From 219b9379d173dfc3e091bd8ef6431b26825056f5 Mon Sep 17 00:00:00 2001 From: Jan Altenberg Date: Thu, 24 Feb 2011 16:03:09 +0100 Subject: Introduced a basic chapter about the X windows system: XFree <-> Xorg The X protocol What is a Windowmanager? Starting X What is a Display Manager? --- images/x_arch.png | Bin 0 -> 46705 bytes images/x_arch.svg | 491 +++++++++++++++++++++++++++++++++++++++++++++ images/x_server_client.dia | Bin 0 -> 1532 bytes images/x_server_client.png | Bin 0 -> 25159 bytes 4 files changed, 491 insertions(+) create mode 100644 images/x_arch.png create mode 100644 images/x_arch.svg create mode 100644 images/x_server_client.dia create mode 100644 images/x_server_client.png (limited to 'images') diff --git a/images/x_arch.png b/images/x_arch.png new file mode 100644 index 0000000..efcb014 Binary files /dev/null and b/images/x_arch.png differ diff --git a/images/x_arch.svg b/images/x_arch.svg new file mode 100644 index 0000000..fab22ef --- /dev/null +++ b/images/x_arch.svg @@ -0,0 +1,491 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + Hardware + + + + Linux + DRM + + DRI + X Server + + + + + diff --git a/images/x_server_client.dia b/images/x_server_client.dia new file mode 100644 index 0000000..f449f29 Binary files /dev/null and b/images/x_server_client.dia differ diff --git a/images/x_server_client.png b/images/x_server_client.png new file mode 100644 index 0000000..173a647 Binary files /dev/null and b/images/x_server_client.png differ -- cgit v1.2.3 From 664ec7412576bc7e756c407574e1a1f73f3d3c95 Mon Sep 17 00:00:00 2001 From: Holger Dengler Date: Tue, 9 Oct 2012 11:49:22 +0200 Subject: Flash-Memory: new Technology presentation This new technology presentation describes the Flash-Memory technology, the functional principles and the side effects. It can be used as an introduction to a one-day session about Flash-Memory and Flash-Filesystems. Signed-off-by: Holger Dengler --- flash-memory/technology/Makefile | 9 ++ flash-memory/technology/pres_technology_en.tex | 181 +++++++++++++++++++++++++ images/fmtech-fgmos.png | Bin 0 -> 10189 bytes images/fmtech-read.png | Bin 0 -> 61131 bytes images/fmtech-read_disturb.png | Bin 0 -> 88711 bytes images/fmtech-single_erase.png | Bin 0 -> 15836 bytes images/fmtech-single_program.png | Bin 0 -> 27205 bytes images/fmtech-single_read.png | Bin 0 -> 24939 bytes images/fmtech-write.png | Bin 0 -> 65468 bytes images/fmtech-write_disturb.png | Bin 0 -> 92603 bytes images/fmtech.odg | Bin 0 -> 15306 bytes 11 files changed, 190 insertions(+) create mode 100644 flash-memory/technology/Makefile create mode 100644 flash-memory/technology/pres_technology_en.tex create mode 100644 images/fmtech-fgmos.png create mode 100644 images/fmtech-read.png create mode 100644 images/fmtech-read_disturb.png create mode 100644 images/fmtech-single_erase.png create mode 100644 images/fmtech-single_program.png create mode 100644 images/fmtech-single_read.png create mode 100644 images/fmtech-write.png create mode 100644 images/fmtech-write_disturb.png create mode 100644 images/fmtech.odg (limited to 'images') diff --git a/flash-memory/technology/Makefile b/flash-memory/technology/Makefile new file mode 100644 index 0000000..d641258 --- /dev/null +++ b/flash-memory/technology/Makefile @@ -0,0 +1,9 @@ +all: + for pdf in `ls -1 *.tex` ; do \ + TEXINPUTS=`pwd`/../..:.:..:$(TEXINPUTS) pdflatex $$pdf; \ + TEXINPUTS=`pwd`/../..:.:..:$(TEXINPUTS) pdflatex $$pdf; \ + done + +clean: + rm -f *.aux *.log *.pdf *.log *.snm *.toc *.vrb *.nav *.out + diff --git a/flash-memory/technology/pres_technology_en.tex b/flash-memory/technology/pres_technology_en.tex new file mode 100644 index 0000000..546a1be --- /dev/null +++ b/flash-memory/technology/pres_technology_en.tex @@ -0,0 +1,181 @@ +\def\lximg{/usr/share/lx/icons/fueller.png} + +\input{configpres} + +\subsection{Technology} + +\title{Flash-Memory Technology} +\maketitle + +\def\lximg{none} + +\begin{frame} +\frametitle{Contents} +\tableofcontents +\end{frame} + +\subsubsection{Structure and Function} +\begin{frame}[fragile] +\frametitle{Single Cell Structure} +\begin{itemize} +\item Base element: MOSFET with a floating gate (FGMOS) +\item Organization of cells in blocks and pages +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[scale=0.5]{images/fmtech-fgmos.