[nylug-announce] NY Linux Users Grp. January Meeting 1/15 Mordy Ovits: Two On Linux Security

Jim Gleason jgleason at nylug.org
Mon Jan 13 10:30:00 EST 2003

                 The New York Linux Users Group presents

                              Mordy Ovits
                           - Linux Security -
          Kernel Packet Filtering and Pluggable Authentication

January 15, 2003
IBM Headquarters Building
590 Madison Avenue at 57th Street
9th Floor, home to the IBM Linux Center of Competency

                        ** RSVP Instructions**
Unless you have already rsvp'ed for a prior meeting, everyone
should RSVP to attend. http://rsvp.nylug.org
Check in with photo ID at the lobby for badge and room number.

Linux Security:
    We all know Linux's security reputation; it's a matter of pride
    in our community.  We all know that Linux can be hardened to a 
    high degree.  We may even know what tools are invoked to bring
    about this hardening.

    But do you understand how they work, their internals?  Mordy will
    cover the internals of two Linux security features, both of which
    remain poorly understood. 

    Therefore, this January 15 NYLUG meeting is going to be more
    technical than usual. 

Kernel Packet Filtering:
    The first topic will be the Linux kernel's packet mangling and
    filtering capabilities.

    Linux has an incredibly sophisticated TCP/IP stack.  Capable of
    exceptional perfomance, it also offers unmatched flexibility.
    It enables you to do nearly any network operation you can 
    conceive of, and then some.  It gets this power from its internal
    architecture, comprised of softnet and netfilter.

    Mordy will go over how the kernel's networking works, where
    netfilter fits in, how iptables leverages this, and what it can be
    used for.  This will *not* be an iptables HOWTO. A solid knowledge 
    of TCP/IP is a prerequisite to this portion of the talk.

Pluggable Authentication:
    The second topic will be Linux's implemenation of Pluggable
    Authentication Modules (PAM).

    PAM, invented by Sun Microsystems, allows for framework-independent
    system authentication.  Linux, like all modern Unixes, uses PAM
    for nearly all authentication, allowing for tremendous flexibility.
    You can use PAM to authenticate against a RADIUS server or a
    Windows Domain, or to prevent people from choosing bad passwords.

    Mordy will be going over the PAM architecture and origins.  He will
    discuss how programs interact with PAM, and how to configure it.
    A basic knowledge of the various authentication models and schemes
    will be helpful, but is not required.

For more information, visit:

About Mordy Ovits:
    Mordy spent three years as a cryptographic engineer, before moving
    into security consulting with Internet Security Systems.  He is
    currently employed at a major financial firm as a Network and
    Information Security Engineer.

Free Stuff!
    Swag of undetermined value and quantity may be distributed on a
    first-come, first-served basis. Arrive early for the best selection

    Immediately after the presentation and continuing at the Old Stand
    pub, we will be gathering for a keysigning. So for those who have
    keys already, please remember to bring hard-copy printouts of your
    40-character key fingerprint. If you haven't created a key yet, our
    howto docs are posted here: http://www.nylug.org/keys

    And then after the meeting... Join us around 8:15pm or so at the
    Pig 'n' Whistle, 922 3rd Ave. between 55th & 56th Streets.
    Next to the Old Stand (closed).

Please see our home page at http://www.nylug.org for the HTMLized
version of this announcement, our archives, and a lot of other
good stuff.

Monthly Reminder!
    Please read the NYLUG-Talk Posting Guidelines at:

January 2003 - The New York Linux Users Group, NYLUG.org

Special Thanks to Mordy for preparing the announcement!

More information about the nylug-announce mailing list