Mime-Version: 1.0
Message-Id: <p05010409b6d7c5abd28a@[18.18.1.172]>
Date: Fri, 16 Mar 2001 08:46:49 -0500
To: Security Team <security-internal@mit.edu>
From: Bob Mahoney <bobmah@MIT.EDU>
Subject: Minutes from yesterday's meeting
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

Thanks to Alicia for being scribe!  In attendance:

Peter Swedock, Ai Lab
Noah Meyerhans, LCS
Leigh Heyman, AI
Matt Power, independent
Angie Kelic, grad student
Jonathan Hunt, SWRT
Linda Leblanc, CP
Geoff Goodell, undergrad
Tom Coveny, DCS
Adam D'Amico, newly former student
Roger Dingeldine, former student
Mark Histed, student
Chris Pererson, Whitehead Institute
Mark Riedesel, Sloan school
Gerry Isaccson, Virus dude
Michail Bletsas, Media Lab
Usman Mobin, studnet
Jonathan Wolf, student
Jeff Schiller, NetOps
Bob Mahoney, NetOps


Bob will try to have meetings more often.  (monthly?)

Linda LeBlanc, sysadmin at campus police, will be hanging around a 
bit, as she's working on her SANS certification research paper.

Budget - We're in fairly good shape.  Recent expenditures:

  - new box for sentry
  - new box for looking at red hat update service for ver. 7- Mark is 
working with this.
  - there is training money, if there's any local training you want to 
go to, drop Bob a note
  - if you think of things we should be spending money on, let Bob 
know.  i.e., hardware, books,

10 people went to Incident Response training class last Wed, pretty good.
Appropriate to the audience.

SANS New England in Boston in September (Systems and Network Security)
Certification track for security professionals.  Check out the web 
pages- opportunities exist for volunteers to help with set up and 
such, and then take free classes.

Leigh did the level 2 Intrusion Detection course, liked it.  You will 
be able to test out of the level 1 "essentials" course.

If you make good grades on level 1 you get invited to be on the advisory board.

After the class, there's test & project.
There are 6 level 2 classes.  With those and 2 90's or papers graded 
as honors you get certification.

Most of these are also available on-line.

We're starting to prepare for next summer's boot camp

Adam playing with the NFR IDS.  Really designed for being behind a 
firewall, so it reports lots of stuff we don't care about.  This will 
help us find intrusions and watch trends.

Port scans are a  usually symptom of something else being wrong.
Note: MacOS X comes with a portscanning tool built-in.

Adam playing w/ Snort, open source tool running on the Netwinder box
watch various ports, has a support community

Ethereal - packet analyzer, Leigh familiar with it.  Let's you drill 
down through packets.  Human readable and shows raw data.  Nice 
package.

We really need to update our web pages.

email projects - athena hosts that are accepting insecure 
connections. Current default of mksrv remote makes machines secure 
only, didn't use to.  Now going to send email, tell them how to make 
secure and if they think that would interfere with their work, ask 
them to send mail explaining why.  Draft will be sent to email list. 
Messages will go to discuss, only responses will go to net-sec list.

Bob not against buying a commercial product to solve problem of 
insecure connections to individual machines.

Big target is people doing web publishing.
SSH2 license is very restrictive.

Recent legal issues
Kevin was deposed as one of several Akamai vs whooever
190 page deposition, MIT provided him a  lawyer

Unclear where liability lies between personal and MIT when legal 
things crop up.  Bob is looking into this, especially for situations 
where member of team is not actually currently affiliated with MIT in 
any other ways.

If student staff would like more work- we have lots to do.  Speak up 
if you want to put in more hours!