Re: OpenBSD Training
On 07/28/10 04:44, open...@e-solutions.re wrote: Hi, I have th following aim : Master OpenBSD, pass BSDP(OpenBSD)exam when this one will be available. I have good knowledege on TCP/IP;PF use Is there a good training center in French or English language? (I will be ready to buy a plane ticket.) With these covered topics : INSTALLATION UNIX BASIC COMMAND LINE NETWORK CONFIGURATION ADMINISTRATION(Web Hosting, Mailserver, Proxy Cache, DNS, LDAP,SSH) VPN(Site to Site, Nomade use (Home with mac/PC)) BACKUP AND RESTORE HARDENNING THE BOX Concrete with re-bar works well for hardening the box. As far as the software, OpenBSD comes "pre-hardened". Nothing really needs to be changed for security. Use good passwords and long passwords is about all you have to do. VIRTUALISATION with QEMU PF with CARP Thank's My advice is to setup a server with some websites (doesn't matter if the are "real" or bogus) and learn to deal with the problems that pop-up. Be sure to get an ISP with remote IP-KVM so you can fix any mistakes that lock you out. Throw on a mail server, make some different types of connections with your home box, etc. Training is good to get, but getting down in the trenches seems to be essential. I learned to use OpenBSD by setting up a server for my websites, then I added to my home computers.
Re: OpenBSD Training
On Wed, 28 Jul 2010 05:50:19 -0600
Chris Bennett wrote:
> My advice is to setup a server with some websites (doesn't matter if the
> are "real" or bogus) and learn to deal with the problems that pop-up. Be
> sure to get an ISP with remote IP-KVM so you can fix any mistakes that
> lock you out.
I think it's too risky for a newcomer to go straight for a real server.
Get a dual/quad core machine with 8GB (used ones are pretty cheap) and
install the free ("no licence cost") vmWare ESXi server. Use this to
host a whole network (dns, file server, email, etc.). Put another low
cost machine with 2 NICs in front of it; this will be your firewall.
Now you can simulate locally the daily business, e.g. remote
administration, remote upgrades, road warrior setups etc.
But you don't have the risk that someone roots your box because you
made a mistake. Instead you can (should!) try out to attack it ;)
When you're very confident in working with your network, yes, then you
need to go out on The Hostile Internet to learn more.
regards,
Robert
Re: OpenBSD Training
On 07/28/10 07:49, Robert wrote:
On Wed, 28 Jul 2010 05:50:19 -0600
Chris Bennett wrote:
My advice is to setup a server with some websites (doesn't matter if the
are "real" or bogus) and learn to deal with the problems that pop-up. Be
sure to get an ISP with remote IP-KVM so you can fix any mistakes that
lock you out.
I think it's too risky for a newcomer to go straight for a real server.
Get a dual/quad core machine with 8GB (used ones are pretty cheap) and
install the free ("no licence cost") vmWare ESXi server. Use this to
host a whole network (dns, file server, email, etc.). Put another low
cost machine with 2 NICs in front of it; this will be your firewall.
Now you can simulate locally the daily business, e.g. remote
administration, remote upgrades, road warrior setups etc.
But you don't have the risk that someone roots your box because you
made a mistake. Instead you can (should!) try out to attack it ;)
When you're very confident in working with your network, yes, then you
need to go out on The Hostile Internet to learn more.
regards,
Robert
You're probably right about that. I am just cursed/blessed with one of
those "high-risk loving" personalities.
Its more fun to live that way! :)
There are a great many good tricks you can do with your own stuff, which
are good teachers. And you can get Google and some other search engines
to index a site without a domain name if you set up a sitemap.xml and
ping it to them.
Re: OpenBSD Training
On 28/07/10 14:49, Robert wrote:
On Wed, 28 Jul 2010 05:50:19 -0600
Chris Bennett wrote:
My advice is to setup a server with some websites (doesn't matter if the
are "real" or bogus) and learn to deal with the problems that pop-up. Be
sure to get an ISP with remote IP-KVM so you can fix any mistakes that
lock you out.
I think it's too risky for a newcomer to go straight for a real server.
Get a dual/quad core machine with 8GB (used ones are pretty cheap) and
install the free ("no licence cost") vmWare ESXi server. Use this to
host a whole network (dns, file server, email, etc.). Put another low
cost machine with 2 NICs in front of it; this will be your firewall.
