DNSSEC

This month, SGVLUG member Carlos Meza will preview his SCALE 14x talk on DNSSEC. Why should you care?

"DNSSec is an absolute requirement if we want to ... use the Internet for anything non-trivial." - Cricket Liu, Leading expert on the Domain Name System (DNS)

"The Internet needs this technology and it needs it now" - Vint Cerf, Father of the Internet

"It is arguably one of the most important security improvements to the Internet ever." -Steve Crocker, Internet Pioneer and Chair of the Board of ICANN

Abstract:

DNS (Domain Name System) is used by everyone who is a consumer of the Internet. It is a core component of the Internet, yet it is completely insecure. This puts us all at risk. DNSSEC offers a solution to address the vulnerabilities of DNS . For this reason I hope stir up demand and motivation to deploy DNSSEC.

We will go over the basic of DNS and its vulnerabilities. Then we will go over how DNSSEC works and the solution it provides. As users, we will look at why it is important for our safety to require that our service providers (ISPs, Registrars, Hosted Services (banking, commerce, etc)) provide DNSSEC. And we will also look at some user-end tools available to advantage of DNSSEC today. We will go over reasons why companies would want to make the effort and investment. For sysadmins, we will go over tools to aid with deployment and some considerations to be aware of.

At its essence, DNS translates names, that humans understand, to IP addresses, that computers understand. This is how we are able to find other computers on the Internet (webpages, email servers, etc). But DNS does not provide a way to validate the answer we receive. This exposes all of us to a large vulnerability. Exploits such as DNS hijacking and DNS cache poisoning miss direct us and can lead us to potentially malicious computers. DNSSEC provides a solution to this by allowing authentication of DNS data through a chain-of- trust. Being able to trust DNS goes a long way to creating a safer Internet.

When we can trust DNS other things become possible. We can now leverage DNS to store other information such as cryptographic keys. This means we can store and trust self signed SSL certificates in DNS because it is now a trusted source. This eliminates the need for certificate authorities and the issues with them.

DNSSEC is a great improvement on a fundamental component of the Internet we all us.

Biography:

Carlos has worked many years as a system administrator. His interest include InfoSec, site reliability and automation, and open source development. While volunteering as an Interop Team Member, he was introduced to the significance of DNSSEC.

Links:

Meetup Event Page


Year in review, SCALE, and Open Mic Night

There is no formal presentation this month. We will go for adhoc talks and discussions including:

  • SGVLUG/SGVHAK year in review + how you can contribute to keep the group going
  • Southern California Linux Expo roundtable. What is the discount code? Who will be speaking at SCALE? What are the plans for our booth? What is the SCALE A/V team working on?
  • Jess will give an overview on the current state of Linux Desktop Environments for those curious about what else is available out there

Meetup Event Page


Twentieth Anniversary

SGVLUG is turning 20 and the entire Southern California Linux community is invited to share in the celebration with fun, food, and prizes! Whether you're a new or a veteran user, there's something for everyone as we reflect on what we've accomplished together and envision where we're going -- all powered by our favorite operating system.

We welcome former members who may have lost touch and want to reconnect with us see and some familiar faces (and some new ones too). We also would love to meet others Linux users from other groups around SoCal and hear what other groups are up to. Food and drinks will be provided, graciously sponsored by our venue host OpenX.

We have some great things planned for a night of fun:

  • Community project demos
  • LAN gaming
  • Linux Jeopardy!

RSVP @ Eventbrite

20th Anniversary Poster


Automating Basic IT Functions with Puppet

Abstract:

We will cover how to set up and define your home IT services from code. Topics covered will range from installing the puppet master service, through setting up the agent service, to defining common service modules in a RedHat based environment. Cross platform topics, including writing modules to support Windows and Ubuntu, will be covered in as much detail as interest permits.

Biography:

Matt Campbell has been active in technology and electronics since the late 80s in a variety of roles. His background spans technical expertise in Unix OS and kernel design, the marriage of art and technology in feature film special effects, and delivery of solutions on cloud, database, virtualized, and mobile platforms.

Matt's first company was founded on principles similar to modern dev-ops practices. Defining the data structures of DVD authoring by developing a language describing the desired layout and interaction allowed the studio to deliver products for a fraction of the cost of competitors while supporting interactivity unavailable to the major studios at the time.

Currently a corporate technology strategist, he is defining services for a post cloud world with a 200,000-employee organization facing billion dollar technology budgets and rapid growth.

Presentation Slides

Meetup Event Page


SGVLUG/SGVHAK BBQ #3

You and your family are cordially invited to the SGVLUG & SGVHAK potluck BBQ on Saturday, September 19th from 3:30pm to 10pm in the city of San Gabriel.

Please RSVP by September 17th by filling out this Google form.

You will receive directions to the venue after you submit the RSVP. You can revise your RSVP at any time. Some Google scripting magic automatically updates the RSVP with how many people are expected and what people say they are bringing. Obviously, the earlier you RSVP, the more accurately we can plan.

Hope to see you there!


Action-Movie Crypto

This month, long-time SGVLUG member Dustin Laurence reprises his SCALE 13x talk. We'll also be talking about the SGVLUG BBQ for September, the 20th anniversary party plans for November, and SCALE 14x.

Abstract:

The details of how cryptographic algorithms are designed, implemented, verified, and assembled into cryptosystems requires expert knowledge. Fortunately, the big picture of how the resulting cryptosystems are used does not. For most users and even most programmers, the underlying algorithms are black boxes that they do not and need not understand, while the language and conceptual framework of modern cryptography are very useful in putting those algorithms to practical use.

We will sketch out that conceptual framework at action-movie speed using the simplest of classical cryptographic algorithms to represent the modern black boxes for concreteness while studing everything but the algorithms themselves. After the presentation you should understand: elementary cryptographic language, security as a probabalistic rather than absolute guarantee, why the size of the keyspace matters, why practical security depends on choosing keys randomly, what side-channel attacks are, what public-key cryptography is, and what a digital signature is. You should also have the basic conceptual framework and vocabulary for further study or self-study. The presentation should be accessible to beginners of all ages.

Biography:

Intending to become a programmer ("developer" hadn't been invented by the marketing department yet), Dustin got sidetracked and spent more time than he cares to admit doing theoretical physics, a background filled with continuous mathematics almost entirely irrelevant to computer science and cryptography. He eventually returned to his original love, and these days writes cryptographic and embedded software for Gem, Inc. He believes that every programmer and indeed every citizen must be cryptographically literate in the world he and many, many others are busy creating. He avoids social media for the same reason he doesn't do crack cocaine.

Meetup Event Page