Rankin - Linux Hardening in Hostile Networks

EPUB is an open, industry-standard format for e-books. However, support for EPUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturers Web site.

Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the e-book in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a Click here to view code image link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.

Server Security from TLS to Tor

Kyle Rankin

Boston Columbus Indianapolis New York San Francisco Amsterdam Cape Town
Dubai London Madrid Milan Munich Paris Montreal Toronto Delhi Mexico City
So Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals.

The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at or (800) 382-3419.

For government sales inquiries, please contact .

For questions about sales outside the U.S., please contact .

Visit us on the Web: informit.com/aw

Library of Congress Control Number: 2017942009

Copyright 2018 Pearson Education, Inc.

All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearsoned.com/permissions/.

ISBN-13: 978-0-13-417326-9
ISBN-10: 0-13-417326-0

1 17

Computer and software security has always been an important topic. Today it is also an urgent one; security breaches continue to increase exponentially, and even GNU/Linux systems, which have traditionally been less prone to problems, are subject to devastating attacks. If youre using a GNU/Linux system for anything at all criticaleven if its just your email and home tax accountingyou need to know how to protect it!

This book is the right go-to place to get started. Beginning with the basics, the author covers what you need to know for all important areas of GNU/Linux system management, in clear and readable prose. After reading it youll be able to improve the safety of your systems and be prepared to go further on your own. The book is written in a careful, vendor-neutral manner, so that everything applies as broadly as possible; with any luck this book will be useful to you again and again, instead of becoming obsolete upon the next release of Distro XYZ.

I hope youll agree with me that this book is worth your time. Keep safe!

Arnold Robbins
Series Editor

This book is dedicated to my wife, Joy,
without whom it would have never been finished.

We are living in the golden age of computer hacking. So much of our daily livesfrom how we communicate, to how we socialize, to how we read news, to how we shopis conducted on the Internet. Each of those activities rely on servers sitting somewhere on the Internet, and those servers are being targeted constantly. The threats and risks on the Internet today and the impact they can have on the average person are greater than ever before.

While there are exceptions, most computer hackers a few decades ago were motivated primarily by curiosity. If a hacker found a major vulnerability in a popular application, she might break the news at a security conference. If she compromised a network, she would look around a bit and might install a backdoor so she could get back in later, but generally speaking the damage was minimal. These days, many hackers are motivated by profit. A zero-day vulnerability (i.e., a new, unpatched vulnerability not disclosed to the vendor) in a popular application can be sold for tens to hundreds of thousands of dollars. Databases from hacked networks are sold on the black market to aid in identity theft. Important files are encrypted and held for ransom.

Hacker motivations are not the only thing thats changed; so have the hackers themselves. While you will still find pasty, white male hackers wearing black hoodies and hacking away in a basement, that stereotype doesnt match the reality. The spread of high-speed, always-on Internet throughout the world means that Internet users in general, and hackers specifically, reflect the diversity of the world itself. Instead of a black hoodie, a hacker today might wear a dress, a tie, or a uniform, and may work for organized crime or the military. Hackers are international and diverse, and so are their targets.

With everyone online, hacking has become a very important part of surveillance, espionage, and even warfare. Nation-state hackers have become more overt over the years to the point that now its not uncommon to hear of nation-state actors compromising power grids, nuclear facilities, or major government networks. Nation-state hackers are well-funded, well-trained, and as a result they have sophisticated tools and methods at their disposal. Unlike conventional military tools, however, these tools find their way into the ordinary hackers toolkit sometimes after only a year or two. This means that even if your threat model doesnt include a nation-state attacker, it must still account for last years nation-state hacking capabilities.