James Stanger starts with a high-level assessment of the pros and cons of free solutions, plus guidance on evaluating specific open source options. Next, you'll walk through hardening Linux boxes and other devices inside your network perimeter (avoiding the "hard exterior/soft squishy interior" malady that affects so many networks). Stanger shows how to penetration-test your systems, then thoroughly covers Snort intrusion detection (including significant enhancements in version 2.6).
Also covered in depth: authentication; firewalling; resisting sniffing attacks; toughening perimeter security with VPNs; using bastion hosts; and hardening Apache. Throughout, you'll find loads of diagrams, sample commands, and tips: all you need to actually do this stuff. Bill Camarda, from the December 2007 Read Only