LinuxWorld Expo, NYC 2002

The IDG World Expos, held at the Javits Convention center in Manhattan,

are best known for the exhibitor's floor, not high-quality technical

talks. They are generally marketing events featuring lots of products

and booth toys, so I was a bit surprised to learn that Jay Beale, lead

developer of Bastille Linux, would be giving tutorials at LinuxWorld.

Was this the right venue for a serious technical presentation along the

lines of SANS or BlackHat?

I needed to write a lockdown guideline for Linux systems, so attending

Jay's 2-part tutorial titled "Securing Linux/Unix Systems" seemed like

a perfect opportunity. It quickly became apparent that there was a lot

of interest in the subject -- too much, in fact. Jay could have done a

week's worth of tutorials based on the questions alone.

The morning session devoted a lot of time to basic firewall issues that

would have been better suited for a separate talk. Jay did an excellent

job covering ipchains and iptables but was often led on tangents by

audience questions regarding various firewall products and

technologies. The interest was definitely there and audience

participation is always nice, but Jay needed to cover a lot of material

in a shrinking amount of time. Still, he managed to cover Linux

services and daemons -- particular areas of interest to me. Since the

desired security model is to run a minimalist set of services, knowing

which services can be safely turned off and which files control their

startup is important. Having just installed Linux on my laptop, I was

interested to learn about "anacron", a cron-like utility for systems

that are frequently turned off.

The afternoon session covered securing application servers such as DNS,

Web, FTP, and Mail. This session presented a lot of good information

that would be applicable to any Unix platform, not just Linux. Any of

these topics could have been covered in depth, but Jay presented enough

information and resources to get administrators started. However, I

disagreed with the suggestion to run sendmail out of inetd/xinetd so

that it would not run as root. From sites that I've worked on, this

would be far too inefficient and I'd prefer to use a chrooted

environment instead. Really covering sendmail security issues and

configurations would take at least a day by itself though.

Clearly a market in the NYC area exists for high-quality technical

tutorials like this one. The question remains whether IDG World intends

to expand the technical presentations or keep the focus on vendor

exhibits. I certainly wouldn't mind attending good technical talks

without having to travel. My only complaint is with the Javits

Convention Center itself, which is in a lousy part of town not serviced

by mass transit. No restaurants are within reasonable walking distance

and the Food Court is awful. Unfortunately, the Javits Center's

problems are outside IDG's control, but hopefully IDG World will

continue brining in quality speakers to compensate for it.

ITWorld DealPost: The best in tech deals and discounts.