[NBLUG] Security talk?

ME dugan at passwall.com
Mon May 14 17:57:41 PDT 2001


On Mon, 14 May 2001, E Frank Ball wrote:
> That would be a good followup to the firewall talk Devin and I gave.
> Anybody want to work on it with me?  I'm not ready to talk about kernel
> 2.4 firewalls yet.
> 
> Topics:
> configuring inetd, xinetd
> configuring stuff in rc.d/
> using ssh, scp, sftp
> hazards of telnet, ftp, rlogin, rcp, etc.
> ??


LUGOD seems to have found too much to cover in one meeting and had to
split theirs up into several. Others included:

increasing difficulty for users with physical access to comprimise a
system with passwords in lilo.conf for certain boot time LILO options.

Cryptography in file systems and network access

SSL

Security Mailing lists

Password security (length, type, mixes) The offered suggestion of Rick
Moen for a person to speak on password security might be a good idea.

You and Devin covered some of the core foundation philosophies for network
hardening in your firewall discussion: (Turn off non-necessary services,
only enable the services you need, only open access to the services you
want exposed, use more secure daemons (less sendmail, more qmail etc.) 

Then there is coverage of IDS (Intrusion Detection Systems) as local
services and network-based and mixing the two up for dual coverage.

Hardened logging servers

Kernel patches

Coding style to avoid writing code that poorly passes variable or lacks
bounds checking in bad context.

and plenty more.

>From the comments at LUGOD on this, more technical security talks drew far
smaller crouds than the general security talks. I would bet the general
talks would be desired by most members, but I am not sure.

-ME




More information about the talk mailing list