NetBSD Multimedia Resources List
Links on this page refer to multimedia resources (podcast, vodcast,
audio recordings, video recordings, photos) related to NetBSD or
of interest for NetBSD users.
This list is available as chronological
overview, as a tag cloud and
via the sources.
This list is also available as RSS feed
If you know any resources not listed here, or notice any dead links,
please send details to
Edwin Groothuis so that
it can be included or updated.
Tag: matthew burnside
Public Key sudo
Source: New York City *BSD User Group
Added: 19 August 2008
Tags: nycbug, presentation, sudo, public key, matthew burnside
MP3 version (2 Mb)
Two tools which have become the norm in Linux- and
Unix-based environments are SSH for secure
communications, and sudo for performing administrative
tasks. These are independent programs with substantially
different purposes, but they are often used in
conjunction. In this talk, I describe a flaw in
their interaction, and then present our solution
called public-key sudo.
Public-key sudo is an extension to the sudo
authentication mechanism which allows for public
key authentication using the SSH public key framework.
I describe our implementation of a generic SSH
authentication module and the sudo modifications
required to use this module.
Bio:
Matthew Burnside is a Ph.D. student in the Computer
Science department at Columbia University, in New
York. He works for Professor Angelos Keromytis in
the Network Security Lab. He received his B.A and
M.Eng from MIT in 2000, and 2002, respectively. His
research interests are in network anonymity, trust
management, and enterprise-scale policy enforcement.
Matthew Burnside: Integrated Enterprise Security Mgmt
Source: New York City *BSD User Group
Added: 09 March 2007
Tags: mp3, presentation, enterprise security, matthew burnside
MP3 version
Integrated Enterprise Security Management
Security policies are a key component in protecting
enterprise networks. But, while there are many
diverse defensive options available, current models
and mechanisms for mechanically-enforced security
policies are limited to traditional admission-based
access control. Defensive capabilities include among
others logging, firewalls, honeypots, rollback/recovery,
and intrusion detection systems, while policy
enforcement is essentially limited to one-off access
control. Furthermore, access-control mechanisms
operate independently on each service, which can
(and often does) lead to inconsistent or incorrect
application of the intended system-wide policy. We
propose a new scheme for global security policies.
Every policy decision is made with near-global
knowledge, and re-evaluated as global knowledge
changes. Using a variety of actuators, we make the
full array of defensive capabilities available to
the global policy. Our goal is a coherent,
enterprise-wide response to any network threat.
Biography
Matthew Burnside is a Ph.D. student in the Computer
Science department at Columbia University, in New
York. He works for Professor Angelos Keromytis in
the Network Security Lab. He received his B.A and
M.Eng from MIT in 2000, and 2002, respectively. His
main research interests are in computer security,
trust management, and network anonymity.
|
|