Detecting and protecting against hostile network activity has become
one of the important topics of Network and System Administration.
The firewall architecture is one of the most important security
strategies, but it is rapidly becoming inadequate to protect
computers. This course explains:
How we can detect "hostile traffic".
The principles on which firewalls are built.
How existing tools approach this problem.
Some popular firewall architectures.
We begin with
the problems that led to the
development of firewalls, and end with why firewalls alone are not adequate
security, and what is being done for the future.
What do we expect from you?
Linux
The shell
Using SSH
A little shell programming
Network setup
Compiling and running program
Networking
Ethernet
A little IP
Some TCP and UDP
Motivation
What will you learn?
Understand the technology and science of intrusion detection.
Design a network security policy.
How to configure a Linux firewall.
Use tools like tcpdump and wireshark to capture and analyse network traffic.
Read and understand transcripts from network traffic.
Understand the limitations of a specific firewall implementation
and setup.
Understand the concept of host based and network based intrusion detection.
Deploy and use SNORT - a network intrusion detection system.
Understand the concept of anomaly detection.
Textbook
Linux Firewalls Third Edition
Robert L Ziegler
ISBN: 0-7357-1099-6
Sold at http://www.amazon.co.uk/
iptables-tutorial.pdf found under Resources in Fronter is an
alternative.