If you cannot read the information below, click here.

O'Reilly.comFor Immediate Release
CONTACT:   [email protected]

Linux Firewalls--New from No Starch Press
New book shows how to use iptables and Netfilter to detect and prevent network-based attacks

Linux Firewalls San Francisco, CA—System administrators need to stay ahead of new security vulnerabilities daily, and tech book publisher No Starch Press (nostarch.com) wants to help. Their latest publication, Linux Firewalls, by security expert Michael Rash, is designed to show sys admins how to design and implement a firewall and intrusion detection system (IDS) that will proactively deny access and monitor network traffic for signs of attack.

Linux Firewalls is a great book.”
—Richard Bejtlich of taosecurity.com in the Foreword to Linux Firewalls

Linux Firewalls (October 2008, 304 pp., ISBN 978-1-59327-141-1) discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel. “This book will really do its part to move the field of firewalling forward,” said No Starch Press publisher Bill Pollock. “We didn’t want to publish just any firewalls book; we wanted to publish a groundbreaking one. Sure, almost anyone can build a simple firewall, but it’s not easy to build a robust firewall. That’s where Linux Firewalls comes in.”

Rash shows how to use iptables and Netfilter to provide strong filtering, NAT (network address translation), state tracking, and application layer inspection capabilities that rival many commercial tools. Readers learn how to use psad and fwsnort to deploy iptables as an IDS and how to use fwknop to build a strong, passive authentication layer around iptables. Readers will find coverage of:

Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more. Perl and C code snippets offer practical examples that help sys admins maximize their deployment of Linux firewalls.

Administrators tasked with keeping a network secure will find Linux Firewalls invaluable in their efforts to understand attacks and use iptables to detect and prevent compromises.

For a review copy or more information please email [email protected]. Please include your delivery address and contact information.

Michael Rash is a security architect with Enterasys Networks, Inc., where he develops the Dragon intrusion detection and prevention system. He is a frequent contributor to open source projects and the creator of psad, fwknop, and fwsnort. Rash is an expert on firewalls, intrusion detection systems, passive OS fingerprinting, and the Snort rules language. He is co-author of Snort 2.1 Intrusion Detection (Syngress, 2004) and author of Intrusion Prevention and Active Response (Syngress, 2005), and he has written security articles for Linux Journal, Sys Admin magazine, and ;login:.

Additional Resources:
For more information about the book, see: http://www.oreilly/catalog/1593271417 To view the table of contents, see http://www.nostarch.com/firewalls_toc.htm To download Chapter 10, “Deploying fwsnort,” see http://www.tinker.tv/download/firewalls_ch10.pdf

Linux Firewalls
Michael Rash
ISBN: 1-59327-141-7, 322 pages, $49.95 USD
[email protected]

Available in fine bookstores everywhere, from www.oreilly.com/nostarch, or directly from No Starch Press (www.nostarch.com, [email protected], 800.420.7240).

About No Starch Press:
Founded in 1994, No Starch Press is one of the few remaining independent computer book publishers. We publish the finest in geek entertainment---unique books on technology, with a focus on Open Source, security, hacking, programming, alternative operating systems, and LEGO. Our titles have personality, our authors are passionate, and our books tackle topics that people care about. See www.nostarch.com for more information and our complete online catalog. (And most No Starch Press books use RepKover, a lay-flat binding that won't snap shut.)

[email protected]

About O'Reilly:
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other trademarks are the property of their respective owners.

Available online at http://www.oreilly.com/store/O'Reilly.com