July HackFEST Special Guest Presentation FreeIPA

Lisa Kachold lisakachold at obnosis.com
Thu Jun 4 15:46:58 MST 2009 

Please join the Phoenix Linux Users Group Security Team as we welcome a
guest presentation from Steven Kaplan covering FreeIPA.


*BIO: Steven D Kaplan, MSCS, BSEE, CISSP**
*

*Waxman Associates, LLC*
  *
* Mr. Kaplan has extensive experience in all areas of computer and network
security, from instructor to practitioner. His combined problem solving,
insights, innovations, programming and integration techniques have saved
companies (in some cases) millions of dollars in fines avoided and achieved
huge optimizations in their processes – gains not strictly limited to
computer security.  He holds relevant industry certifications, like the
CISSP and IBM certifications for Ethical Hacker and Security Consultant. Mr.
Kaplan has done significant amounts of software development to optimize his
security consulting effectiveness. This includes process automation,
especially related to collecting network security vulnerabilities, user ID
revalidation, and SOX compliance Some tools and programs are currently in
patent review.   Activities over the last 20 years cover both Federal
Government (NSA) INFOSEC experience and private sector work from all areas
and industries. Technological experience includes evaluation of Role Based
Access Control (RBAC) systems, Java software review (for vulnerabilities),
ethical hacking (EH) as well as design, evaluation, certification and
accreditation (C&A) of security architectures and infrastructures. Evaluated
systems and networks of varied architectures, including service-oriented
architecture (SOA) for security vulnerabilities and legislative requirements
compliance.

Audit experience includes review for compliance to Sarbanes-Oxley and HIPAA
regulations, and the development of specialized software tools and scripts
to expedite compliance.



FreeIPA Discussion Abstract

Over the years, as a security practitioner, I have had to support the
forward progress and integration of user identity management systems.  Usually
this goes in fits and starts, as companies try to migrate to their best
guess as to the where their technology should be so that they can be
compliant with legislative and fiduciary requirements.

While I have had to work with proprietary solustions, I have been on the
look for an open source program that would meet or exeed what (expensive)
solutions I had to deal with.  FreeIPA, while in its infancy, threatens to
become the 800 pound gorilla in this area, being the vehicle to which most
modern identity manange systems can integrates.



“FreeIPA is an integrated security information management solution combining
Linux (Fedora), Fedora Directory Server, MIT Kerberos, NTP, DNS. It consists
of a web interface and command-line administration tools. Currently it
supports identity management with  plans to support policy and auditing
management. “  http://freeipa.org
Discussion Overview:

·         Motivations, historical, experiential and legislative

·         Basic principles, CIA, IAAA, and Identity Management

·         What  are features should a current IDM  have?  Does FreeIPA meet
them?

·         Current release information, demonstration, install issues

*WHEN:*

2nd Saturday of the Month at Foundation for Blind Children from Noon - 3PM.

July 11, 2009 Noon

*WHERE: *

http://www.seeitourway.org/ProgramsServices/programsServices.html

*MORE Information:*

http://plug.phoenix.az.us

-- 
(503)754-4452
http://en.wikipedia.org/wiki/User:LisaKachold
http://www.theregister.co.uk/2009/05/29/wikipedia_bans_scientology/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090604/24a7b411/attachment.htm

More information about the PLUG-discuss mailing list