05/14/02 RMIUG Meeting - Network Security in an Unsafe World

(note: No "April Fooling" around this time - this one's for real!)

The Tuesday, May 14th meeting of the Rocky Mountain Internet Users Group (RMIUG) will feature a panel discussion called "Network Security in an Unsafe World." Join us as our expert panelists help us understand the issues related to keeping networks secure and what causes that security to be breeched at times. Even if you're not directly responsible for network security in your work, this panel promises to offer a fascinating glimpse into the mostly unseen world of Internet security and the cat-and-mouse battles between hackers and system administrators. As always, plenty of time will be given for interactive Q&A, so bring lots of questions.

Trent Hein (trent@atrust.com) and Ned McClain (ned@atrust.com), founders of Applied Trust Engineering, will give a presentation entitled "Beyond the Firewall: Completing the Security Model." They will cover issues such as user education, security policy, sysadmin procedures, security incident handling, vulnerability testing, and software patching, which are necessary security measures even when you have a firewall. These often-overlooked aspects of security can make the difference between surviving a disaster and being crushed by it. Trent and Ned recently teamed with other industry experts to co-author the Linux Administration Handbook, and we will be giving away a free copy at the meeting. Applied Trust Engineering, based in Boulder, provides IT security and infrastructure services.

Robert Gray (bob@boulderlabs.com) founder of Boulder Labs and David Clements (David.Clements@Colorado.EDU), partner at Boulder Labs will give a presentation on the security of wireless networks. Wireless Networks are pervasive, and the speakers find that 80-90% of these networks are wide open to anyone with a laptop and a wireless card. For those networks which do enable Wired Equivalent Privacy (WEP) encryption, a series of attacks will usually break the encryption key, thereby compromising the network. The speakers will show the results (including a map!) of their "War Driving" experiment in Boulder, which is a method used to find open networks in an area. Finally, they will describe numerous precautions for securely deploying a Wireless Network. Boulder Labs is a Colorado based, software consulting company with expertise in embedded systems, Network Security, and System Administration.

URL's of interest:

• Applied Trust Engineering, http://www.atrust.com/
• Companion site to UNIX System Administration Handbook, co-authored by Trent Hein, http://www.admin.com/
• Boulder Labs, http://www.boulderlabs.com/
• "Open networks vulnerable," Longmont Daily Times-Call, http://www.longmontfyi.com/business2.htm#story5
• "Finding networks in thin air," Daily Camera, http://www.thedailycamera.com/business/tech/20bwire.html

The meeting is Tuesday, May 14th from 7:00 - 9:00 pm (with optional 6:30 pm start for refreshments and informal networking). The meeting will be held at The National Center for Atmospheric Research (NCAR) at 1850 Table Mesa Drive in Boulder. To get to NCAR from the Boulder Turnpike (US 36) or Broadway (US 93), take Table Mesa Drive west towards the mountains for approximately 2.5 miles into the foothills. NCAR is at the top of the hill. For door-to-door driving directions, go to MapQuest (http://www.mapquest.com/ ), click on Driving Directions, enter your starting address, NCAR's address, and voila! Park in the NCAR lot, go in the main door, and ask the guard to point you to meeting, which is held in the main auditorium, right off the lobby. The meeting is free and open to the public, but we may pass the hat to help defray expenses.

Our meeting location seats about 120 people. That is usually enough room to accommodate all attendees, but it's impossible for us to predict how many people will show up for any given meeting. Seating is always on a first-come, first serve basis, and in the event of more attendees than seats, we won't be able to admit additional people into the auditorium after all seats are filled.

*** We'd like to give a big welcome to our new sponsor, ONEWARE (http://www.ONEWARE.com) -- a Colorado-based software company that provides semi-custom web-based applications, who is sponsoring the RMIUG meeting minutes! ***

RMIUG also appreciates the ongoing sponsorship of food and beverages by MicroStaff (www.microstaff.com). MicroStaff provides Creative and Technical Talent for Web, Interactive Media, Marketing Communications and Software Development projects.

Consultants and companies are invited to bring Internet-related Product information, brochures, and business cards which will be displayed on an information table.

There are email mailing lists set up for this group. To subscribe or unsubscribe, see http://www.rmiug.org/maillist.html You can also reach the RMIUG "Executive" Committee at rmiug-comm@rmiug.org. Our web site is at http://www.rmiug.org/

Tentative schedule of upcoming RMIUG meetings:

• July - Sorry, cancelled due to venue unavailability (stay tuned for possible RMIUG "Segue (not Segway ;-) into Summer" BBQ)
• September 10 - "Technology and the Internet in Colorado Politics"
• November 12 - "Starting an Internet/Software Company Today"
• Jan 2003 - "Nonprofits on the Net - A Web of Activism"
• Mar 2003 - "Domain Update - Legal Issues & Technical Changes"
• May 2003 - "Web Technology - What the Present and Future Holds"
• July 2003 - "E-Learning: Did the Hype Ever Pan Out?"
• Sep 2003 - "Instant Messaging vs. Email vs. Web"

(To suggest a topic, send your idea to rmiug-comm@rmiug.org)