Get to grips with the most common as well as complex Linux networking configurations, tools, and services to enhance your professional skills
Key Features
• Learn how to solve critical networking problems using real-world examples
• Configure common networking services step by step in an enterprise environment
• Discover how to build infrastructure with an eye toward defense against common attacks
Book Description
As Linux continues to gain prominence, there has been a rise in network services being deployed on Linux for cost and flexibility reasons. If you are a networking professional or an infrastructure engineer involved with networks, extensive knowledge of Linux networking is a must.
This book will guide you in building a strong foundation of Linux networking concepts. The book begins by covering various major distributions, how to pick the right distro, and basic Linux network configurations. You'll then move on to Linux network diagnostics, setting up a Linux firewall, and using Linux as a host for network services. You'll discover a wide range of network services, why they're important, and how to configure them in an enterprise environment. Finally, as you work with the example builds in this Linux book, you'll learn to configure various services to defend against common attacks. As you advance to the final chapters, you'll be well on your way towards building the underpinnings for an all-Linux datacenter.
By the end of this book, you'll be able to not only configure common Linux network services confidently, but also use tried-and-tested methodologies for future Linux installations.
What you will learn
• Use Linux as a troubleshooting and diagnostics platform
• Explore Linux-based network services
• Configure a Linux firewall and set it up for network services
• Deploy and configure Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services securely
• Configure Linux for load balancing, authentication, and authorization services
• Use Linux as a logging platform for network monitoring
• Deploy and configure Intrusion Prevention Services (IPS)
• Set up Honeypot solutions to detect and foil attacks
Who this book is for
This book is for IT and Windows professionals and admins looking for guidance in managing Linux-based networks. Basic knowledge of networking is necessary to get started with this book.
Author(s): Rob VandenBrink
Edition: 1
Publisher: Packt Publishing
Year: 2021
Language: English
Commentary: Publisher's PDF
Pages: 528
City: Birmingham, UK
Tags: Linux; Security; Intrusion Detection; Monitoring; System Administration; DNS; Logging; Network Security; Troubleshooting; Honeypot; Networking; Load Balancing; DHCP; TCP; UDP; Packet Analysis; Packet Capture
Cover
Copyright
Contributors
Table of Contents
Preface
Section 1: Linux Basics
Chapter 1: Welcome to the Linux Family
Why Linux is a good fit for a networking team
Why is Linux important?
The history of Linux
Mainstream data center Linux
Red Hat
Oracle/Scientific Linux
SUSE
Ubuntu
BSD/FreeBSD/OpenBSD
Specialty Linux distributions
Open source firewalls
Kali Linux
SIFT
Security Onion
Virtualization
Linux and cloud computing
Picking a Linux distribution for your organization
Summary
Further reading
Chapter 2: Basic Linux Network Configuration and Operations – Working with Local Interfaces
Technical requirements
Working with your network settings – two sets of commands
Displaying interface IP information
Displaying routing information
IPv4 addresses and subnet masks
Special-purpose addresses
Private addresses – RFC 1918
Assigning an IP address to an interface
Adding a route
Adding a route using legacy approaches
Disabling and enabling an interface
Setting the MTU on an interface
More on the nmcli command
Summary
Questions
Further reading
Section 2: Linux as a Network Node and Troubleshooting Platform
Chapter 3: Using Linux and Linux Tools for Network Diagnostics
Technical requirements
Network basics – the OSI model
Layer 2 – relating IP and MAC addresses using ARP
MAC address OUI values
Layer 4 – how TCP and UDP ports work
Layer 4 – TCP and the three-way handshake
Local port enumeration – what am I connected to? What am I listening for?
Remote port enumeration using native tools
Remote port and service enumeration – nmap
NMAP scripts
Are there limits to Nmap?
Wireless diagnostic operations
Summary
Questions
Further reading
Chapter 4: The Linux Firewall
Technical requirements
Configuring iptables
iptables from a high level
The NAT table
The mangle table
Order of operations in iptables
Configuring nftables
nftables basic configuration
Using include files
Summary
Questions
Further reading
Chapter 5: Linux Security Standards with Real-Life Examples
Technical requirements
Why do I need to secure my Linux hosts?
Cloud-specific security considerations
Commonly encountered industry-specific security standards
The Center for Internet Security critical controls
Getting a start on CIS critical security controls 1 and 2
OSQuery – critical controls 1 and 2, adding in controls 10 and 17
The Center for Internet Security benchmarks
Applying a CIS benchmark – securing SSH on Linux
SELinux and AppArmor
Summary
Questions
Further reading
Section 3: Linux Network Services
Chapter 6: DNS Services on Linux
Technical requirements
What is DNS?
Two main DNS server implementations
An organization's "internal" DNS server (and a DNS overview)
An internet-facing DNS server
Common DNS implementations
Basic installation: BIND for internal use
BIND: Internet-facing implementation specifics
DNS troubleshooting and reconnaissance
DoH
DoT
knot-dnsutils
Implementing DoT in Nmap
DNSSEC
Summary
Questions
Further reading
Chapter 7: DHCP Services on Linux
How does DHCP work?
