Tuesday, December 26, 2006

IndySec Group Email List

Thanks to Mr. Scott Orr, of Purdue University, we now have a IndySec Group Email List.

Link to mailing list here.
Archives here.

We appreciate your support, Scott.

We will continue to use both the mailing list and Loopnote.

Sunday, December 17, 2006

IndySec Loopnote

I am going to test Loopnote for our event reminder / notification system.

Find the IndySec Loopnote page here.

Thursday, December 14, 2006

IndySec 3 - RockBottom Brew Pub

IndySec 3 - no speaker, just hanging out downtown.

Location: RockBottom Brewery
Date: Wednesday, December 20th
Time: 6:30 PM - ?

10 West Washington
Indianapolis, IN 46204

Wednesday, December 06, 2006

IndySec 3

While no speaker has been inked for December, we plan on having a IndySec social night.

Come out with us and visit for the evening. Buy Allen a scotch.

Date and time TBD. Post location ideas (pub) in the comments section.

Because I know you care ...
I hope I get this VoIP book for the holidays.

Friday, November 17, 2006

IndySec 2 Recap - Landon Style

We had 13 (make that 14, according to Allen) people at IndySec 2 last night. Landon gave a great presentation on HoneyNets. A super sharp guy. I am glad he could be our first speaker at IndySec.

Scott Orr, the IUPUI linux admin legend, was also in attendance . In fact, he said he has space on his 149 Beowulf server cluster for our IndySec mailing list. I blushed. Seriously though, he was one of my best professors, ever.

In the very near future, you - the IndySec reader (all 13 of us), may elect to subscribe to our yet-to-be created listserv.

I would also like to send a big thank you to Sean Krulewitch for his help in getting the room reserved. The new IT building on the IUPUI campus is quite nice, thank you for sharing and providing a home for IndySec 2.

We had guests from the Indianapolis Motor Speedway, Midwest ISO, Sallie Mae, Crowe Chizek, IUPUI and more.

Great people, great learning, and a great grass-roots event. Thank you.

Look for information on IndySec 3 in the near future.

PAM: Overview. No, no not that PAM!

I wrote this sometime ago and never put it anywhere... excuse the formatting if it's off some, I had to paste it out of a PDF and blogger didnt like half of it.

If you have logged into a Linux box in the past five years or so you have implicitly used PAM (Pluggable Authentication Modules). PAM was originally created by Sun and licensed to a few other Unices (HP­UX and AIX). Later, like many applications, PAM was brought to other Linux and BSD distributions where it gained most of its popularity. Linux­PAM star ted its own project that is distributed with most Linux flavors used today. DARPA funded another project OpenPAM, which joined XSSO (X/Single Sign­On Service) and Linux­PAM (GNU version) along with the original Sun implementation. OpenPAM remains the default in most BSD distributions.

In a nut shell:
When applications are compiled with the PAM library support, authentication schemes on the back­end can seamlessly change. More specifically, you can configure multiple sources to transparently authenticate accounts for one or more applications (stack), and conveniently map them to authentication domains. Outside of just authentication you can also manage password policies (complexity, number of characters, etc), manage device usage (quotas, cpu, memory, etc), and ease administration with initial account management (creation, removal,
setting environment variables). A variety of modules are available that inter face with PAM and offer the flexibility to enforce granular controls on accounts and applications. Below I will show some examples of PAM and its configuration files.

Technical Details:
There are two different methods for configuring PAM, both are pretty straight forward. Older Unix/Linux systems use the method of putting all configuration information in /etc/pam.conf file (shown in Figure 1a). Newer Unix/Linux systems use the /etc/pam.d/ directory which contain the module-name as a file and the configuration for each module contained within those files (shown in Figure 1b and Figure 1c). If no configurations exist for a specific PAM module it uses the /etc/pam.d/other file. The syntax across both older and newer systems
remains the same (listed below Figure 1a) with the only difference being the service_name.

Figure 1a.
# /etc/pam.conf
# service_name module_type control_flag module_path options
ssh auth required pam_env.so
ssh account required pam_unix.so
ssh password required pam_unix.so nullok obscure min=4 max=8 md5
ssh session required pam_unix.so
ssh session optional pam_motd.so
ssh session optional pam_mail.so standard noenv
ssh session required pam_limits.so
other auth required pam_unix.so
other account required pam_unix.so
other password required pam_unix.so
other session required pam_unix.so

Figure 1b.
# /etc/pam.d/other
# module_type control_flag module_path options
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so

Figure 1c.
# /etc/pam.d/ssh
# module_type control_flag module_path options
auth required pam_env.so
account required pam_unix.so
password required pam_unix.so nullok obscure min=4 max=8 md5
session required pam_unix.so
session optional pam_motd.so
session optional pam_mail.so standard noenvsession required pam_limits.so

Wrapping Up:
This article only briefly describes PAM and ways to configure it. With this brief overview you should be able to quickly run through the default configuration files distributed with your favorite flavor of Linux and understand it. Many how­to's and examples of configurations with third­party authentication schemes exist, but go outside this brief overview. Check the pam-usb module for the cheapest/home-made two-factor authentication solution.

Thursday, November 09, 2006

IndySec 2 Meeting Location

We have a home for IndySec 2!
A special thanks goes to Sean Krulewitch, Deputy IT Security Officer, IU for the help.

What: IndySec 2, with 100% of your daily requirement of Landon Lewis and Honeynets!

: Thursday, November 16th @ 6:30 PM

Where: IT building at Michigan and West street (535 W. Michigan St.) IUPUI campus.

