DevConf.CZ 2019

Experience with security is a useful and even profitable skill for every technical and non-technical employee in IT. Contrary to common stereotypes, security is far more than black hoodies, math and crypto. It's also humans and communication skills.

Attendees of my talk DevConf.CZ 2018 talk and DevConf.IN key note have ask me how to get started. Let me introduce you to diverse areas of info sec and point you to books, online courses, talks, and other resources to get you started.

Looking for a simple way how to find vulnerable packages installed on your RHEL/Fedora systems? Vulnerability Metadata as a Service (VMaaS) is an API microservice that could fulfill this need.

VMaaS works as an repository and CVE metadata aggregator and provides these metadata in a stateless HTTP API. The microservice is deployable as an docker-compose or into an OpenShift environment. There is also a public deployment hosted by Red Hat.

This talk will summarize current state of the service and present a thin client tool to obtain vulnerabilities from the API.

In this session you will be presented with USB Guard functionality both CLI and GUI.

You will get:

* overall understanding of the concept
* knowledge to configure the service
* CLI how to
* rules structure explanation
* explanation of GUI applet
* hands on experiance

There will be slides presented to lead us through the steps and real examples will be shown.
You are encouraged to bring your laptop and any kind of USB device (mouse, flash stick, yubikey, ...) to try to set it up on your own.

What do you feel when you hear the term "Common Criteria"? Do you perceive
it as something complex and scary? It doesn't need to be. After attending
this talk, you will have a clear picture of what Common Criteria is, when,
why and how it is used, why it matters, and what is your role as a
developer in the process of acquiring Common Criteria Certification.
Equipped with this knowledge, you will better appreciate all that goes into
Common Criteria and how it makes products more secure.

Hear how open source is changing and affecting governments and institutions across the world. In this talk, we will go beyond stories with how open source is impacting governments and institutions to what is required of open source projects. Some code samples will be provided to show how to meet some of the basic requirements that governments have to be able to use open source software.

In this lab, you'll learn about the built-in security technologies in Red Hat Enterprise Linux. Specifically, you will do a series of hands on lab exercises on: OpenSCAP, SELinux, Network Bound Disk Encryption, USBGuard, IPsec to encrypt all host to host communication within an enterprise network, audit, Audit Intrusion Detection Environment (AIDE), Red Hat Identity Management, GNU Privacy Guard (GPG) ,and firewalld to dynamically manage firewall rules. Finally, you will make multiple configuration changes to your systems across different versions of Red Hat Enterprise Linux running in your environment, in an automated fashion using Red Hat Ansible Automation, using the Systems Roles feature.

If you want to participate in this hands-on lab, please be sure to bring a laptop to the event with a SSH client and web browser (Firefox with plugins disabled recommended).