1. Home
  2. Linux systems
  3. Secure Linux-based Servers

Chapter 5. Tunneling

Most of the previous chapters in this book have concerned specific services you may want your bastion hosts to provide. These include "infrastructure services" such as DNS and SMTP, "end-user" services such as FTP and HTTP, and "administrative services" such as SSH. This chapter falls both technologically and literally between the service-intensive part of the book and the behind-the-scenes section, since it concerns tools that are strictly means to other ends.

The means is tunneling, as this chapter's title indicates, and the ends to which we apply it involve enhancing the security of other applications and services. These applications and services may be either end-user-oriented or administrative. The tools we'll focus on in this chapter are the Stunnel encryption wrapper and the OpenSSL encryption and authentication toolkit, not because they're the only tools that do what they do, but because both are notably flexible, strong, and popular.



    		Building Secure Servers with Linux
    		Preface
    		Chapter 1. Threat Modeling and Risk Management
    		Chapter 2. Designing Perimeter Networks
    		Chapter 3. Hardening Linux
    		Chapter 4. Secure Remote Administration
    		Chapter 5. Tunneling
    		Section 5.1. Stunnel and OpenSSL: Concepts
    		Chapter 6. Securing Domain Name Services (DNS)
    		Chapter 7. Securing Internet Email
    		Chapter 8. Securing Web Services
    		Chapter 9. Securing File Services
    		Chapter 10. System Log Management and Monitoring
    		Chapter 11. Simple Intrusion Detection Techniques
    		Appendix A. Two Complete Iptables Startup Scripts
    		Colophon