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Read} +\begin{figure}[h] +\centering +\includegraphics[scale=0.4]{images/fmtech-single_read.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Write (Program)} +\begin{figure}[h] +\centering +\includegraphics[scale=0.4]{images/fmtech-single_program.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Erase} +\begin{figure}[h] +\centering +\includegraphics[scale=0.4]{images/fmtech-single_erase.png} +\end{figure} +\end{frame} + +\subsubsection{Flash-Memory Types} +\begin{frame}[fragile] +\frametitle{Overview} +\begin{itemize} +\item NOR +\item NAND +\item Single- and Multi-Level Cells +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{NOR} +\begin{itemize} +\item direct addressable +\item usable like RAM/ROM (direct attach to CPU) +\item pros: + \begin{itemize} + \item fault tolerant + \item high write-rate for small data + \end{itemize} +\item cons: + \begin{itemize} + \item low data density (multiple gates per bit) + \item low write-rate for large data + \item cost + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{NAND} +\begin{itemize} +\item matrix organization (blocks and pages) +\item addressing via controller logic +\item pros: + \begin{itemize} + \item cost + \item high data density (1 to many bits per gate) + \item high read-/write-rate for large data + \item no layout change in hardware for more capacity + \end{itemize} +\item cons: + \begin{itemize} + \item large effort for extensive Error Correction Codes (ECC) + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Data density} +\begin{itemize} +\item Single-Level Cells (SLC) + \begin{itemize} + \item ca. 100,000 write/delete cycles + \item pros: + \begin{itemize} + \item robust + \item low Error Correction Code (ECC) effort + \end{itemize} + \item cons: + \begin{itemize} + \item low data density + \end{itemize} + \end{itemize} +\end{itemize} +\pause +\begin{itemize} +\item Multi-Level Cells (MLC) + \begin{itemize} + \item ca. 3,000 to 10,000 write/delete cycles + \item pros: + \begin{itemize} + \item high data density + \end{itemize} + \item cons: + \begin{itemize} + \item expensive Error Correction Codes (ECC) like BCH + \item wear prone + \item low read-rate + \end{itemize} + \end{itemize} +\end{itemize} +\end{frame} + +\subsubsection{NAND block operations and side effects} +\begin{frame}[fragile] +\frametitle{Read} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/fmtech-read.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Read Disturb} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/fmtech-read_disturb.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Write} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/fmtech-write.png} +\end{figure} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Write Disturb} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/fmtech-write_disturb.png} +\end{figure} +\end{frame} + +\subsection{} +\begin{frame} +\frametitle{References} +\begin{thebibliography}{99} +% \bibitem{FLASHMEM} David Woodhouse. Presentation \emph{Flash Memory}, 2012. http://david.woodhou.se/dwmw2-kr-2012-09.odp +\bibitem{FLASHMEM} David Woodhouse. Presentation \emph{Flash Memory}, 2012. +\href{http://david.woodhou.se/dwmw2-kr-2012-09.odp}{http://david.woodhou.se/dwmw2-kr-2012-09.odp} +\end{thebibliography} +\end{frame} + +\input{tailpres} diff --git a/images/fmtech-fgmos.png b/images/fmtech-fgmos.png new file mode 100644 index 0000000..ec62a31 Binary files /dev/null and b/images/fmtech-fgmos.png differ diff --git a/images/fmtech-read.png b/images/fmtech-read.png new file mode 100644 index 0000000..52bc039 Binary files /dev/null and b/images/fmtech-read.png differ diff --git a/images/fmtech-read_disturb.png b/images/fmtech-read_disturb.png new file mode 