[Gllug] Call for tutor-speakers

Lesley Binks lesleyb at pgcroft.net
Wed Dec 10 13:34:53 UTC 2008


On Wed, Dec 10, 2008 at 10:39:57AM +0000, David L Neil Mailing list a/c wrote:
> - after "[Gllug] ssh brute force attacks" thread.
> How about GLLUG running (in 2009) a lab/tutorial session on 'secure
> sockets'*?
> 
> This thread generated quite a response, and I suspect many, like
> me, were lurking with interest, picking up what we could... Would a
> practical, hands-on session with talks, examples, and the opportunity to
> play with relevant software, conf files, etc, be useful to GLLUG
> members, et al?
> 
> 
> I will be prepared to book the Uni computer lab on a suitable date for a
> hands-on session. If there is some interest I could ask someone (like a
> large ISP) to speak on their views of secure access to hosted data, web
> sites, etc (if sufficient interest).
> 
> Will you step up to speak on a particular topic and/or to find other
> speakers?
> 
> 
> Some first thoughts to get the ball rolling:
> 
> SSH
> - conf files
> - passwords, passphrases, tokens...
> - ports
> - file transfer
> 
> VPN
> - software
> - hardware
> - command line/GUI
> - remote control
> 
> Firewall
> - configuration
> - port knocking
> - routing
> - bridging
> - DMZ
> 
> Certificates
> - self-signed
> - authorised
> 
> Encryption
> - algorithms
> - costs
> 
> Email
> - passwords en-clair
> - TLS, SSL (POP and IMAP)
> - authentication
> - encryption
> - certificates
> 
> Web server
> - conf files
> - locating inside and outside the web root dir
> - certificates
> - proxy servers, forward and reverse
> 
> Logs
> - detecting DOS
> - detecting intrusion
> - editing out the dross
> 
> Other
> - protected browsing, eg Firefox's NoScripts extension
> - Tor anonymiser
> 
> ...add your thoughts please.
> * and please dream up a better title!

All sounds interesting - I would certainly like to see the VPN and certification stuff.
Good idea to emphasise the cost/benefit function of encryption.
Plus the ability to scp of sftp on a ssh server.
And any good tips on log analysis is always useful!

As for Firefox I'd also like to emphasise the security aspects of the
default setup emphasised e.g. setting cookies to die when you close FF,
controlling what JS might do and indeed whether it is enabled or not,
managing history, whether to remember what has been entered in forms or
not, whether to remember passwords for sites or not.  IMO some of the
default settings are a bit lax so it might be worth also pointing them
out.  

And I would like to see a discussion on the merits of secure passwords
versus key based authemtication.

Regards

Lesley
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list