Room Number: IT303, however everyone will need to meet in the lobby so we can get the up to the room. Room phone number will be provided at the security desk for those who are late. Someone will come down and get you (probably me).

Food: Bring your own, but I / we might want to order some pizza with some others.

Parking options:
There are a few parking meters in the parking lot SW of the building (on the yellow strip on the east side of the lot).

Visitors can also park at the North St Parking Garage

There is free parking at 1200 Stadium Dr with a free shuttle to the
IUPUI campus Park in nearby downtown and walk over, or take the free Red-line bus.

Share with your friends and let us know if you have any questions.

This will be a great meeting.

Thursday, October 26, 2006

IndySec 2

IndySec #2 is right around the corner!

Please join us on Thursday, November 16th as we welcome Landon Lewis to discuss Virtual Honeynets.

Landon works for a small boutique consulting company, Digital Bond, Inc. Digital Bond conducts research and consulting for many banking and critical infrastructure entities. Landon is a key member on Digital Bond's security architecture and vulnerability assessment engagements. He also leads in the development and research on SCADA Honeynets. Prior to joining Digital Bond, Landon performed info sec analyst/engineer duties for Midwest ISO, Verisign, and 5/3 Bank.
Topic: Virtual Honeynets
  • Honey*?
  • Honeywall Overview
  • Honeyd Overview
  • Utilizing VMware to develop a realistic honeynet.
  • Possible Target scenarios
  • Event Analysis/Tools
Time and Location still TBD. We hope to have the meeting downtown.

Please share with your friends and fellow nerds!

Thursday, October 12, 2006

IndySec 1

Our first official IndySec meeting was conducted last night. A thank you goes out to all that attended.

The meeting lasted around two hours and the topic of discussion ranged from IDS to network printer vulnerabilities (and what a pain it is to get the word out to the right people).

Look for more information on IndySec 2. We are working on speaker topics and a possible location change (downtown Indy).

Links for discussed items.

Asterisk based trixbox enables even the novice user to quickly set up a voice over IP phone system. trixbox can be configured to handle a single phone line for a home user, several lines for a small office, or several T1s for a million minute a month call center.
Open Source HIDS
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.

Tuesday, September 26, 2006

Almost Famous

Thomas Ptacek from Matasano has given us some free press. I have posted our first meeting date back to the Matasano blog (Oct 11th @ 6:30)

Stephen Moore in Indianapolis is starting IndySec, a CitySec gathering for the (317) area code. He hasn’t posted a date yet, but we’ll update you once we know more.

Indy is only 3 hours from Chicago, so if you can’t wait, ChiSec 7 is fast approaching! We’re still discussing informal speaking slots, and we’ve settled on the November meetup for our first “talky” ChiSec.

Indy is only 3 hours from Boston (by airplane), so if you can’t get enough of this stuff, BeanSec 2 is Wednesday the 27th.

For those of you keeping score at home, CitySec currently includes:

  • ChiSec in Chicago

  • NYSec in Manhattan

  • SeaSec in Seattle (Adam, get SeaSec 2 online. Now!)

  • BeanSec in Boston

  • NoVASec in DC/Balmer/Columbia/Etc.

  • IndySec in Indianapolis (TBD)

Monday, September 25, 2006

meeting tonight! 9/25

Not really "official", but I wanted some administrative to think about possible speaking topics and other ideas for the club. Stop by and give your feedback.

Panera Bread
8300 E 96th St
Fishers, IN 46037

@ 6:30 PM - ?

Saturday, September 16, 2006

First IndySec Meeting: October 11th

Ok nerds, it's time to mingle. Join IndySec at the 96th street Panera Bread on October 11th at 6:30 PM.

8300 E 96th St
Fishers, IN 46037
@ 6:30 PM

A less formal gathering will be held on September 25th, same nerd time and same nerd location.

I am also working on a tech book trade. I have some well worn, but still usable security, sysadmin and cert prep books. I will get a list out ... either we trade or donate.

Thursday, September 14, 2006

First Meeting

Ladies and Gentlemen,

Feel free to pass the word around about our group.

How does October 11th sound for our first meeting? Maybe 6:00 PM?

I am also open to a more informal meeting (is that possible?) the week of September 25th when I get back from SANS Chicago (GSEC).

Please comment on date / time and let me know if anything in particular interests you. For starters, I will be ready to give a candid overview of my SANS training.

Email me directly if you have any questions.

Sunday, September 10, 2006

Meeting Location

Should we choose, we have a home.

By random occurrence, I was able to meet the General Manager of the 96th street Panera Bread. His name was Tony and he was very in interested in our group. He was excited to have us and even gave his personal cell phone number in case we might need it to contact him.

IndySec has full permission to meet at his store.

8300 E 96th St
Fishers, IN 46037
(317) 579-1990


Saturday, September 09, 2006

IndySec Formed

I have decided to create IndySec.
IndySec will be an informal, monthly gathering to talk about operational information security and systems administration.

No officers.
No dues.
No minutes.
Everyone is invited. Nerds preferred.
Anyone may present.

I was inspired to create the group after reading about Richard Bejtlich's NoVA Sec and Matasano's ChiSec. If one has ever heard the phrase "Standing on the shoulders of giants", this certainly applies.

From Bernard of Chartres - (wiki) :
We are like dwarfs on the shoulders of giants, so that we can see more than they, and things at a greater distance, not by virtue of any sharpness on sight on our part, or any physical distinction, but because we are carried high and raised up by their giant size
More information to come ...