100644 index 0000000..51b3db4 Binary files /dev/null and b/images/fmtech-read_disturb.png differ diff --git a/images/fmtech-single_erase.png b/images/fmtech-single_erase.png new file mode 100644 index 0000000..7992cbd Binary files /dev/null and b/images/fmtech-single_erase.png differ diff --git a/images/fmtech-single_program.png b/images/fmtech-single_program.png new file mode 100644 index 0000000..4efeec2 Binary files /dev/null and b/images/fmtech-single_program.png differ diff --git a/images/fmtech-single_read.png b/images/fmtech-single_read.png new file mode 100644 index 0000000..3877201 Binary files /dev/null and b/images/fmtech-single_read.png differ diff --git a/images/fmtech-write.png b/images/fmtech-write.png new file mode 100644 index 0000000..d8ef79e Binary files /dev/null and b/images/fmtech-write.png differ diff --git a/images/fmtech-write_disturb.png b/images/fmtech-write_disturb.png new file mode 100644 index 0000000..84aaffa Binary files /dev/null and b/images/fmtech-write_disturb.png differ diff --git a/images/fmtech.odg b/images/fmtech.odg new file mode 100644 index 0000000..47f55e7 Binary files /dev/null and b/images/fmtech.odg differ -- cgit v1.2.3 From 65c7ea9b36e9505be25f4f7db5b5aac2cdda008e Mon Sep 17 00:00:00 2001 From: Holger Dengler Date: Thu, 18 Oct 2012 16:42:15 +0200 Subject: Security/vpn: New VPN Fasttrack Presentation This new VPN Fasttrack covers an overview and the basics of VPN. Some frames can be reused for the main presentation. Signed-off-by: Holger Dengler --- images/security-vpn-base.png | Bin 0 -> 48104 bytes images/security-vpn-scenario-a.png | Bin 0 -> 29408 bytes images/security-vpn-scenario-b.png | Bin 0 -> 26792 bytes images/security-vpn.odg | Bin 0 -> 14400 bytes security/TODO | 10 ++-- security/vpn/Makefile | 9 ++++ security/vpn/frm_product-openl2tp.tex | 17 ++++++ security/vpn/frm_product-openvpn.tex | 23 +++++++++ security/vpn/frm_product-overview.tex | 26 ++++++++++ security/vpn/frm_product-swan.tex | 20 ++++++++ security/vpn/frm_protocol-gre.tex | 11 ++++ security/vpn/frm_protocol-ipsec.tex | 15 ++++++ security/vpn/frm_protocol-overview.tex | 22 ++++++++ security/vpn/frm_protocol-tls.tex | 14 +++++ security/vpn/frm_rec-adhoc.tex | 11 ++++ security/vpn/frm_rec-dont-use.tex | 13 +++++ security/vpn/frm_rec-infratructure.tex | 11 ++++ security/vpn/frm_scene-a.tex | 12 +++++ security/vpn/frm_scene-b.tex | 11 ++++ security/vpn/pres_vpn-fasttrack_en.tex | 91 +++++++++++++++++++++++++++++++++ 20 files changed, 311 insertions(+), 5 deletions(-) create mode 100644 images/security-vpn-base.png create mode 100644 images/security-vpn-scenario-a.png create mode 100644 images/security-vpn-scenario-b.png create mode 100644 images/security-vpn.odg create mode 100644 security/vpn/Makefile create mode 100644 security/vpn/frm_product-openl2tp.tex create mode 100644 security/vpn/frm_product-openvpn.tex create mode 100644 security/vpn/frm_product-overview.tex create mode 100644 security/vpn/frm_product-swan.tex create mode 100644 security/vpn/frm_protocol-gre.tex create mode 100644 security/vpn/frm_protocol-ipsec.tex create mode 100644 security/vpn/frm_protocol-overview.tex create mode 100644 security/vpn/frm_protocol-tls.tex create mode 100644 security/vpn/frm_rec-adhoc.tex create mode 100644 security/vpn/frm_rec-dont-use.tex create mode 100644 security/vpn/frm_rec-infratructure.tex create mode 100644 security/vpn/frm_scene-a.tex create mode 100644 security/vpn/frm_scene-b.tex create mode 100644 security/vpn/pres_vpn-fasttrack_en.tex (limited to 'images') diff --git a/images/security-vpn-base.png b/images/security-vpn-base.png new file mode 100644 index 0000000..6afb889 Binary files /dev/null and b/images/security-vpn-base.png differ diff --git a/images/security-vpn-scenario-a.png b/images/security-vpn-scenario-a.png new file mode 100644 index 0000000..85141ab Binary files /dev/null and b/images/security-vpn-scenario-a.png differ diff --git a/images/security-vpn-scenario-b.png b/images/security-vpn-scenario-b.png new file mode 100644 