[opensource] Volunter for Potential Talks

Adam Porr porr.4 at osu.edu
Wed Jan 18 11:02:33 EST 2006


Bill, I'd be interested in hearing about all of the things that you
mentioned. I have a very vague notion of Unix security, but I've never
actually had the motivation to learn more about it or implement it.
Perhaps this will get me started!

Adam

On 1/18/06, William Triest <triest.1 at osu.edu> wrote:
> First of all, I'm a horrible speller, its 4:00am, and I'm writing this
> without spell check; so please ignore spelling / gramatical mistakes and
> pay attention to the attempted content.
>
> Since there will hopefully be a number of new memebers, I would like to
> volunter to give a short welcome to the new memebers and to provide my
> perspective on the club.  I know some people have been interested in my
> knowledge of club history, since my first year at Ohio State was Issac's
> last year (ie I've been around a little while even if I haven't been
> very active).  I also would like to touch upon ettiqutte.
>
> Also, I've thought of some possible talk topics that I could be
> qualified to give.  I took an independant study based on "network
> security" primarily focusing on encryption (symetric key/ public private
> key/ ssl tls etc) so I could talk about some of the above.  Also I was
> thinking if there are enough novice users a general security practices
> for a Linux/*nix box might be good.  As I've attempted to flush out this
> idea some, I think I'm qualified enough to fill two semi-long meetings
> (probably 3 if you want pgp key signing).  If the group is interested in
> only part of this schedule, then this time could be cut shorter.
>
>
> Introduction to Encryption
> Symetric key Encryption
> Hashes (what they are, and mention two standards md5 and sha1)
> Public / Private Key encrytpion (focusing on what signatures are
> compared to encryption)
> SSL / TLS  Including the small differences between ssl v3 and tls
> (primarily starttls), using them in places other then the web (ie to
> secure other insecure protocals), and talking about how they can be used
> for more then just securely talking to a server (i.e. two-way ssl
> validation)
> PGP and the web of trust
> Setup so at a later meeting we could possibly have:
> PGP key signing party
> Possible CaCert.org Assuring (I should be an assurer soon with existing
> assurance, if not I should be able to find one more assurer)
>
> Basic Linux/*nix security
> Start out with basic things like why running as root is bad (and talk
> about su and sudo)
> Talk about the importance of a strong password
> Insecure protocals (identifying which are insecure) and ways to secure
> (ssl/tls, tunneling over ssh, alternative protocals)
> Tightening up security on ssh (root no login, using keys to login,
> ssh-key-agent for key management)
> The importance of checking your logs, usful utilities like logwatch
> The basics of a firewall, including some sample iptable rules
> Talk about why NFS is insecure, discuss various options for home sharing
> of files between computers
> I'm sure plenty more belong here and contributions would be welcomed.
>
> I would honestly like to hear which aspects of this the club would be
> interested in.  If you just want to hear part a subset (even if its just
> one sub-topic) let me know.  Just keep in mind that I don't want to
> confuse people without much expierence and I don't want to spend a bunch
> of time researching details, so I'm offering pretty broad overviews of
> these topics.
>
> Thanks,
> Bill Triest
> 5th year CSE major &
> Unix Systems Administrator -- Department of Chemistry
>
> _______________________________________________
> Opensource mailing list
> Opensource at mail.cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/opensource
>



More information about the Opensource mailing list