networking/security

I've kept this bookmark around for quite a few years, because it contains links to a lot of security documents. While it is a broad "Linux Security" article, it also contains links to network based security pages.

https://isc.sans.edu//diary.html?storyid=3514

BTW - It was written in 2007, but most of the links point to recent versions (Like the fedora link links to F16). Even though it's a few years old, the methods haven't changed much and are still worth reading.

If you really want to understand various security controls in Linux based systems, then I highly recommend checking out gentoo or Linux From Scratch so that you can install a system from the core components without any built-in security controls. This will allow you to hand configure the controls you wish to implement and will force you to watch the vulnerability lists to maintain a secure systems. The greater purpose is to force you to use that system as your primary system so that the necessary research and testing is forced upon you.

You should also checkout backtrack http://distrowatch.com/table.php?distribution=backtrack so that you can test and learn about various network and physical intrusion methods.

Can you share what aspect of Network Security you are most interested in such as packet analysis, port control, remote exploits, intrusion detection systems, etc...?

My favorite books are:
Special Ops: http://www.amazon.com/Special-OPs-Network-Security-Microsoft/dp/1931836698
Hack Proofing Linux: http://books.google.com/books/about/Hack_proofing_Linux.html?id=5vVy6F80gJ4C
Guide to Network Defense and Countermeasures: http://books.google.com/books?id=XD0FAAAACAAJ&dq=guide+to+network+defense+and+countermeasures&hl=en&sa=X&ei=Ud49T860JIbi0QGHyt2vBw&ved=0CDwQ6AEwAQ

Honestly security tactics and techniques change so often that books on the subject are outdated before they are published. You can use some of the information from the books as reference for past methods and to teach you the basic techniques, but the only way to really know what is going on is to get some hands on experience.

To really understand what is going on I highly recommend setting up a snort ( http://www.snort.org/ ) server in a detached network and running attacks against various operating systems and applications from the backtrack disk, that logged traffic will show you common patterns and attack portals.

Ipcop is a user friendly firewall solution, personally I prefer scripting modifications to a stock iptables firewall than going through a gui or restricted setup. You can see my firewall script from a couple of revisions ago at http://pastebin.com/8bzyUG5F

As for what distributions I use, I am a loyal slackware user. Pat's diligence in testing software, watching vulnerabilities and simplifying the installation base makes is very easy to build a very secure system. I consider the lack of PAM and SeLinux a benefit because it removed the potential for configuration mistakes and eliminates the vulnerabity histories of that software from my mind. An important rule is to keep your security solutions simple, the simplicity reduces complexity and attack vectors.