index 0000000..473b03f Binary files /dev/null and b/images/security-vpn-scenario-b.png differ diff --git a/images/security-vpn.odg b/images/security-vpn.odg new file mode 100644 index 0000000..6522f6a Binary files /dev/null and b/images/security-vpn.odg differ diff --git a/security/TODO b/security/TODO index deb59a1..60818db 100644 --- a/security/TODO +++ b/security/TODO @@ -9,18 +9,18 @@ Firewall section - validation VPN section -- Fasttrack +- Fasttrack (done) - Presentation (full) - How VPNs work (done) - - Protokol and Authentication Overview + - Protokol and Authentication Overview (done) - foreach(Protocol) - Authentication - - Products + - Products (done) - Pros and Cons - examples - Use case dependant solutions - - Central VPN Server - - Distributed VPN Server + - Central VPN Server (done) + - Distributed VPN Server (done) - Company-wide infrastructure - dynamic VPNs - Cross-Company boundaries diff --git a/security/vpn/Makefile b/security/vpn/Makefile new file mode 100644 index 0000000..7d530a5 --- /dev/null +++ b/security/vpn/Makefile @@ -0,0 +1,9 @@ +all: + for pdf in `ls -1 handout_*.tex pres_*.tex` ; do \ + TEXINPUTS=`pwd`/../..:.:..:$(TEXINPUTS) pdflatex $$pdf; \ + TEXINPUTS=`pwd`/../..:.:..:$(TEXINPUTS) pdflatex $$pdf; \ + done + +clean: + rm -f *.aux *.log *.pdf *.log *.snm *.toc *.vrb *.nav *.out + diff --git a/security/vpn/frm_product-openl2tp.tex b/security/vpn/frm_product-openl2tp.tex new file mode 100644 index 0000000..6afc9b9 --- /dev/null +++ b/security/vpn/frm_product-openl2tp.tex @@ -0,0 +1,17 @@ +\begin{frame}[fragile] +\frametitle{openL2TP} +\begin{itemize} +\item configurable to use Internet Protocol Security (IPsec) +\item Pros: + \begin{itemize} + \item easy configuration + \item integration in existing Network infrastructures (e.g. NAT) + \item good security level (depends on configuration) + \end{itemize} +\item Cons: + \begin{itemize} + \item scalability + \item not recommended for Infrastructure installations + \end{itemize} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_product-openvpn.tex b/security/vpn/frm_product-openvpn.tex new file mode 100644 index 0000000..9804aee --- /dev/null +++ b/security/vpn/frm_product-openvpn.tex @@ -0,0 +1,23 @@ +\begin{frame}[fragile] +\frametitle{openVPN} +\begin{itemize} +\item based on Transport Layer Security (TLS/SSL) +\item support Routing and Bridging +\item Authentication: + \begin{itemize} + \item Pre-shared Keys (PSK) + \item Username/Password + \item Based on certificates + \end{itemize} +\item Pros: + \begin{itemize} + \item flexible configuration + \item easy integration in existing Network infrastructures (e.g. NAT) + \item high security level + \end{itemize} +\item Cons: + \begin{itemize} + \item None + \end{itemize} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_product-overview.tex b/security/vpn/frm_product-overview.tex new file mode 100644 index 0000000..3f1be31 --- /dev/null +++ b/security/vpn/frm_product-overview.tex @@ -0,0 +1,26 @@ +\begin{frame}[fragile] +\frametitle{VPN Product Overview} +\begin{itemize} +\item Internet Protocol Security (IPsec) + \begin{itemize} + \item openSWAN + \item strongSWAN + \item openL2TP + \item Mac OS X (built-in) + \end{itemize} +\item Transport Layer Security (TLS/SSL) + \begin{itemize} + \item openVPN + \end{itemize} +\item Point-to-Point Tunneling Protocol (PPTP) + \begin{itemize} + \item Poptop (pptpd) + \item Microsoft Windows XP and later (built-in) + \end{itemize} +\item Commercial Products + \begin{itemize} + \item various Closed Source Software Solutions (e.g. Cisco) + \item various Hardware-based Solutions (e.g. Juniper, Sophos) + \end{itemize} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_product-swan.tex b/security/vpn/frm_product-swan.tex new file mode 100644 index 0000000..925c147 --- /dev/null +++ b/security/vpn/frm_product-swan.tex @@ -0,0 +1,20 @@ +\begin{frame}[fragile] +\frametitle{free/open/strongSWAN} +\begin{itemize} +\item most flexible product: strongSWAN +\item based on Internet Protocol Security (IPsec) +\item