George mentioned number of great items for a presentation and there have been some good responses. One of the challenges in putting together a security presentation is that there is so much to cover. Configuring the system by editing configuration files, setting up harder to alter logs, and related topic would probably take up on evening. Intrusion detection, firewalls, and "honeypots" could each be presentations of their own. Or particular tools and products could each make for a presentation. An edgy presentation may be to setup a small net of two maybe three computers to demo common exploration and exploit techniques and countermeasures. Not to teach how to get into some corporate system but to show how system respond to different techniques. Three computers might be great. One is the "attacker" and the other two represent Linux systems with drastically different security setups. (Can really have "phun" and throw in a Windows sytem as a target PC. <g>) Then there are security matters not specific to Linux but may be helpful for some people. Things like philosophies of security (especially the shift towards security as a process of risk management rather than a state of risk avoidance), legal aspects of info security, incident response (or how not to destroy evidence when putting the system back together), human factors (this really interesting stuff such as dealing with social engineering), etc. Not having been to a HamLUG meeting yet and never having knowing met anybody in the group, what kinds of Linux systems in what kinds of environs are you running? A standalone desktop Linux system with occasional modem dial-out connection to the Internet has different security need than, say, a Web server on the Internet. And these have very different security challenges than, say, an embeded Linux system with no Internet or modem connections. By the way, to add to George's comments about secure kernals, there's the Security Enhanced Linux from the National Security Agency at http://www.nsa.gov/selinux/index.html I have yet to try it out. Maybe it is my paranoia that has me wanting to proof every line of code before using it to make sure I'm note installing "Echelon, Jr." on my system. <g> J.D. Abolins Meyda Online -- Infosec & Privacy Studies http://www.meydabbs.com (waiting to be updated when I get the time) At 05:07 PM 7/19/01 -0400, George Tenney wrote: > Actually Sheilds up was one thing on my list to talk about, as well as > running a port scanner against your box, and of course editing your > inetd.conf and startup scripts to make any unnescessary services not run. <snip> > Maybe we can talk about making a custom kernel > (you ultra paranoid guys will probably want to use > an encrypted files system). And maybe we can talk > about a few other things. J.D. Abolins Meyda Online -- Infosec & Privacy Studies http://www.meydabbs.com (waiting to be updated when I get the time) PS. I should give a quickie introduction now that I have moved out of lurker status. <g> I am a something of a LUG neighbor rather than a HAMLUG member. (I am running, or trying to run, a Linux group for the Princeton PC User Group.) There are some ways where I may be able to help support a fellow Linux group. I and a couple other PPCUG Linux folks are hoping to visit HamLUG soon.
