Archive for the ‘Training/Education’ Category
September 2nd, 2010 | 
Author: For those who are unaware, the LISA 2010 conference registration has been opened. 
Visit the Usenix event page for detailed information and to register.
For the unknowing or uninformed, LISA is the big annual System Administration conference sponsored by Usenix. LOPSA has a hand in there as well. If you are really going to make this a career and not just a job, you should attend one of these conferences. Words do not really describe the experience. Ask Kelly some time.
To give you an idea of what is happening, this is the schedule for the week:
| Saturday, November 6 | |
| 5:00 p.m.–7:00 p.m. | On-Site Registration and Membership Booth |
| 6:00 p.m.–8:00 p.m. | Welcome Get-Together and Conference Orientation |
| Sunday, November 7 | |
| 7:30 a.m.–5:00 p.m. | On-Site Registration and Membership Booth |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 9:00 a.m.–5:00 p.m. | Workshop 1: Government and Military System Administration |
| 9:00 a.m.–5:00 p.m. | Workshop 2: Real-World Configuration Management |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training and Workshop Attendees |
| 8:00 p.m.–11:00 p.m. | Board Game Night |
| Monday, November 8 | |
| 7:30 a.m.–5:00 p.m. | On-Site Registration and Membership Booth |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 9:00 a.m.–5:00 p.m. | Workshop 3: Teaching System Administration |
| 9:00 a.m.–5:00 p.m. | Workshop 4: Security |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training and Workshop Attendees |
| 7:00 p.m.–11:00 p.m. | Birds-of-a-Feather Sessions (BoFs) |
| Tuesday, November 9 | |
| 7:30 a.m.–5:00 p.m. | On-Site Registration and Membership Booth |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 9:00 a.m.–5:00 p.m. | Workshop 5: Advanced Topics |
| 9:00 a.m.–12:30 p.m. | Workshop 6: Knowledge Management |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training and Workshop Attendees |
| 1:30 p.m.–5:00 p.m. | Workshop 7: Identity Management |
| 7:00 p.m.–11:00 p.m. | Birds-of-a-Feather Sessions (BoFs) |
| Wednesday, November 10 | |
| 7:30 a.m.–5:00 p.m. | On-Site Registration and Membership Booth |
| 8:45 a.m.–10:30 a.m. | Opening Remarks, Awards, and Keynote |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 11:00 a.m.–5:30 p.m. | Technical Program |
| Noon–7:00 p.m. | Vendor Exhibition |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training Attendees |
| 5:30 p.m.–6:30 p.m. | Exhibit Hall Happy Hour |
| 6:30 p.m.–7:30 p.m. | Poster Session |
| 7:30 p.m.–11:30 p.m. | Birds-of-a-Feather Sessions (BoFs) |
| Thursday, November 11 | |
| 7:30 a.m.–5:00 p.m. | On-Site Registration and Membership Booth |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 9:00 a.m.–5:30 p.m. | Technical Program |
| 10:00 a.m.–2:00 p.m. | Vendor Exhibition |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training Attendees |
| 5:30 p.m.–6:30 p.m. | Poster Session |
| 6:30 p.m.–8:30 p.m. | Conference Reception |
| 8:30 p.m.–11:30 p.m. | Birds-of-a-Feather Sessions (BoFs) |
| Friday, November 12 | |
| 8:00 a.m.–noon | On-Site Registration and Membership Booth |
| 9:00 a.m.–5:00 p.m. | Training Program |
| 9:00 a.m.–3:30 p.m. | Technical Program |
| 12:30 p.m.–1:30 p.m. | Luncheon for Training Attendees |
| 4:00 p.m.–5:30 p.m. | Closing Session |
I have uploaded the config files I talked about during the meeting. These files make reference to some extra items such as greylisting and spamassassin, as well as the use of self-signed SSL certificates. You will notice a new menu item on the site under About called ovSAGE Downloads. Go there for the tarball which contains the default and production files as well as diff files for each pair.
The main documents for all of this are located on the CentOS website. The following items describe the docs and their locations:
- If you are starting over, the basic postfix install document is located here: Postfix HOWTO
- In order to do the greylisting under postfix, have a look at the Greylisting HOWTO
- To get spamassassin running, you need the spamassassin rpm installed. There is a HOWTO on using it along with anti-virus software at PostfixMail.com. I believe I just installed the package, enabled it and ran the update rules script to get it working. This site is a little more ambitious.
- One final item is creating and managing self-signed SSL certificates. I normally do this from the command line, but I had heard of a project for keeping track and managing them. It’s called tinyCA and you can find it at sm-zone.net. It uses X-windows, so you will need to run it on one of your unix boxes. I can go over the usage next meeting after the presentation, but it is pretty straight forward and playing with it should work out OK. Don’t worry if you mess up at first, just revoke and delete any bad certificates. Unless you are a security paranoid and like generating certificates, make your certs longer than one year.
