Book Image

Linux for Networking Professionals

By : Rob VandenBrink
1 (1)
Book Image

Linux for Networking Professionals

1 (1)
By: Rob VandenBrink

Overview of this book

As Linux continues to gain prominence, there has been a rise in network services being deployed on Linux for cost and flexibility reasons. If you are a networking professional or an infrastructure engineer involved with networks, extensive knowledge of Linux networking is a must. This book will guide you in building a strong foundation of Linux networking concepts. The book begins by covering various major distributions, how to pick the right distro, and basic Linux network configurations. You'll then move on to Linux network diagnostics, setting up a Linux firewall, and using Linux as a host for network services. You'll discover a wide range of network services, why they're important, and how to configure them in an enterprise environment. Finally, as you work with the example builds in this Linux book, you'll learn to configure various services to defend against common attacks. As you advance to the final chapters, you’ll be well on your way towards building the underpinnings for an all-Linux datacenter. By the end of this book, you'll be able to not only configure common Linux network services confidently, but also use tried-and-tested methodologies for future Linux installations.
Table of Contents (20 chapters)
1
Section 1: Linux Basics
4
Section 2: Linux as a Network Node and Troubleshooting Platform
8
Section 3: Linux Network Services

Architecture options – where does an IPS fit in your data center?

Where you should place an IPS in your data center is an important decision, so we'll discuss this decision while providing a dose of IPS/IDS history.

Back in the day, data centers were configured with a "crunchy shell, soft chewy center" architecture. In other words, protections were focused on the perimeter, to protect against external attacks. Internal systems were mostly trusted (usually trusted too much).

This put the IDS at the perimeter, often on a SPAN port or on a network tap. If you review the tap options that we discussed in Chapter 11, Packet Capture and Analysis in Linux, if deployed this way, it was normally a one-way tap, electrically preventing the IDS from sending traffic. This was to minimize the possibility that the IDS itself might be compromised.

A second, trusted interface would be used to manage the IDS.

This configuration evolved to eventually include the ability...