Just a week after the firs GNU/Linux meeting I attended in NYC, the group come up with another meeting on the topic of Linux Security. Being a CISSP and Security Specialist at my job, I would certainly not miss this meeting even I had to finish a painting of an old man in my painting class at the same night.
Fortunately the meeting is just 2 blocks away from my class. I told my teacher about the plan and he allowed me to sneak out of the classroom after the class started and came back to work on the painting before 10pm.
After primed some crimson on canvas, I thought it’s a good time to leave, as it would take some time for the color to completely dry before I resume the work.
I rushed to the Linux Security Round Table meeting in Yodle office. The meeting had started. I saw some familiar faces from the last meeting, they are a friendly crowd and seems not minding my late at all.
The presentation was excellent. It really tap into the potential of Linux’s configuration capabilities. Indeed the owner of a Linux OS is in full control and could lock down the OS via various configurations tools.
I usually don’t bring my laptop around these days, but this time I didn’t even have my sketchpad with me so I didn’t take any notes. I could barely remember half of the presentation on the second day, so I posted a comment on the GNU Linux Meetup site asking if the presentation could be me shared.
I thought my request was quite lame and didn’t expect any response at all. To my surprise Aaron responded in length and shared his full notes with all group members. Cheers to the spirit of Open Source!
Here is the summary of Aaron’s notes:
* Physical security: where data is stored. Backup facilities included.
* Soft security: Limit access to information, attack surface.
Layered approach: (((data, application, host, internal network, perimeter)Phscial Security)Policies e.g. check out universities)
* Perimeter: IPTables ingress and egress firewall on host and user?
* Policy, drop, deny by default.
* Host based security
cgroups: user groups with allowances, virtual machines increase risk
* SeLinux (security enhanced linux, NSA dev, mandatory access control, NSA uses multilabel security, no one else does, makes everything impossible, targeted mode, processes are confined)
* RES exploit works on everything?, module blacklist e.g. /etc/modprobe.d/blacklist.conf get all modules from lsmod
* Host Based Security Detection
AIDE (automated intrusion detection and )
Syslog? Read the logs, store them off host. Feed them into splunk (commercial, free version)?
Limit daemons, (especially in servers), know what you’re running,
Less is more: Remove users, remove software, limit kernel module autoloading!, isolate processes systems and data
* SSH disabled – default in new Fedora
* zeitgeist log operations, file access
* Test your system: (available in backtrack linux)
nmap your system remotely
* using ssh keys for authentication
truecrypt for usb
Many security topics were brought up and discussed during discussion. It was wonderful to share experience with people coming from wildly different backgrounds. I will absolutely come back to the meeting when there is a next one.
I ran back to my class before the meeting finished (missed the beer!). The model was still posing, but I had barely 50 minutes left to finish the painting. It’s been a productive day!