[olug] OT? - NEbraskaCERT Feb 21, 2007 - CSF Annoucement

Aaron Grothe ajgrothe at yahoo.com
Wed Feb 14 08:26:07 UTC 2007

Hey Guys,

Matt Payne is going to be doing the NEbraskaCERT February CSF on SSH.
 Looks to be a good talk about going beyond the basics with SSH.  If
you can't make it you might want to check out the slides which we'll
get posted after the CSF next week.


"The Journey is the Reward" - Old Zen Buddhist Saying

Omaha's Cyber Security Forum welcomes you!  February's meeting is at
7:30 a.m. on Wednesday the 21st and regular meetings will continue
to be held on the third Wednesday of each month.  Details are as

Note #1: The new csf-announce e-mail list is up.  Please send an
         e-mail to csf-announce-subscribe at nebraskacert.org to 
         subscribe to the new list.

Note #2: The NEbraskaCERT conference for 2007 Call for Presenters
         will be going out before the end of February.

  TOPIC:  SSH Hardening for the Enterprise
  BY:     Matt Payne, CISSP
          University of Nebraska at Omaha
          Senior Technology Research Fellow
  WHO:    All Nebraska/Iowa Information Security Professionals
  WHEN:   Wednesday - February 21, 7:30 am - 9:00 am
  WHERE:  Bellevue Lifelong Learning Center 1600 Highway 370,
          Bellevue NE
  WHY:    To share information with like-minded professionals
          (and to share a FREE continental breakfast provided you
  HOW:    YOU MUST RSVP to csfrsvp at nebraskacert.org and provide
          your name, company, phone and email address
          by Close Of Business Monday, 19 February.

  DESCRIPTION:  Many SSH installations have dangerous default 
    settings enabled.  This talk discusses some of these 
    vulnerabilities, how to check for them, and ways to 
    mitigate them.  Additionally, some good practices (and 
    handy tricks!) for using SSH to improve security are proposed
    and demonstrated.

    Leave February’s Cyber Security Forum with SSH knowledge
you can
    put to work that same day: (0) Understand the three services SSH
    provides: terminal, file transfer, and port forwarding (aka
    tunneling) (1) does your network allow SSH tunneling to violate
    your firewall policy? web content filtering policy? VPN policy?
    Understand ways to stop these potential violations (2) Use SSH
    to create two factor authentication and improve logging (3) Use
    OpenSSH configuration options to narrow the use of SSH’s
    features to specific use cases (4) Lower the risk of MiTM
    attacks.  (5) Use SSH as network duct tape.

If those of you who have access to lists of interested individuals
would pass this message along, it would be appreciated!

I look forward to seeing you at the meeting.


Aaron J. Grothe
5719 NW Radial Highway
Omaha NE, 68104-4141
csfrsvp at nebraskacert.org
Phone 402.551.9817
Fax   402.551.9819

Yahoo! Music Unlimited
Access over 1 million songs.

More information about the OLUG mailing list