Up next is fwsnort (Chapters 9-11) which provides the ability to take snort rules and configure them into iptables rules. This would allow not only alerting on malicious traffic, but either dropping or rejecting the traffic at the firewall. As Rash points out, this provides for good ability to protect machines against known attacks before a patch can be deployed. The book does a good job distinguishing between the methods of response between psad and fwsnort and shows how they can be used to compliment one another.
The next two chapters (12 and 13) cover port-knocking, single packet authorization and fwknop. Simply put, port-knocking and single packet authorization (SPA) allows remote systems to make dynamic changes to the firewall to allow temporary access to a service. This would leave, say, a web server protected by a firewall except in cases when it was dynamically opened only by an authorized user. The fwknop tool provides the functionality to do this.
While the tool itself is interesting and could have some niche applications, it's hard to see its use in a world with ubiquitous VPN services. It does add a layer of security, but also a layer of complexity that would be hard to justify in most cases.
The last chapter of Linux Firewalls covers visualization techniques based on statistics generated from the previous applications. While such efforts tend to be boring, most every IT admin has a pointy-haired boss that likes pretty pictures and this information provides valuable guidance to generate snappy looking graphs.
Rash is obviously an expert in this area and it comes through in the writing. The content is accessible to most and would provide a valuable reference to anyone who deploys any of the above services or just some subset of them. For those who can't afford a commercial solution, this book is a must.
Article comments