[nylug-announce] NY Linux Users Grp. January Meeting 1/15 Mordy Ovits: Two On Linux Security
jgleason at nylug.org
Thu Jan 9 02:55:26 EST 2003
The New York Linux Users Group presents
- Two on Linux Security -
Kernel Packet Filtering and Pluggable Authentication
January 15, 2003
IBM Headquarters Building
590 Madison Avenue at 57th Street
9th Floor, home to the IBM Linux Center of Competency
** RSVP Instructions**
Unless you have already rsvp'ed for a prior meeting, everyone
should RSVP to attend. http://rsvp.nylug.org
Check in with photo ID at the lobby for badge and room number.
We all know Linux's security reputation; it's a matter of pride
in our community.Â We all know that Linux can be hardened to a
high degree. We may even know what tools are invoked to bring
about this hardening.
But do you understand how they work, their internals? Mordy will
cover the internals of two Linux security features, both of which
remain poorly understood.
Therefore, this January 15 NYLUG meeting is going to be more
technical than usual.
The first topic will be the Linux kernel's packet mangling and
Linux has an incredibly sophisticated TCP/IP stack.Â Capable of
exceptional perfomance, it also offers unmatched flexibility.Â
It enables you to do nearly any network operation you can
conceive of, and then some.Â It gets thispower from its internal
architecture, comprised of softnet and netfilter.
Mordy will go over how the kernel's networking works, where
netfilter fits in, how iptables leverages this, and what it can be
used for. This will *not* be an iptables HOWTO. A solid knowledge
of TCP/IP is a prerequisite to this portion of the talk.
The second topic will be Linux's implemenation of Pluggable
Authentication Modules (PAM).
PAM, invented by Sun Microsystems, allows for framework-independent
system authentication.Â Linux, like all modern Unixes, uses PAM
for nearly all authentication, allowing for tremendous flexibility.
You can use PAM to authenticate against a RADIUS server or a
Windows Domain, or to prevent people from choosing bad passwords.
Mordy will be going over the PAM architecture and origins. He will
discuss how programs interact with PAM, and how to configure it.
A basic knowledge of the various authentication models and schemes
will be helpful, but is not required.
For more information, visit:
About Mordy Ovits:
Mordy spent three years as a cryptographic engineer, before moving
into security consulting with Internet Security Systems. He is
currently employed at a major financial firm as a Network and
Information Security Engineer.
Swag of undetermined value and quantity may be distributed on a
first-come, first-served basis. Arrive early for the best selection
Immediately after the presentation and continuing at the Old Stand
pub, we will be gathering for a keysigning. So for those who have
keys already, please remember to bring hard-copy printouts of your
40-character key fingerprint. If you haven't created a key yet, our
howto docs are posted here: http://www.nylug.org/keys
And then after the meeting... Join us around 8:15pm or so at the
Old Stand, 914 3rd Ave. on the corner of 55th Street.
Please see our home page at http://www.nylug.org for the HTMLized
version of this announcement, our archives, and a lot of other
Please read the NYLUG-Talk Posting Guidelines at:
January 2003 - The New York Linux Users Group, NYLUG.org
Special Thanks to Mordy for preparing the announcement!
More information about the nylug-announce