support for IKEv1/v2, L2TP, and XAuth +\item Pros: + \begin{itemize} + \item flexible configuration + \item support for nearly all authentication methods described in standard + \item very high security level + \end{itemize} +\item Cons: + \begin{itemize} + \item complex configuration + \item setup requires knowledge of underlying Network topology + \item problems with IKEv1 in NAT topologies + \end{itemize} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_protocol-gre.tex b/security/vpn/frm_protocol-gre.tex new file mode 100644 index 0000000..d6c6c7c --- /dev/null +++ b/security/vpn/frm_protocol-gre.tex @@ -0,0 +1,11 @@ +\begin{frame}[fragile] +\frametitle{Generic Routing Encapsulation (GRE)} +\begin{itemize} +\item packet encapsulation in OSI Layer 3 +\item base encapsulation protocol for PPTP +\item easy configuration +\item easy integration in existing corporate-wide Network infrastructure and NAT +\item \emph{Warning}: security rating only sufficient with EAP +\item Please see: \url{http://www.heise.de/security/artikel/Der-Todesstoss-fuer-PPTP-1701365.html} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_protocol-ipsec.tex b/security/vpn/frm_protocol-ipsec.tex new file mode 100644 index 0000000..7f6a9c3 --- /dev/null +++ b/security/vpn/frm_protocol-ipsec.tex @@ -0,0 +1,15 @@ +\begin{frame}[fragile] +\frametitle{IPsec} +\begin{itemize} +\item packet encapsulation in OSI Layer 2 +\item Linux Kernel provides IPsec implementation +\item exploit Cryptographic Framework in Kernel +\item supported modes: + \begin{itemize} + \item Transport: only the payload is encrypted (IP header is left unchanged) + \item Tunneling: IP header and payload is encrypted + \end{itemize} +\item very high security rating +\item basis for large network-infrastructures +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_protocol-overview.tex b/security/vpn/frm_protocol-overview.tex new file mode 100644 index 0000000..1efd5ce --- /dev/null +++ b/security/vpn/frm_protocol-overview.tex @@ -0,0 +1,22 @@ +\begin{frame}[fragile] +\frametitle{VPN Protocol Overview} +\begin{itemize} +\item Internet Protocol Security (IPsec) + \begin{itemize} + \item Internet Key Exchange (IKEv1, IKEv2) + \item Layer 2 Tunneling Protocol (L2TP) + \item XAUTH + \end{itemize} +\item Transport Layer Security (TLS/SSL) + \begin{itemize} + \item TLS/SSL Authentication Methods + \end{itemize} +\item Proprietary Protocols + \begin{itemize} + \item Generic Routing Encapsulation (GRE) + \begin{itemize} + \item Point-to-Point Tunneling Protocol (PPTP) + \end{itemize} + \end{itemize} +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_protocol-tls.tex b/security/vpn/frm_protocol-tls.tex new file mode 100644 index 0000000..e806d23 --- /dev/null +++ b/security/vpn/frm_protocol-tls.tex @@ -0,0 +1,14 @@ +\begin{frame}[fragile] +\frametitle{Transport Layer Security (TLS/SSL)} +\begin{itemize} +\item packet encapsulation in OSI Layer 6 +\item use userspace libraries for encryption (openSSL) +\item easy integration in existing corporate-wide Network infrastructure and NAT +\item flexible solution +\item high security rating +\item loosely coupled with Operating Systems +\item single-port configuration possible +\end{itemize} + +\emph{Note: TLS v1.0 is also known as SSL v3.1} +\end{frame} diff --git a/security/vpn/frm_rec-adhoc.tex b/security/vpn/frm_rec-adhoc.tex new file mode 100644 index 0000000..240ffa9 --- /dev/null +++ b/security/vpn/frm_rec-adhoc.tex @@ -0,0 +1,11 @@ +\begin{frame}[fragile] +\frametitle{ad-hoc VPN Solution} +openVPN + +Reasons: +\begin{itemize} +\item Ease-of-Use +\item Best Effort-Benefit ratio +\item Security +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_rec-dont-use.tex b/security/vpn/frm_rec-dont-use.tex new file mode 100644 index 0000000..7e4b986 --- /dev/null +++ b/security/vpn/frm_rec-dont-use.tex @@ -0,0 +1,13 @@ +\begin{frame}[fragile] +\frametitle{Be careful!