February 05, 2002, 12:00 AM — The IDG World Expos, held at the Javits Convention center in Manhattan,
are best known for the exhibitor's floor, not high-quality technical
talks. They are generally marketing events featuring lots of products
and booth toys, so I was a bit surprised to learn that Jay Beale, lead
developer of Bastille Linux, would be giving tutorials at LinuxWorld.
Was this the right venue for a serious technical presentation along the
lines of SANS or BlackHat?
I needed to write a lockdown guideline for Linux systems, so attending
Jay's 2-part tutorial titled "Securing Linux/Unix Systems" seemed like
a perfect opportunity. It quickly became apparent that there was a lot
of interest in the subject -- too much, in fact. Jay could have done a
week's worth of tutorials based on the questions alone.
The morning session devoted a lot of time to basic firewall issues that
would have been better suited for a separate talk. Jay did an excellent
job covering ipchains and iptables but was often led on tangents by
audience questions regarding various firewall products and
technologies. The interest was definitely there and audience
participation is always nice, but Jay needed to cover a lot of material
in a shrinking amount of time. Still, he managed to cover Linux
services and daemons -- particular areas of interest to me. Since the
desired security model is to run a minimalist set of services, knowing
which services can be safely turned off and which files control their
startup is important. Having just installed Linux on my laptop, I was
interested to learn about "anacron", a cron-like utility for systems
that are frequently turned off.
The afternoon session covered securing application servers such as DNS,
Web, FTP, and Mail. This session presented a lot of good information
that would be applicable to any Unix platform, not just Linux. Any of
these topics could have been covered in depth, but Jay presented enough
information and resources to get administrators started. However, I
disagreed with the suggestion to run sendmail out of inetd/xinetd so
that it would not run as root. From sites that I've worked on, this
would be far too inefficient and I'd prefer to use a chrooted
environment instead. Really covering sendmail security issues and
configurations would take at least a day by itself though.
Clearly a market in the NYC area exists for high-quality technical
tutorials like this one. The question remains whether IDG World intends
to expand the technical presentations or keep the focus on vendor
exhibits. I certainly wouldn't mind attending good technical talks
without having to travel. My only complaint is with the Javits
Convention Center itself, which is in a lousy part of town not serviced
by mass transit. No restaurants are within reasonable walking distance
and the Food Court is awful.