Basic DHCP operation
DHCP requests from other subnets (forwarders, relays, or helpers)
DHCP options
Securing your DHCP services
Rogue DHCP server
Rogue DHCP client
Installing and configuring a DHCP server
Basic configuration
Static reservations
Simple DHCP logging and troubleshooting in everyday use
Summary
Questions
Further reading
Chapter 8: Certificate Services on Linux
Technical requirements
What are certificates?
Acquiring a certificate
Using a certificate – web server example
Building a private Certificate Authority
Building a CA with OpenSSL
Requesting and signing a CSR
Securing your Certificate Authority infrastructure
Legacy tried-and-true advice
Modern advice
CA-specific risks in modern infrastructures
Certificate Transparency
Using Certificate Authority for inventory or reconnaissance
Certificate automation and the ACME protocol
OpenSSL cheat sheet
Summary
Questions
Further reading
Chapter 9: RADIUS Services for Linux
Technical requirements
RADIUS basics – what is RADIUS and how does it work?
Implementing RADIUS with local Linux authentication
RADIUS with LDAP/LDAPS backend authentication
NTLM authentication (AD) – introducing CHAP
Unlang – the unlanguage
RADIUS use-case scenarios
VPN authentication using user ID and password
Administrative access to network devices
RADIUS configuration for EAP-TLS authentication
Wireless network authentication using 802.1x/EAP-TLS
Wired network authentication using 802.1x/EAP-TLS
Using Google Authenticator for MFA with RADIUS
Summary
Questions
Further reading
Chapter 10: Load Balancer Services for Linux
Technical requirements
Introduction to load balancing
Round Robin DNS (RRDNS)
Inbound proxy – Layer 7 load balancing
Inbound NAT – Layer 4 load balancing
DSR load balancing
Load balancing algorithms
Server and service health checks
Data center load balancer design considerations
Data center network and management considerations
Building a HAProxy NAT/proxy load balancer
Before you start configuring – NICs, addressing, and routing
Before you start configuring – performance tuning
Load balancing TCP services – web services
Setting up persistent (sticky) connections
Implementation note
HTTPS frontending
A final note on load balancer security
Summary
Questions
Further reading
Chapter 11: Packet Capture and Analysis in Linux
Technical requirements
Introduction to packet capturing – the right places to look
Capturing from either end
Switching the monitoring port
Intermediate in-line host
Network tap
Malicious packet capture approaches
Performance considerations when capturing
Capturing tools
tcpdump
Wireshark
TShark
Other PCAP tools
Filtering captured traffic
Wireshark capture filters (capturing your home network traffic)
tcpdump capture filters – VoIP phones and DHCP
More capture filters – LLDP and CDP
Collecting files from a packet capture
Troubleshooting an application – capturing a VoIP telephone call
Wireshark display filters – separating specific data in a capture
Summary
Questions
Further reading
Chapter 12: Network Monitoring Using Linux
Technical requirements
Logging using Syslog
Log size, rotation, and databases
Log analysis – finding "the thing"
Alerts on specific events
Syslog server example – Syslog
The Dshield project
Network device management using SNMP
SNMP NMS deployment example – LibreNMS
SNMPv3
Collecting NetFlow data on Linux
What is NetFlow and its "cousins" SFLOW, J-Flow, and IPFIX?
Flow collection implementation concepts
Configuring a router or switch for flow collection
An example NetFlow server using NFDump and NFSen
Summary
Questions
Further reading
Commonly used SNMP OIDs
Chapter 13: Intrusion Prevention Systems on Linux
Technical requirements
What is an IPS?
Architecture options – where does an IPS fit in your data center?
IPS evasion techniques
Detecting a WAF
Fragmentation and other IPS evasion methods
Classic/network-based IPS solutions – Snort and Suricata
Suricata IPS example
Constructing an IPS rule
Passive traffic monitoring
Passive monitoring with P0F – example
Zeek example – collecting network metadata
Summary
Questions
Further reading
Chapter 14: Honeypot Services on Linux
Technical requirements
Honeypot overview – what is a honeypot, and why do I want one?
Deployment scenarios and architecture – where do I put a honeypot?
Risks of deploying honeypots
Example honeypots
Basic port alerting honeypots – iptables, netcat, and portspoof
Other common honeypots
Distributed/community honeypot – the Internet Storm Center's DShield Honeypot Project
Summary
Questions
Further reading
Assessments
Chapter 2 – Basic Linux Network Configuration and Operations – Working with Local Interfaces
Chapter 3 – Using Linux and Linux Tools for Network Diagnostics
Chapter 4 – The Linux Firewall
Chapter 5 – Linux Security Standards with Real-Life Examples
Chapter 6 – DNS Services on Linux
Chapter 7 – DHCP Services on Linux
Chapter 8 – Certificate Services on Linux
Chapter 9 – RADIUS Services for Linux
Chapter 10 – Load Balancer Services for Linux
Chapter 11 – Packet Capture and Analysis in Linux
Chapter 12 – Network Monitoring Using Linux
Chapter 13 – Intrusion Prevention Systems on Linux
Chapter 14 – Honeypot Services on Linux
Other Books You May Enjoy
Index