Session

Maximum Netfilter

Michael Rash, Security Architect, Enterasys Networks, Inc.

Track: Security
Date: Wednesday, July 26
Time: 11:35am - 12:20pm
Location: F150

Netfilter in the Linux kernel along with its "iptables" interface has matured over the years, and is now a full-featured stateful firewall that rivals many commercial offerings in terms of functionality. This talk will show how Netfilter can be used as a mechanism for intrusion detection, provide a flexible interface to responding to attacks, and even facilitate an authorization scheme called Single Packet Authorization. The suite of open source security tools available on http://www.cipherdyne.org/ is designed to maximize the effectiveness of Netfilter from these standpoints, and all three of the applications "psad", "fwsnort", and "fwknop" will be presented. With the burgeoning number of Linux deployments, organizations across the landscape are increasingly in a position to run Netfilter. This talk will blaze a trail to maximizing the effectiveness of Netfilter.