[opensource] Volunter for Potential Talks

William Triest triest.1 at osu.edu
Wed Jan 18 04:04:28 EST 2006


First of all, I'm a horrible speller, its 4:00am, and I'm writing this
without spell check; so please ignore spelling / gramatical mistakes and
pay attention to the attempted content.

Since there will hopefully be a number of new memebers, I would like to
volunter to give a short welcome to the new memebers and to provide my
perspective on the club.  I know some people have been interested in my
knowledge of club history, since my first year at Ohio State was Issac's
last year (ie I've been around a little while even if I haven't been
very active).  I also would like to touch upon ettiqutte.

Also, I've thought of some possible talk topics that I could be
qualified to give.  I took an independant study based on "network
security" primarily focusing on encryption (symetric key/ public private
key/ ssl tls etc) so I could talk about some of the above.  Also I was
thinking if there are enough novice users a general security practices
for a Linux/*nix box might be good.  As I've attempted to flush out this
idea some, I think I'm qualified enough to fill two semi-long meetings
(probably 3 if you want pgp key signing).  If the group is interested in
only part of this schedule, then this time could be cut shorter.


Introduction to Encryption
Symetric key Encryption
Hashes (what they are, and mention two standards md5 and sha1)
Public / Private Key encrytpion (focusing on what signatures are
compared to encryption)
SSL / TLS  Including the small differences between ssl v3 and tls
(primarily starttls), using them in places other then the web (ie to
secure other insecure protocals), and talking about how they can be used
for more then just securely talking to a server (i.e. two-way ssl
validation)
PGP and the web of trust
Setup so at a later meeting we could possibly have:
PGP key signing party 
Possible CaCert.org Assuring (I should be an assurer soon with existing
assurance, if not I should be able to find one more assurer)

Basic Linux/*nix security
Start out with basic things like why running as root is bad (and talk
about su and sudo)
Talk about the importance of a strong password
Insecure protocals (identifying which are insecure) and ways to secure
(ssl/tls, tunneling over ssh, alternative protocals)
Tightening up security on ssh (root no login, using keys to login,
ssh-key-agent for key management)
The importance of checking your logs, usful utilities like logwatch
The basics of a firewall, including some sample iptable rules
Talk about why NFS is insecure, discuss various options for home sharing
of files between computers
I'm sure plenty more belong here and contributions would be welcomed.

I would honestly like to hear which aspects of this the club would be
interested in.  If you just want to hear part a subset (even if its just
one sub-topic) let me know.  Just keep in mind that I don't want to
confuse people without much expierence and I don't want to spend a bunch
of time researching details, so I'm offering pretty broad overviews of
these topics.

Thanks,
Bill Triest
5th year CSE major & 
Unix Systems Administrator -- Department of Chemistry



More information about the Opensource mailing list