I expect to see each and every one of you in attendance on Friday, no excuses. I don’t know of anything really being presented on but we’re gon’ eat us some pizza.
Can I get an amen?
Assuming I get the new server fired up between now and then, I will be presenting on a security oriented LAMP server solution oriented toward the virtual server world. Afterwards everyone will be invited to try and 0wn the server.
Dave B.
P.s. if 2600 has a mailing list or whatever please cross post.
Haha, I think you mentioned that but I must have forgotten. I’ve been posting in the 2600 list here, but it seems like a lot of people aren’t following it like they used to:
https://groups.google.com/forum/?fromgroups=#!forum/cinci2600
There’s also an IRC chat that’d be great if people could idle in:
irc.freenode.net #cinci2600
Since there’s going to be a legit presentation I really want to make a http://cinci2600.org post and advertise it on http://reddit.com/r/cincinnati tomorrow. Is it possible for you to email me some details about your presentation, Dave? Let me know tonight if you could.
Thanks!
Abstract:
I was recently given the task of making it safe to continue to use an old and inherently broken web application as securely as possible. Said server was also recently transitioned to a VMWare ESXi environment. Over the past couple months, I’ve tried to put together as many best-practices as possible into one semi-coherent solution. “Traditional” server securing technologies (pfsense, snort, varnish+secuirty.vcl, Ubuntu 12.04LTS, grsecurity patches, hardened chroot jails) are married with bind mounts and filesystems structured in a manner to allow rapid backups and restores in the virtual world. This isn’t a presentation about doing anything revolutionary as much as it is about putting a lot of ideas usually applied independently together to improve web application security in a virutal server environment. The presentation will be a guided tour of this environment and justification for its implementation. It will include a tour of the new 8-core VMWare ESXi5 server at the hive, virtual machine and network configuration, firewall configuration, jail configuration and construction, service configuration and more.
After the presentation, guests will be invited to try to break into stuff fully armed with the inner workings of the system. 