I think that covers everything. I am using all of the stuff we discussed to redo the ovsage mail server and provide authenticated SMTP from outside as well as secure IMAP access for my smartphone and laptop.
A future session will cover setting up squirrelmail as an SSL protected web front-end to your mailserver. As I have not installed this yet, I’ll probably do it live so you can all see it being done.
| View in Browser. |
|||||||||||||||
|
|||||||||||||||
|
|
|||||||||||||||
5-Week Course:
3:00pm PST
Comprehensive Risk Management, Education and Awareness Through
“The Harmonized Threat Risk Assessment Methodology”
Join the High Tech Crime and Investigation Association (HTCIA) Ottawa Chapter, Thursday, May 27, 2010, for a one day training event on the subject of the Harmonized Threat Risk Assessment (HTRA) Methodology. This session is geared towards those who are interested in understanding the methodology used by today’s Security Experts when conducting Threat Risk Assessments. Following the organization of the Harmonized TRA Methodology:
- Introduction;
- Preparation Phase;
- Asset Identification and Valuation;
- Threat Assessment;
- Vulnerability Assessment;
- Calculation of Residual Risk;
- Recommendations; and
- Conclusion
Each of the key areas will be addressed at an introductory level providing workshop attendees the understanding of how the HTRA process works. For those attendees looking for a full “how to” program, details on a full four day technical course will be made available during the workshop.
Since the unification of Threat Risk Assessment methodologies (October 29, 2007), through a joint working group of the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP) and the parallel User Focus Group the Harmonized Threat Risk Assessment (HTRA) Methodology has become the unified Canadian Standard for the assessment of threat and risk.
Familiarity and understanding of the HTRA Methodology will provide both security professionals and the general public the knowledge, skills and confidence to apply the HTRA principles, regardless of profession, in their everyday life.
Important Note: This training is not generally available to the private sector. Take advantage of this unique opportunity to gain greater familiarity with the HTRA. This very informative training session will be moderated by none other than Mr. John Clayton who was the co-chair of the joint CSE-RCMP working group responsible for the development of the HTRA Methodology!
For further information , please visit the registration page. Seating is limited to 100 people.
This event is available to both members and non-members.
This was the first evening where we started the virtual server configuration for our mythical SMB type environment. We went over the text based install of CentOS 5.4 and initial package selection, as well as running services on the box.
After a few technical difficulties while looking up some packages (trousers and fipscheck) that were installed that had not been selected, the rest of the install was reviewed. During the ‘firstboot’ process, we went through the list of services, which was rather enlightening for all involved. It appears that a number of things that you do not normally think about are enabled by default, even when unnecessary.
TrouSerS is an implementation of the Trusted Computing Group’s Software
Stack (TSS) specification. You can use TrouSerS to write applications that
make use of your TPM hardware. TPM hardware can create, store and use RSA
keys securely (without ever being exposed in memory), verify a platform’s
software state using cryptographic hashes and more.
FIPSCheck is a library for integrity verification of FIPS validated
modules. The package also provides helper binaries for creation and
verification of the HMAC-SHA256 checksum files.
Links:
- Installation and configuration of postfix
- The kickstart file for our base install
base kickstart file (137) - The list of services after configuration
Services List from Basic Install (140) - Configurations settings for the virtual machine Virtual Box configuration for the VM container (117)
During the time between now and the next meeting, we will be launching a forum section on the site to discuss the installation and address any questions, as well as try to establish some effective methodology (formerly “Best Practices”). This is a community effort and while I am willing to provide some guidelines and direction at the start, this is very much going to be a group effort, along with all that entails. We will document as we go and hopefully at the end we will have a useful set of procedures as well as lessons learned.
On a side note, to explain the “Best Practices” comment in the preceding paragraph, the term “Best Practices” is often used to convey the idea that this is the best method to do something. Without some unbiased way of judging the relative merits against all other implementations, this is just an opinion or a popular consensus as to methodology. In my opinion, it also predisposes you to think that this is THE WAY to do it and you stop thinking about ways to improve a process. It may very well be the best way, but there is no reason to be blind to other interpretations or be constrained to a particular implementation that doesn’t fit what you need just because it’s a “Best Practice”. Best practice for whom?
Current minimal resources for the project:
- CentOS 5.4 available from the CentOS project site.
- Oracle VirtualBox available from Oracle Corporation. We are using the binary distribution, not the community edition for cross platform similarity and ease of installation.
Posted in Training/Education | 
Tags: CentOS, HOWTO, SMB, VirtualBox, virtualization | 
Comments Closed
