services
OpenVPN
EasyRSA
Wireguard
#19: Creating a VPN with OpenVPN
Set Up the Certificate Authority
Create the OpenVPN Server Certificate and Key
Configure OpenVPN
#20: Creating a VPN with Wireguard
Installing Wireguard
Set Up the Key Pairs
Configure Wireguard
Test Your VPN
Summary
Chapter 6. Improving Browsing and Privacy with the Squid Proxy
Why Use a Proxy?
#21: Setting Up Squid
Configuring Squid
Configuring Devices to Use Squid
Testing Squid
Blocking and Allowing Domains
Protecting Personal Information with Squid
Disabling Caching for Specific Sites
Squid Proxy Reports
Summary
Chapter 7. Blocking Internet Advertisements
Browser-Level Ad Blocking
#22: Blocking Ads in Google Chrome
#23: Blocking Ads in Mozilla Firefox
#24: Controlling Brave’s Privacy Settings
#25: Blocking Ads with Pi-Hole
Configure Pi-Hole
Using Pi-Hole
Configure DNS on Your Endpoints
Summary
Chapter 8. Detecting, Removing, and Preventing Malware
Microsoft Defender for Windows
Choosing Malware Detection and Antivirus Tools
Antivirus Farm
Signatures and Heuristics
#26: Installing Avast on macOS
#27: Installing ClamAV on Linux
#28: Using VirusTotal
#29: Managing Patches and Updates
Windows Update
macOS Software Update
Linux Updates with apt
#30: Installing Automox
Installing Automox
Using Automox
Summary
Chapter 9. Backing Up Your Data
Backup Types
Devising a Backup Schedule
Onsite and Offsite Backups
What to Back Up and What Storage to Use
#31: Using Windows Backup
#32: Using Windows Backup and Restore
#33: Using macOS Time Machine
#34: Using Linux duplicity
Creating Local Backups with duplicity
Creating Network Backups with duplicity
Restoring duplicity Backups
Additional duplicity Considerations
Cloud Backup Solutions
Backblaze
Carbonite
Virtual Machine Snapshots
Testing and Restoring Backups
Summary
Chapter 10. Monitoring Your Network with Detection and Alerting
Network Monitoring Methods
Network Traffic Access Points
Switch Port Analyzers
#35: Configuring a SPAN Port
Security Onion
#36: Building a Security Onion System
Installing Security Onion
#37: Installing Wazuh
Installing Wazuh on Windows
Installing Wazuh on macOS
Installing Wazuh on Linux
#38: Installing osquery
Installing osquery on Windows
Installing osquery on macOS
Installing osquery on Linux
A Network Security Monitoring Crash Course
Using osquery
Using Wazuh
Using Security Onion as a SIEM Tool
Summary
Chapter 11. Tips for Managing User Security on Your Network
Passwords
Password Managers
Password Breach Detection
Multifactor Authentication
Browser Plug-ins
Adblock Plus
Ghostery
HTTPS Everywhere
Internet of Things Considerations
Additional Resources
Summary
Index
