September 2005 Topic

We have several available speakers for the September meeting. What topic would you like to hear at the September meeting? Dr. Ram Rao of [url=http://www.hp.com]HP[/url] has volunteered to speak at the September meeting. He's planning on discussing a Survey of Virtulization Technologies for Linux. Dr. Rao spoke on [url=http://xen.sf.net]Xen[/url] at the May 2005 meeting and plans on covering a variety of virtualization technologies (including Xen) in his talk. Josh Bressers of [url=http://www.redhat.com]RedHat[/url] has volunteered to speak at the September meeting on [url=http://www.nsa.gov/selinux/]Security Enhanced Linux (SELinux)[/url] Matt Jonkman of [url=http://www.infotex.com]InfoTex[/url] has volunteered to speak on anti-spyware, spam fighting, and an update on [url=http://www.bleedingsnort.com]BleedingSnort[/url] at an upcoming meeting. Mr. Jonkman gave a talk on [url=http://www.bleedingsnort.com]BleedingSnort[/url] at the February 2005 meeting.

Comments

Re: September 2005 Topic

We've planned out the next 3 months:

September: Dr. Ram Rao with a Survey on Virtualization Technologies in Linux

October: Garrett Honeycutt with Machine Monitoring with Nagios and
graphing with PerfParse

November: Josh Bressers on SELinux

Re: September 2005 Topic

I vote for SELinux

Re: September 2005 Topic

I am interested in both Ram and John's topics. If possible lock one of them for sept. and one for oct. Its nice to know what is comming in the future.

Re: September 2005 Topic

I would love to hear about SELinux this September.

I am currently monitoring machines with Nagios and graphing with PerfParse. If you're interested in hearing about it I could speak in October or whenever is free.

Re: September 2005 Topic

I'll repost what I posted on the mailing list...

I'd like to hear about how SELinux can be configured to pass the government NISPOM chapter 8 auditing policy requirements; specifically DSS C2 PL-1 audits for systems where ALL users have formal access approval and ALL users have the "need-to-know." By the way, to folks on this list who don't know the jargon, the DSS is the Defense Security Service and their website is ( http://www.dss.mil ). CA stands for Controlled Access Protection see ( http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.txt ) and PL-1 stands for Protection Level 1 and it is the easiest of the 4 levels to pass...however it is by no means easy to pass. Chapter 8 of the NISPOM can be seen here ( http://www.dss.mil/isec/change_ch8.htm ). I have been using a product called Snare for Linux ( http://www.intersectalliance.com/projects/Snare/ ) to pass these audits.

In regards to the time-frame, I'd rather have Josh do the Sept. presentation (since I will most likely not be able to make the October one due to a new member of my family arriving at that time). Not that I wouldn't LOVE to hear Dr. Rao speak again, but I am somewhat involved in Linux Security at Rolls-Royce and I really want to hear about the SELinux stuff.