Fwd: Medlemsmte i NUUG Oslo 2024-03-12: FreeBSD and the absurdities of security compliance, med Eirik verby, p Rebel i Oslo
Luna Jernberg
droidbittin at gmail.com
Thu Feb 1 11:43:24 CET 2024
Norsk FreeBSD föreläsning 12:e Mars 2024
---------- Forwarded message ---------
Från: Peter N. M. Hansteen <peter at nuug.no>
Date: tis 30 jan. 2024 kl 20:38
Subject: Medlemsmte i NUUG Oslo 2024-03-12: FreeBSD and the
absurdities of security compliance, med Eirik verby, p Rebel i Oslo
To: <interesserte at nuug.no>
Medlemsmøte i NUUG Oslo: FreeBSD and the absurdities of security compliance,
med Eirik Øverby, på Rebel i Oslo FreeBSD and the absurdities of security
compliance
Norwegian Unix User Group (NUUG) arrangerer medlemsmøte på Rebel i
Oslo.
Tid:
Tirsdag 12. mars fra klokken 18:30 til 21:00
Sted:
Kim-rommet på Teknologihuset, [22]Universitetsgata 2, Oslo.
kart: https://maps.app.goo.gl/SotyDwQJSBUkt2Hy5
Møtet vil også bli direktesendt over internett, se linken øverst til
høyre i dette nettleservinduet.
NUUG inviterer medlemmer og andre interesserte til faglig foredrag med
påfølgende diskusjon. Arrangementet er gratis.
Månedens tema er: «FreeBSD and the absurdities of security compliance»
med Eirik Øverby. Foredraget vil foregå på engelsk.
Kort om presentasjonen:
Vi i NUUG har gleden av å få besøk av Eirik Øverby fra Modirum som
skal holde et foredrag for oss om FreeBSD og sikkerhet, med tittel
FreeBSD and the absurdities of security compliance.
Assume absurdity, embrace sanity. Welcome to The Blame Game.
The world of security compliance is defined by a few key players:
The ones writing the requirements, the ones covering their asses,
and the ones who'll be blamed in the end. Since about 2008 we've
been firmly placed in the latter category, and despite the obvious
downsides it is, really, where we prefer to be.
Security requirements pertaining to the payment industry include the
various PCI standards, card system specific requirements, national
and regional laws, regulations and directives, and whatever else
comes to the minds of the various players. While there is sanity to
be found in some of them, there is also plenty of absurdity. It is
this, above all, that leads us to use the term "The Blame Game"
about it all.
We do pretty much everything with FreeBSD. From routers (bsdrp) and
firewalls (opnSense) to application- and database servers;ff we're
running FreeBSD everywhere. The only closed-source software we
employ are our own applications (boo!). Our basic principle has
always been to identify the root cause of a security requirement and
then comply in a way that goes beyond "ticking the box"; whatever we
do has to be useful and practical - and not something we're ashamed
to talk about.
What we want to show:
* Compliance is much harder than security
* but not because the tools can't do it
* Open Source, and FreeBSD, CAN be used to achieve compliance in the
payment industry
* If you implement sane security measures, compliance is nearly free
* The hardest part is explaining what you've done and why
Om foredragsholder:
Model `77, Slackware-gone-BSD in the early 00s, escaped the dying world
of OS/2 to be doomed to death by Netcraft for another decade. Now
managing jailed (but not dead!) systems for a living and as a hobby.
Mid-life crisis topic: Retro PCs.
Alle medlemmer og ikke-medlemmer er velkommen
Meld deg inn i NUUG slik at vi kan arrangere enda flere spennende
foredrag. Du kan melde deg inn her: [24]https://nuug.no/innmelding
Prat med oss på IRC-kanal: #nuug på irc.oftc.net
e-postliste: aktive at nuug.no
NUUGs kalender er tilgjengelig på iCalender-format via
https://nuug.no/adict/ical.php?organizer=NUUG.
Vel møtt!
_______________________________________________
interesserte mailing list
interesserte at nuug.no
https://lists.nuug.no/mailman/listinfo/interesserte
More information about the BUS
mailing list