LinuxTag: Security by Transparency

09.05.2011 14:00
Anika Kehrer

One thing is certain: computer security using open source technology will be a wide-ranging key issue at LinuxTag, Europe’s leading trade fair and conference on Linux and Open Source, which will be taking place on the Berlin Exhibition Grounds for the fifth time from 11 to 14 May.

Security Day debut at LinuxTag on 13 May – with a dedicated track and keynote – deadlines for key signing and hacking contest

Berlin, 6 May 2011 – One thing is certain: computer security using open source technology will be a wide-ranging key issue at LinuxTag, Europe’s leading trade fair and conference on Linux and Open Source, which will be taking place on the Berlin Exhibition Grounds for the fifth time from 11 to 14 May.

Friday the 13th is Security Day

Security experts know how important IT security is, both in a private and professional environment. However, even administrators and experienced users have difficulty protecting their company and their personal systems. Computer security is a complex issue, and for many a cause for concern. Many conventional security providers take advantage of this. Their motto is "security by obscurity". The Open Source Arena at LinuxTag will be demonstrating that things can be different. At the Security Day by Astaro, which this LinuxTag sponsor is holding from 10 a.m. to 1 p.m. on 13 May, visitors will be able to find out first-hand what security really means.

Security Day will kick off with a case study on a company whose security has been compromised. Two lectures will immediately deal with an important instrument, that of dual-use tools. These are security programs which can be employed both to positive and negative effect. Visitors to LinuxTag will be able to find out more about ways to configure home networks in order to protect their own systems. A live demonstration of the most recent security gaps will round off the session.

Security track – mission possible!

On 13 May the LinuxTag agenda will feature a special track devoted to security from the open programme of lectures. For instance, how secure is IPv6? Ralph Spenneberg, an independent Linux consultant and book author on security, will be responding to this question. He will illustrate the usual attacks on the IPv6 stack and provide the audience with an overview of problems, possible solutions and best practice techniques for introducing IPv6.

Nor are normal server operations under Linux automatically protected, says Philipp Pobaschnig, a speaker at LinuxTag. A technician and member of the security research group at the University of Klagenfurt, he will be demonstrating how additional tools can be used to implement professional security concepts and solutions. Examples of these are the use of Apache, PHP, SSH, MySQL and phpMyAdmin in Linux and BSD environments.

Those daring enough to engage with the subject of protocol will be making a note of the lecture on Datagram Transport Layer Security (RFC 4347). Robin Seggelmann, the speaker, is a research member at the Faculty of Electrical Engineering and Computer Sciences at Fachhochschule Münster, who examines internet transport protocols and helps to formulate the standards of the Internet Engineering Task Force (IETF).

Keynote – security in “sandboxes“

What is "sandboxing"? For Daniel Walsh, chief SELinux developer at Red Hat, the basic question was as follows: if free software code can be read, then how do those protecting it know that attackers will not attempt to breach it?

An organization heavily involved in this field will be responding to this question. SELinux originated as a Linux extension written by the US news agency NSA in the year 2000. Since 2003 SELinux has become an open source component of the standard Linux kernel. Its current administrator Daniel Walsh will describe how, using SELinux, he is able to lock users of programs inside so-called sandboxes so as to prevent them from doing any damage.

Hacking contest: an on-screen demonstration

Candidates willing to take part in a three-man team and to confront the challenge of demonstrating their hacking skills in front of a large audience can register at the Hacking Contest website.

To date, close to 200 people interested in security issues have taken part in the online game called  "Hack Us!". A raffle has already been held for free tickets to LinuxTag. However, whoever faces up to the web security contest and wins the "Mojo" will improve their chances of taking part.

At the LinuxTag Hacking Contest several teams will compete with one another. None of them will be able to see the other’s keyboard movements, but the audience will be able to follow them on large screens. Firstly, taking advantage of any available gaps in security and any tricks they may know, they will have to prepare a newly set up system to make it as difficult as possible for other experts. Then the teams will swap computers, attempt to identify the traps and loopholes set by the others, and tighten up the system that they have been presented with, in other words, to make it more secure. In the third stage, using the local network, they will attempt to penetrate their original, compromised system, which has been similarly “improved” by their opponents. Following Stage 2 points will be awarded for any security gaps that can be closed, and additional points can be won after Stage 3 for any gaps that still remain. What is more there are prizes to be won. More details on the Hacking Contest are available at: http://hacking.linuxtag.org/ signing – who can be trusted?

Keysigning - who can be trusted?

A lock is of no use if its key gets in the wrong hands. At so-called key signing parties key owners identify and certify one other. LinuxTag will be offering visitors this chance on 13 May, from 3 to 4 p.m. Karlheinz Geyer, the long-standing organizer of this party, points out that anyone interested must register by 8 May.

Martial arts workshop – security in 3-D

Organized in cooperation with the Shaolin Centre in Berlin-Zehlendorf, a special security workshop will be taking place on Tai chi chuan, a taoist martial art. Visitors to LinuxTag can take part and will be shown the energy and force that this martial art instils by experienced teachers and masters. Afterwards they will take their first steps into the world of Chinese shadow boxing.

The workshop entitled "Tai chi chuan – self-defence in the Summer Garden" will be taking place on Friday at 4.15 and 5.15 p.m. Anyone wishing to take part can register provisionally with Linda Garbe (garbe@linuxtag.org). The fee is 12 euros per person. Participants will meet in front of the Marshall House in the Summer Garden on the grounds of Messe Berlin.

More information on Security Day is available on the LinuxTag website under Program/ Topics of Focus / Security.

About LinuxTag

LinuxTag is Europe’s leading specialist trade fair and conference for all aspects of open source Linux and free software. This four-day event has been taking place since 1996, and since 2007 it has been held annually on the Berlin Exhibition Grounds. It offers the very latest information for professional users, decision-makers, developers, newcomers and the community. In addition to the programme of papers and a separate conference for business and public sector authorities, LinuxTag traditionally includes an exhibition featuring projects and companies associated with the open source sector.  Verein LinuxTag e.V. is the non-commercial organizer of the event, which it stages jointly with Messe Berlin GmbH. More information is available at www.linuxtag.org.


Files:
HC_7_8320.jpg1.0 M
Category: press, Homepage