Now you can simulate locally the daily business, e.g. remote
administration, remote upgrades, road warrior setups etc.
But you don't have the risk that someone roots your box because you
made a mistake. Instead you can (should!) try out to attack it ;)
When you're very confident in working with your network, yes, then you
need to go out on The Hostile Internet to learn more.
regards,
Robert
Apart from ESXi is free but the management isn't...you need vSphere to
manage the thing. This seams like a very expensive way to learn an
OS...you can install a free virtual piece of software on your computer,
virtual box, vmware server etc and get going, or even get some very
cheap PC's off ebay. And to be honest I wouldn't worry about a cert that
much, just get some real experience under your belp. Certs help but they
are not the be all and end all that some people like to make out
Re: OpenBSD Training
On Wed, 28 Jul 2010 15:59:33 +0100 Michal wrote: > Apart from ESXi is free but the management isn't...you need vSphere to > manage the thing. This seams like a very expensive way to learn an Just a note: You don't need vSphere for this setup; only if you have to manage a couple of vmware servers (= real hardware) you would need it. In the free version you have to manage each vmware host (not virtual machine) manually through a web interface, which unfortunately only runs under Windows... So, yes, you can run this at without any vmWare licence cost. regards, Robert
Re: OpenBSD Training
> Date: Wed, 28 Jul 2010 05:50:19 -0600 > From: ch...@bennettconstruction.biz > Concrete with re-bar works well for hardening the box. > As far as the software, OpenBSD comes "pre-hardened". > Nothing really needs to be changed for security. > Use good passwords and long passwords is about all you have to do. Good point, all the salting, encrypting, and multiple encryption rounds in the world won't save the Internet from the idiots that set root passwords to "password". The irony of it all is that these 0wned idiots will complain that their "system" was insecure (that's why they got "hacked"). Unfortunately, we in OpenBSD-land live in a vacum of common sense that does not exist out in the real world. People actually use "password" for their password, or the ones who believe themselves clever set it to "secret" or "letmein". Don't believe me, look at the logs on your bastion OpenBSD servers. The reason there are so many ssh bruteforce attempts is because... wait for it.. it works. While we thank the gods for OpenBSD and all of the common sense it comes with, let's not forget that humans can break anything and overcome any amount of logic and careful design. Sincerely, IR _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: OpenBSD Training
writes: > I have th following aim : Master OpenBSD, pass BSDP(OpenBSD)exam when this > one will be available. > I have good knowledege on TCP/IP;PF use > Is there a good training center in French or English language? > (I will be ready to buy a plane ticket.) Assuming the EuroBSDCon programme turns out roughly like the earlier conferences, there's a distinct possibility that there will be useful tutorials in Karlsruhe in October (http://2010.eurobsdcon.org/). The schedule isn't done yet it appears, but there as far as I can tell from the bsdcertification.org web, the BSDA exam will be offered during the conference. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD Training
On 29 July 2010 01:39, Robert wrote: > On Wed, 28 Jul 2010 15:59:33 +0100 > Michal wrote: >> Apart from ESXi is free but the management isn't...you need vSphere to >> manage the thing. This seams like a very expensive way to learn an > > Just a note: > You don't need vSphere for this setup; only if you have to manage a > couple of vmware servers (= real hardware) you would need it. > In the free version you have to manage each vmware host (not virtual > machine) manually through a web interface, which unfortunately only > runs under Windows... > So, yes, you can run this at without any vmWare licence cost. You can still use the vSphere Client and point it to the ESXi server, instead of a vSphere server. In fact, from the free ESXi web interface you can download the vSphere client to use in that fashion. Shane
Re: OpenBSD Training
An OpenBSD Training on PDF or Video training... On Tue, 03 Aug 2010 16:28:56 +0400, wrote: > Hi, > I'm very interested about OpenBSD Project. > I have good knowledge on TCP/IP and PF Use. > Now i want to learn more. > Is there someone to make an OpenBSD Training that will cover these > following topics ? > - OpenBSD as a mailserver (Using the simplest way and secure) > - OpenBSD as a Web Hosting Server (Using the simplest way and secure) > - OpenBSD as a Proxy Cache and filtering WEB Content.(Using the simplest > way and secure) > - Troubleshooting the box (Understand log, rotate the logs, load/Unload > module in Kernel...) > Don't worry, i will pay for your work. > Thank's for your reply.
