Book Image

Linux for Networking Professionals

By : Rob VandenBrink
1 (1)
Book Image

Linux for Networking Professionals

1 (1)
By: Rob VandenBrink

Overview of this book

As Linux continues to gain prominence, there has been a rise in network services being deployed on Linux for cost and flexibility reasons. If you are a networking professional or an infrastructure engineer involved with networks, extensive knowledge of Linux networking is a must. This book will guide you in building a strong foundation of Linux networking concepts. The book begins by covering various major distributions, how to pick the right distro, and basic Linux network configurations. You'll then move on to Linux network diagnostics, setting up a Linux firewall, and using Linux as a host for network services. You'll discover a wide range of network services, why they're important, and how to configure them in an enterprise environment. Finally, as you work with the example builds in this Linux book, you'll learn to configure various services to defend against common attacks. As you advance to the final chapters, you’ll be well on your way towards building the underpinnings for an all-Linux datacenter. By the end of this book, you'll be able to not only configure common Linux network services confidently, but also use tried-and-tested methodologies for future Linux installations.
Table of Contents (20 chapters)
1
Section 1: Linux Basics
4
Section 2: Linux as a Network Node and Troubleshooting Platform
8
Section 3: Linux Network Services

Chapter 13 – Intrusion Prevention Systems on Linux

  1. Zeek would be your tool of choice. As we saw in the Zeek example, drilling down through all traffic in a specific time window to a specific TLS version is very quick. Adding geolocation information partway through the search just takes a few mouse clicks. The source and destination IP addresses are summarized for you as you narrow your search down, so no additional action is required to collect that.
  2. SSH clients, when used, generate traffic. A tool such as P0F (or a commercial tool such as Teneble PVS) can passively collect all traffic, and then associate this traffic with the client workstations. By using algorithms such as JA3 or HASSH, passively collected data can often tell you about the client application, very often right down to its version. This allows you to target out-of-date clients for software upgrades.

    PuTTY is a good example of this, since this application often isn't installed using a full MSI-based...