} +PPTP (pppd or OS built-in) + +Reasons: +\begin{itemize} +\item only a few configuration comply with the security requirements +\end{itemize} + +Once again: + +\url{http://www.heise.de/security/artikel/Der-Todesstoss-fuer-PPTP-1701365.html} +\end{frame} diff --git a/security/vpn/frm_rec-infratructure.tex b/security/vpn/frm_rec-infratructure.tex new file mode 100644 index 0000000..6730652 --- /dev/null +++ b/security/vpn/frm_rec-infratructure.tex @@ -0,0 +1,11 @@ +\begin{frame}[fragile] +\frametitle{VPN Infrastructure Solution} +strongSWAN or openSWAN + +Reasons: +\begin{itemize} +\item Configuration +\item Scalability +\item Security +\end{itemize} +\end{frame} diff --git a/security/vpn/frm_scene-a.tex b/security/vpn/frm_scene-a.tex new file mode 100644 index 0000000..485c8ba --- /dev/null +++ b/security/vpn/frm_scene-a.tex @@ -0,0 +1,12 @@ +\begin{frame}[fragile] +\frametitle{Central VPN Server} +\begin{enumerate} +\item Control Unit connects to VPN Server +\item Service Laptop connects to VPN Server +\item Establish routing from VPN1 to VPN2 on Server +\end{enumerate} +\begin{figure}[h] +\centering +\includegraphics[width=7cm]{images/security-vpn-scenario-a.png} +\end{figure} +\end{frame} diff --git a/security/vpn/frm_scene-b.tex b/security/vpn/frm_scene-b.tex new file mode 100644 index 0000000..c589940 --- /dev/null +++ b/security/vpn/frm_scene-b.tex @@ -0,0 +1,11 @@ +\begin{frame}[fragile] +\frametitle{Distributed VPN Server} +\begin{enumerate} +\item Service Laptop connects to Device +\item Service Laptop establish VPN to Device +\end{enumerate} +\begin{figure}[h] +\centering +\includegraphics[width=7cm]{images/security-vpn-scenario-b.png} +\end{figure} +\end{frame} diff --git a/security/vpn/pres_vpn-fasttrack_en.tex b/security/vpn/pres_vpn-fasttrack_en.tex new file mode 100644 index 0000000..0e831e5 --- /dev/null +++ b/security/vpn/pres_vpn-fasttrack_en.tex @@ -0,0 +1,91 @@ +\def\lximg{/usr/share/lx/icons/fueller.png} + +\input{configpres} + +\subsection{Virtual Private Network} + +\title{VPN Fasttrack} +\maketitle + +\def\lximg{none} + +\begin{frame} +\frametitle{Contents} +\tableofcontents +\end{frame} + +% ---------------------------- +\subsubsection{Fundamentals} + +\begin{frame}[fragile] +\frametitle{How VPNs work} +\begin{itemize} +\item Use existing network connections between devices +\item Encapsulate VPN network traffic +\item Transparent for applications and user +\end{itemize} +\begin{figure}[h] +\centering +\includegraphics[width=8cm]{images/security-vpn-base.png} +\end{figure} +\end{frame} + +% ---------------------------- +\subsubsection{Protocols} + +\input{security/vpn/frm_protocol-overview} +\input{security/vpn/frm_protocol-ipsec} +\input{security/vpn/frm_protocol-tls} +\input{security/vpn/frm_protocol-gre} + +% ---------------------------- +\subsubsection{Products} + +\input{security/vpn/frm_product-overview} +\input{security/vpn/frm_product-swan} +\input{security/vpn/frm_product-openl2tp} +\input{security/vpn/frm_product-openvpn} + +% ---------------------------- +\subsubsection{Recommendations} +\input{security/vpn/frm_rec-dont-use} +\input{security/vpn/frm_rec-infratructure} +\input{security/vpn/frm_rec-adhoc} + +% ---------------------------- +\subsubsection{Use Cases} +\input{security/vpn/frm_scene-a} +\input{security/vpn/frm_scene-b} + +% ---------------------------- +\subsubsection{Related Links} + +\begin{frame} +Starting point on Wikipedia +\begin{itemize} +\item \url{http://en.wikipedia.org/wiki/Virtual_private_network} +\end{itemize} +VPN Background articles (in german) +\begin{itemize} +\item \url{http://heise.de/-270796} +\item \url{http://heise.de/-270056} +\end{itemize} +Documentation +\begin{itemize} +\item \url{http://www.linuxtopia.org/online_books/linux_administrators_security_guide/index.html} +\end{itemize} +\end{frame} + +\begin{frame} +Products: +\begin{itemize} +\item \url{http://www.strongswan.org/} +\item \url{http://www.openswan.org/} +\item \url{http://openvpn.net} +\item \url{http://www.openl2tp.org/} +\item \url{http://poptop.sourceforge.net/} +\end{itemize} +\end{frame} + +\subsection{} +\input{tailpres} -- cgit v1.2.3 From 