[nycbug-talk] Some BSDCan notes
george at sddi.net
Wed May 19 17:58:38 EDT 2004
Here are some brief notes I compiled during the BSDCan meetings. Sorry
if some of it seems a bit disconnected. I find, particularly so many
years after college, that notes are a distraction to understanding a
Will be putting some of the trip pictures up on DN at some point in the
near future. . .
3:30 pm Paul GBDE
Ease of changing passwd?
Can't be broken until AES is cracked
More productive to get the passphrase
no differential crack possible. . .which is a weakness in AES algorithm
review good passphrase characteristics
can pull passphrase from anywhere: keyboard, usb key, etc
two parts= sth you know + something you have
simple steps to implement
http://phk.freebsd.dk/pubs for slides
weaknesses in CGD:
can't chance passwd without reencrypting
not for enterprise
= = = = = = = = = = = = =
pf talk, Ryan McBride
what you can could with it and why you should use it.
os fingerprinting, based on syn packet based on p0f, but can be spoofed
redirection, nat, binat
nat'g source port
dos bandwidth based difficult to deal with
other dos attacks can be defended against
carp started with samba servers. . .redundancy
force routing. . .multihomed firewall
but bgp is still better. . .
if stateful connection, carp can be a problem with eg, key exchange,
= = = = = = = = = = =
Friday, May 14, 11:30 am Dan Langille, Bacula
Kern in Switzerland is the developer
Native Windows application as backup client
tar/scp, to rsync, but it doesn't solve dated material with rotation.
four main daemons, could be on separate machines:
storage, to access files, disk, as operator
client, run as wheel/root
director, manages others, as special
console, command line, talks to director, backups and restores from here
web interface, php-based
no need for cron. . .all internal to Bacula
restoring to windows, bare window restore, done by someone?
remote verification md5, "no need to do test restore" DL
Untrusted networks. . .
need for two tunnels
dir to file client
file client to storage daemon
port redirection through firewall with NAT
mailing list has over 500 subs, busier than FBSD-hacker list
question: win laptops. . .sporatic uptime
question: clients doing restore via www interface
question: why no use ipsec, since it's one to one, as opposed to ssl,
which is one to many
question: HFS+. . .does run on OS X, both client and servers, resource
question: minimum database requirement. . .can use sql lite, as long as
db not over 2 gig. if not, postgres
question: win client, email notification of successful job
question: file system readable? yes/no. can't use tar to read.
question: encryption. . do it from client side.
question: more encryption
question: compression? yes. ..over network included.
question: how to idiot-proof client restores.
question: console is interactive
question: it's in ports, debian, mandrake
question: unison, different versions won't talk. doesn't need same
version, depends is protocol has changed
More information about the talk