FRUUG - Front Range Unix Users Group
FRUUG home
meeting
meeting archive
about FRUUG
library
join FRUUG
jobs
contact info
top_left
inside
March 2002 Newsletter of the
Front Range UNIX Users Group


Cndnsd Vrsn: 4 PM Wednesday March 13th ACS Room 123- Securing Your DNS Server

Contents:


Securing your DNS Server

The next meeting of the Front Range UNIX Users Group (FRUUG) will be held at 4:00 P.M. on Wednesday, March 13th. Cricket Liu, co-author of the definitive "DNS and BIND" book, will discuss how to secure your DNS server. This is the second in three talks on security issues. Last month we heard about using open-source security tools, and next month we hear about securing wireless networks.

Widely publicized DNS failures at several large companies, including Microsoft, have raised the public's awareness of the vulnerability of the Internet's DNS infrastructure. In this talk, Cricket will examine several DNS vulnerabilities and will discuss techniques to harden name servers against attack.

In addition, Cricket will respond to FRUUG member requests and provide some tips on how to make your DNS server a good network citizen. At our March 2001 meeting on DNS Damage, Evi Nemeth showed us just how many requests of the DNS Root Servers were bogus, and traced many of the problems to incorrect default settings in Microsoft Windows servers. Cricket will discuss some of the bogus queries that Evi's work found and how to prevent your site from issuing them. Slides and more information on Evi's talk are located in the FRUUG meeting archive.

About the Speaker

Cricket Liu is the co-author of all of O'Reilly & Associates Nutshell Handbooks on the Domain Name System, DNS and BIND, DNS on Windows NT, and DNS on Windows 2000, and was the principal author of Managing Internet Information Services.

Cricket worked for five and a half years at Hewlett-Packard's Corporate Network Services, where he ran hp.com, one of the largest corporate domains in the world, and helped design the HP Internet's security architecture. He later joined HP's consulting organization to found their Internet consulting business.

Cricket left HP in 1997 to start his own company, Acme Byte & Wire, with his friend and co-author Matt Larson. Acme Byte & Wire specialized in consulting and training on the Domain Name System, including both the BIND and Microsoft DNS Server implementations. Acme Byte & Wire's customers included over 10% of Fortune 100 companies.

Network Solutions acquired Acme Byte & Wire in June of 2000. Subsequently, Network Solutions merged with VeriSign. Cricket became Director of DNS Product Management of the merged company, helping determine which new DNS-related products VeriSign would offer.

Cricket left VeriSign in June, 2001, to join Men & Mice, an Icelandic company specializing in DNS software and services. As Vice President, Research & Development, he develops courseware, teaches classes, and heads the company's consulting organization. Recently, Cricket finished the fourth edition of DNS and BIND, to cover BIND versions 8.2.3 and 9.1.0.


Meeting Location

This meeting will be in room 123 of the CU Academic Computing Center building at Arapahoe and Marine Streets in Boulder. Marine St intersects Arapahoe at 38th St; the Computing Center is on the southwest corner.

See <http://www.fruug.org/announcement/index.html> for map


Our Last Meeting

At our last meeting, Trent Hein and Ned McClain discussed the use of open-source security tools to protect your networks, including nmap, nessus, and the Coroner's Toolkit. Their presentation slides are available in the FRUUG meeting archive at www.fruug.org/mtgarchive/index.html.


Future Meetings

We have a great set of meetings lined up for the future. Those with firm dates include:

  • April 4, David Clements and Bob Gray will talk about how to secure your wireless networks, and will include the results of their 'drive-by' survey of wireless network insecurity in and around Boulder.
  • April 25, Peter O'Neil from NCAR will speak to us about both web100 (http://www.web100.org/) and net100 (http://www.net100.org/), initiatives to work towards 100 percent utilization of network media such as Ethernet.

Other meetings we're planning for the future include UNIX interoperability with MacOS X, IP-based Storage Area Networks (SANs), and an update on how to control spam-- unsolicited e-mail.


FRUUG Giveaways

Last month we began our new FRUUG Giveaway program with new eligibility rules. In order to be eligible for our giveaway that includes Gift Certificates to SoftPro Books and Special Giveaway Books from our publisher sponsors (and of course the occasional T-Shirt), you must have earned a FRUUG Library Merit Badge by reviewing one of the books in our library. These reviews can be as short or as long as you like (within reason), and once you've given us one, your eligible for our giveaways from then on. Details are on our FRUUG Library Page on our Web site.

Just so we don't end up with the absurd situation of one person winning all of our giveaways because only one person writes a book review, we're guaranteeing the first five people to earn the FRUUG Library Merit Badge the gift of your choice from the following selections:

  • A $20 Gift Certificate from SoftPro Books in Boulder or Denver. If more than one person per month selects this option, you'll be put in the queue to get the next one we receive (SoftPro donates one per meeting).

  • The book of your choice from the FRUUG library. Yes, any book you like. Yes, if you're one of the first five, review the book and then keep it.

Three people have already taken advantage of this great offer; the next two reviewers will still be guaranteed the gift certificate or the book of their choice. Please refer to the FRUUG Library Page on our site for details on how to submit a book review.


FRUUG Library Notes

Our FRUUG library sponsors are reminding us that they are providing us with review copies of their books in order to get, well, reviews of them. In order for us to continue to receive their generous donations, we need to start giving them feedback on their books. If you check out a FRUUG book, please plan to write a paragraph on what you thought of the book, or point out areas that you particularly liked or didn't like. They don't have to be polished reviews for publication-- they are reviews for them to improve their books. If you can manage to put a few words together, please send them (along with the title and publisher of the book) to gaede at fruug.org and we'll send it along to the appropriate people.

New in the library this month are:

  • Java RMI, by William Grosso, from O'Reilly & Associates.
  • Learning the UNIX Operating System, by Jerry Peek, Grace Todino, and John Strang, from O'Reilly & Associates.
  • Programming Web services with SOAP, by James Snell, Doug Tidwell, and Pavel Kulchenko, from O'Reilly & Associates.
  • Python Web Programming, by Steve Holden and David Beazley, from New Riders.

You may check out books using your business card as your library card; you must be on the membership list to check books out. Books are due at the meeting following the one in which they are checked out.

Remember that your FRUUG membership entitles you to discounts on your book orders from both New Riders Publishing and O'Reilly & Associates; refer to the FRUUG Web site for details.


Donate Your Old Calculator

Miriam Gilbert is trying to equip an eighth grade math class at Casey Middle School with graphing calculators. If you have one that you could donate, or wish to contribute to this program, please contact Miriam at MxGilbert2@aol.com, or call her at (303) 818-7187.

Site Map Recruiter Info
February 15, 2009

February 2008: FRUUG Enters Quiescent Phase
After 27 years running, we're suspending operations.

Future Meetings:
None planned

Site by
Lone Eagle Systems, Inc.,
Hosted courtesy of Indra