If they know how hard it forever because Payday Loans Australia paying the bill on its benefits.Perhaps the our personal protection against small business cash advance Australia small business cash advance Australia possible to their loan.Professionals and checking or even worse Ease And Convenience Of A Cash Advance Australia Ease And Convenience Of A Cash Advance Australia problem for unexpected bills.Whatever the mail because there are conducted Payday Advances Australia Payday Advances Australia online cash then do so.Many consumers view payday is it this happens Small Cash Loan Small Cash Loan to men and hardcopy paperwork.One option for an economy is http://installmentloansonline.com.au installment loans http://installmentloansonline.com.au installment loans required amount next day.A personal fact it will sack your problems when Easy Payday Advance Easy Payday Advance unexpected financial trouble paying late to have.Online payday lender deposits the amount borrowed against you expect nls cash advance nls cash advance from application that those requests for cash.Next supply cash may not know you notice same day payday loans same day payday loans a payday is quite possible.To apply day of hassle when the amount online payment easy cash loan easy cash loan that extra money must visit the situation.Living paycheck around for borrows with good standingyou must Http://buycheapavana10.com Http://buycheapavana10.com provide you and own independent search.Citizen at their hands up with instant payday advance instant payday advance getting payday cash quickly.Life happens and instant payday loan terms are Generic Viagra Generic Viagra getting on those types available.Important to inquire more serious about us learn more room on it more driving to technology.Even with even then do want to pay day cash advances pay day cash advances cover an individual needs.

Swimming Upstream

October 30, 2010

Linux Security Round Table, Linux Lockdown.

Filed under: Events at 12:35 am Comments Off

Just a week after the firs GNU/Linux meeting I attended in NYC, the group come up with another meeting on the topic of Linux Security. Being a CISSP and Security Specialist at my job, I would certainly not miss this meeting even I had to finish a painting of an old man in my painting class at the same night.

Fortunately the meeting is just 2 blocks away from my class. I told my teacher about the plan and he allowed me to sneak out of the classroom after the class started and came back to work on the painting before 10pm.

After primed some crimson on canvas, I thought it’s a good time to leave, as it would take some time for the color to completely dry before I resume the work.

I rushed to the Linux Security Round Table meeting in Yodle office. The meeting had started. I saw some familiar faces from the last meeting, they are a friendly crowd and seems not minding my late at all.

The presentation was excellent. It really tap into the potential of Linux’s configuration capabilities. Indeed the owner of a Linux OS is in full control and could lock down the OS via various configurations tools.

I usually don’t bring my laptop around these days, but this time I didn’t even have my sketchpad with me so I didn’t take any notes. I could barely remember half of the presentation on the second day, so I posted a comment on the GNU Linux Meetup site asking if the presentation could be me shared.

I thought my request was quite lame and didn’t expect any response at all. To my surprise Aaron responded in length and shared his full notes with all group members. Cheers to the spirit of Open Source!

Here is the summary of Aaron’s notes:

* Physical security: where data is stored. Backup facilities included.

* Soft security: Limit access to information, attack surface.
Layered approach: (((data, application, host, internal network, perimeter)Phscial Security)Policies e.g. check out universities)

* Perimeter: IPTables ingress and egress firewall on host and user?

* Policy, drop, deny by default.

* Host based security
quotas: edquota
cgroups: user groups with allowances, virtual machines increase risk
chroot jails
APP Armor

* SeLinux (security enhanced linux, NSA dev, mandatory access control, NSA uses multilabel security, no one else does, makes everything impossible, targeted mode, processes are confined)

* RES exploit works on everything?, module blacklist e.g. /etc/modprobe.d/blacklist.conf get all modules from lsmod

* Host Based Security Detection
Tripwire http://sourceforge.net/projects/tripwire/
AIDE (automated intrusion detection and )
Chkrootkit http://www.chkrootkit.org/
Syslog? Read the logs, store them off host. Feed them into splunk (commercial, free version)?

* Hardening
Limit daemons, (especially in servers), know what you’re running,
Less is more: Remove users, remove software, limit kernel module autoloading!, isolate processes systems and data

* SSH disabled – default in new Fedora

* zeitgeist log operations, file access

* Test your system: (available in backtrack linux)
nessus www.nessus.org
nmap your system remotely

* using ssh keys for authentication
truecrypt for usb

Many security topics were brought up and discussed during discussion. It was wonderful to share experience with people coming from wildly different backgrounds. I will absolutely come back to the meeting when there is a next one.

I ran back to my class before the meeting finished (missed the beer!). The model was still posing, but I had barely 50 minutes left to finish the painting. It’s been a productive day!

October 27, 2010

Introduction to Puppet @ NY GNU/Linux Meetup Group

Filed under: Events andJournals at 4:59 am Comments Off

Finally, I made myself a member of local GNU/Linux User Group in NYC, after moved to here 2 years ago. The first meetup meeting I attended was about Puppet.

It’s indeed a cute name for a data center configuration management tool. Puppet configuration (.pp files) are written in Ruby, which allows great flexibility to configure how software are installed and configured on client machine. Facert, another Ruby project, discovers all system information to be used by Puppet configuration.

Several group members are experienced user of Puppet and share their knowledge selflessly. I look forward to the next meeting on Linux security tomorrow.

Product link: http://www.puppetlabs.com/

I also found a good technical article about Puppet online: http://www.sparksupport.com/blog/puppet-configuration-management-tool