5943fbf9f9b0ed3aaf4c4a1a008320d5a170be5e Mon Sep 17 00:00:00 2001 From: Jan Altenberg Date: Fri, 25 Jan 2013 17:35:35 +0100 Subject: Initial version of ELBE usage slides --- distribution/elbe-usage/pres_elbe-usage_en.tex | 423 +++++++++++++++++++++++++ images/elbe-process.png | Bin 0 -> 37051 bytes images/emu-process.png | Bin 0 -> 11200 bytes 3 files changed, 423 insertions(+) create mode 100644 images/elbe-process.png create mode 100644 images/emu-process.png (limited to 'images') diff --git a/distribution/elbe-usage/pres_elbe-usage_en.tex b/distribution/elbe-usage/pres_elbe-usage_en.tex index 01ffda8..be63d54 100644 --- a/distribution/elbe-usage/pres_elbe-usage_en.tex +++ b/distribution/elbe-usage/pres_elbe-usage_en.tex @@ -7,6 +7,429 @@ \begin{frame} \frametitle{What is ELBE?} +ELBE is a Debian based system to generate root-filesystems for embedded devices \end{frame} +\begin{frame}[fragile] +\frametitle{How to install ELBE} +\begin{verbatim} +# On a Debian based system +$ echo 'deb http://debian.linutronix.de/elbe \ +squeeze main' >> /etc/apt/sources.list +$ aptitude install elbe +\end{verbatim} +Or get the latest source from github: +\begin{verbatim} +git clone https://github.com/Linutronix/elbe.git +\end{verbatim} +\end{frame} + +\begin{frame} +\frametitle{ELBE: Overview} +\begin{itemize} +\item The Elbe system consists of the program elbe which is implemented in Python +\item Similar to git, it can be called with several sub commands +\item An Elbe project consists of an xml file that describes the project +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{ELBE: Documentation} +\begin{itemize} +\item Have a look at /usr/share/doc/elbe/ +\item Please read /usr/share/doc/elbe/elbeoverview-en.html +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{How ELBE works} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/elbe-process.png} +\end{figure} +\end{frame} + +\begin{frame} +\frametitle{How ELBE works} +\begin{figure}[h] +\centering +\includegraphics[width=10cm]{images/emu-process.png} +\end{figure} +\end{frame} + +\begin{frame} +\frametitle{The ELBE workflow} +\begin{enumerate} +\item Create an XML file +\item Create a project based on that XML file +\item Change to the project directory an run make +\end{enumerate} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE: command overview} +Create a new project: +\begin{verbatim} +elbe create \ + --directory /home/user/example example.xml +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE: start build} +\begin{verbatim} +cd /home/user/example +# Note: the next step might take a while +make +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE: Using the VM} +\begin{verbatim} +cd /home/user/example +make run +# or (without graphics) +make run-con +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format} +/usr/share/doc/elbe/examples/ contains a couple of examples: +\begin{verbatim} +$ ls -1 /usr/share/doc/elbe/examples/ +amd64-example.xml +arm-complex-example.xml.gz +arm-example.xml +i386-example.xml +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: Project setup} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + + ARMexample + 08.15 +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: Project setup} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + debian.tu-bs.de + /debian + http + + + http://debian.linutronix.de/elbe squeeze main + + + +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: Project setup} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + squeeze +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: Project setup} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + armel + 20G + 256 + qemu-system-arm + testrd + ttyAMA0,115200n1 + versatilepb + + smc91c111 + de:ad:be:ef:be:05 + + + + tcp + 22 + 5022 + + + + + +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: Defining a target} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + + myARM + tec.linutronix.de + foo + ttyS0,115200 + + + nfsroot.tar.gz + + + + + + build-essential + bash + less + git + debhelper + nfs-common + openssh-server + + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: finetuning} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + /usr/share/doc + /var_ro + /my/name/on/target + +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{The ELBE XML format: finetuning} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + cp /etc/passwd etc/ + +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame} +\frametitle{ELBE modes} +\begin{itemize} +\item default +\item norecommend (can be combined with any of the other modes): Don't install recommended packages +\item setsel: The resulting image will just contain dpkg. This mode offers a finegrained control on which packages should be installed +\item diet: Only copy files referenced in the package management. Only use this for small and simple root filesystems! +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE modes: Example} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + +... + + + + + bash + +... + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-setsel} +\begin{enumerate} +\item Create package list: +\begin{verbatim} +dpkg --get-selections > selections.list +\end{verbatim} +\item Import the package list to your xml file: +\begin{verbatim} +elbe setsel selections.list +\end{verbatim} +\end{enumerate} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Using a CDROM} +\begin{itemize} +\item Each ELBE build will create a CD-ROM image with the package (which have been used for the installation): install.iso +\item You can use this ISO image for future builds: +\begin{verbatim} + +/home/user/elbe-exmpl/install.iso + +\end{verbatim} +\item You can also use the elbe-setcdrom command +\end{itemize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-setcdrom} +\begin{verbatim} +$ elbe setcdrom mysqueeze.xml elbe-cd.iso +\end{verbatim} +This command removes all configured mirrors and additional urls from the XML file and sets the given ISO image as the only mirror. +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-chg\_archive} +It is possible to include an archive into the xml file, that is unpacked into the target root-filesystem after the finetuning step: +\begin{verbatim} +elbe chg_archive archive.tar.bz2 +\end{verbatim} +NOTE: The file must be a bzip2 compressed tar (.tar.bz2) +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-get\_archive} +It is also possible to extract an archive from an XML file: +\begin{verbatim} +elbe get_archive +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-show} +The elbe show command prints out some textual information about an ELBE xml file: +\begin{verbatim} +$ elbe show arm-example.xml +== arm-example.xml: ARMexample - version 08.15 == +Debian suite: squeeze/armel +[...] +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{ELBE command overview: elbe-xsdtoasciidoc} +Create an asciidoc documentation from an annotated XML Schema file +\begin{verbatim} +# Create asciidoc format +$ elbe xsdtoasciidoc --output=myasciidoc dbsfed.xsd +# Create HTML doc +$ asciidoc myasciidoc +\end{verbatim} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Creating UBI images} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + + + linux.img 1 + 0 + 60MB + + + 2048 + 1533 + 126976 + 128KiB + + static + + 0 + 4MiB + /boot/vmlinuz + + + dynamic + + 1 + 26MiB + + + +\end{lstlisting} +\end{scriptsize} +\end{frame} + +\begin{frame}[fragile] +\frametitle{Creating UBI images} +\lstset{language=XML} +\begin{scriptsize} +\begin{lstlisting} + + + + /opt + + ubifs + -x lzo + + rw + + + + / + + ubifs + -x lzo + + ro + + + proc + /proc + + proc + + + +\end{lstlisting} +\end{scriptsize} +\end{frame} \input{tailpres} diff --git a/images/elbe-process.png b/images/elbe-process.png new file mode 100644 index 0000000..3dedbee Binary files /dev/null and b/images/elbe-process.png differ diff --git a/images/emu-process.png b/images/emu-process.png new file mode 100644 index 0000000..f1b1107 Binary files /dev/null and b/images/emu-process.png differ -- cgit v1.2.3