[PLUG-Devel] HackFest June 13th at The Foundation for Blind Children!

Lisa Kachold lisakachold at obnosis.com
Wed Jun 10 03:51:29 MST 2009 

 Phoenix Linux Users Group Security Test Teamers will be meeting (after
majority agreed to a complete lab relocation from UAT to the School for
Blind Children) on the second Saturday of each month, starting at Noon for
HackFesting.

Since we had a great many issues with UAT (having our systems targeted,
having difficulty with their network too exclusive to test, access to the
guest password/login to use desktops on Saturday, having their security
guards turn people away or direct them to the wrong rooms before turning
them away) we are especially grateful to have new lab facilities donated
from the Foundation for Blind Children, a private charter school in Phoenix.

The Hackfest is a 3 hour security lab from Noon to 15:00 on the second
Saturday of every month. Come prepared to learn about a security tool and
then start using it. Ethical and legal, as well as liability aspects of
testing are covered as we investigate the strange world of computer
insecurity from our powerful Penguin perspectives.

Don't learn to hack; hack to learn.

Network and other facilities generously provided by the Foundation for Blind
Children.
http://www.seeitourway.org/contactUs.html

*New Location*: The Foundation for Blind Children<http://www.seeitourway.org/>,
1235 East Harmont
Dr<http://www.google.com/maps?q=1235+E+Harmont+Dr,+Phoenix,+AZ>near
Northern in Phoenix.
Lab Network Security Agenda (new facilities):

I hope you will consider joining us on the 13th of June as we setup our new
lab, burn and configure a library of Security distros, evaluate security
protection of our festers, and isolate our network(s)  for protection for
the the school.

Educational Agenda:

We will also go over Capture the Flags contests (why where when how) --
submitting your group as a tag team, Defcon's BlackHat conference, and the
top CERT announced security issues from an enlightened Linux point of view.


Distro Burns:

We can always use additional CD/DVD burner machines so bring your
laptops/notebooks.
We will also be burning security distros already torrented and stored on a
terrabyte USB drive, so bring your blank media should you want a nice CRC
checksum'd bootable pendrive or CD/DVD without the 2 day download wait!

Similar to the InstallFest open lab format, we welcome all new information.
  Submission of open source programs or project suggestions for lab analysis
(ahem!), new materials, process questionsd, partial to complete solutions
and solutions that failed to work, as well as anectdotes and/or concerns you
might bring as we openly challenge formal educational methods, assisting
each other, talking and listening at the same time, in classic  full duplex
Penguin style.

---------- Forwarded message ----------
From: Lisa Kachold <lisakachold at obnosis.com>
Date: Thu, Jun 4, 2009 at 3:46 PM
Subject: July HackFEST Special Guest Presentation FreeIPA
To: Main PLUG discussion list <plug-discuss at lists.plug.phoenix.az.us>, The
PLUG Web Site Development Discussion List <
plug-webdev at lists.plug.phoenix.az.us>


Please join the Phoenix Linux Users Group Security Team as we welcome a
guest presentation from Steven Kaplan covering FreeIPA.


*BIO: Steven D Kaplan, MSCS, BSEE, CISSP**
*

*Waxman Associates, LLC*
  *
* Mr. Kaplan has extensive experience in all areas of computer and network
security, from instructor to practitioner. His combined problem solving,
insights, innovations, programming and integration techniques have saved
companies (in some cases) millions of dollars in fines avoided and achieved
huge optimizations in their processes – gains not strictly limited to
computer security.  He holds relevant industry certifications, like the
CISSP and IBM certifications for Ethical Hacker and Security Consultant. Mr.
Kaplan has done significant amounts of software development to optimize his
security consulting effectiveness. This includes process automation,
especially related to collecting network security vulnerabilities, user ID
revalidation, and SOX compliance Some tools and programs are currently in
patent review.   Activities over the last 20 years cover both Federal
Government (NSA) INFOSEC experience and private sector work from all areas
and industries. Technological experience includes evaluation of Role Based
Access Control (RBAC) systems, Java software review (for vulnerabilities),
ethical hacking (EH) as well as design, evaluation, certification and
accreditation (C&A) of security architectures and infrastructures. Evaluated
systems and networks of varied architectures, including service-oriented
architecture (SOA) for security vulnerabilities and legislative requirements
compliance.

Audit experience includes review for compliance to Sarbanes-Oxley and HIPAA
regulations, and the development of specialized software tools and scripts
to expedite compliance.



FreeIPA Discussion Abstract

Over the years, as a security practitioner, I have had to support the
forward progress and integration of user identity management systems.  Usually
this goes in fits and starts, as companies try to migrate to their best
guess as to the where their technology should be so that they can be
compliant with legislative and fiduciary requirements.

While I have had to work with proprietary solustions, I have been on the
look for an open source program that would meet or exeed what (expensive)
solutions I had to deal with.  FreeIPA, while in its infancy, threatens to
become the 800 pound gorilla in this area, being the vehicle to which most
modern identity manange systems can integrates.



“FreeIPA is an integrated security information management solution combining
Linux (Fedora), Fedora Directory Server, MIT Kerberos, NTP, DNS. It consists
of a web interface and command-line administration tools. Currently it
supports identity management with  plans to support policy and auditing
management. “  http://freeipa.org
Discussion Overview:

·         Motivations, historical, experiential and legislative

·         Basic principles, CIA, IAAA, and Identity Management

·         What  are features should a current IDM  have?  Does FreeIPA meet
them?

·         Current release information, demonstration, install issues

*WHEN:*

2nd Saturday of the Month at Foundation for Blind Children from Noon - 3PM.

July 11, 2009 Noon

*WHERE: *

http://www.seeitourway.org/ProgramsServices/programsServices.html

*MORE Information:*

http://plug.phoenix.az.us

-- 
(503)754-4452
http://en.wikipedia.org/wiki/User:LisaKachold
http://www.theregister.co.uk/2009/05/29/wikipedia_bans_scientology/



-- 
(503)754-4452
http://en.wikipedia.org/wiki/User:LisaKachold
http://www.theregister.co.uk/2009/05/29/wikipedia_bans_scientology/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-devel/attachments/20090610/1825ecd9/attachment.htm

More information about the PLUG-devel mailing list