cipherdyne.org

Michael Rash, Security Researcher



Book Review of Linux Firewalls: Attack Detection and Response

Linux Firewalls Book Review Mirko Zorz of net-security.org has written a postive review of my book Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort. Here are a couple of excerpts from his review:

Rash illustrates why you should run fwsnort, a tool that translates Snort rules into equivalent iptables rules and guides you through a deployment with a myriad of other details. The practical aspect of the book continues and you see how fwsnort operates with specific real-world attacks. After all this material, the chapter that ties together a significant part of the book shows you how to combine fwsnort together with psad.

A firewall can generate a vast amount of data and visualizing iptables logs is a necessity for many. The author explains how to use Gnuplot and AfterGlow with psad in order to get a graphical depiction of iptables log data. You learn how to interpret data based on several examples.

If you want to master Linux firewalls get this title, it is outstanding.


Thanks for the kind words, Mirko. O'Reilly also made a press release about the book as well, and soon after the hit counts in Google went from about 600 to over 49,000 in the span of a week (I run a set of queries against Google every day and watch for trends in the results).