Check out the new USENIX Web site.
LISA 2001, 15th Systems Administration Conference, December 2-7, 2001, San Diego, CA
LISA Home At a Glance Register/Hotel Tutorials Tech Sessions Workshops Exhibition Organizers Activities

Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Sunday, December 2, 2001    
Full-Day Tutorials
S1 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation

S2 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

S4 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington

S5 Linux System Administration
Joshua Jensen, Red Hat, Inc.

S7 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation

S8 Blueprints for High Availability: Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corporation

S9 Topics in UNIX and Linux System Administration
Evi Nemeth, University of Colorado; Ned McClain, Consultant; and Trent Hein, Consultant

Half-Day Tutorials - Morning
S10 SSH Introduction Through Implementation NEW
Steve Acheson, Cisco Systems, Inc.

S11 Perl for System Administration
David Blank-Edelman, Northeastern University College

Half-Day Tutorials - Afternoon
S15 Perl Saves the Day
David N. Blank-Edelman, Northeastern University

S16 Understanding and Implementing DHCP
Greg Kulosa, Consultant


S1 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation

Who should attend: System and network administrators who implement or maintain intrusion detection systems, managers charged with selecting and setting intrusion detection requirements, and anyone who wants to know the details of how to make intrusion detection work. Familiarity with TCP/IP networking is a plus.

In today's increasingly networked world, intrusion detection is essential for protecting resources, data, and reputation. It's a rapidly evolving field with several models and deployment methods from which to choose.

After taking this tutorial, attendees will understand the fundamental concepts of intrusion detection and will gain practical insights into designing, deploying, and managing intrusion detection systems in the real world.

Topics include:

  • Why intrusion detection?
  • ID and the organization
  • Intrusion detection basics
  • How attackers attempt to bypass IDS systems
  • Case studies for small, medium, and large deployments

Phil Cox (S1, M6) cox_phil is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the USENIX Association Magazine and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.




Mark Mellis (S1) mellis_mark Corporation based in the San Francisco Bay Area. Over the past two years, Mark has distinguished himself by assisting several of the premier Internet companies in responding to major network attacks, and in designing and implementing robust infrastructure to limit future exposure. Mark has established a reputation over the past seventeen years of achieving the highest level of customer satisfaction in the areas of Unix, Windows & NT, Macintosh, DNS, Internet and intra-net connectivity, SMTP email, and WAN technologies. Mark attended the University of Washington, where he studied Physics.

S2 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 8 and several other new topics.

Topics include:

  • Installing and upgrading
    • Architecting your facility
    • Choosing appropriate hardware
    • Planning your installation, filesystem layout, post-installation
    • Installing (and removing) patches and packages
  • Advanced features of Solaris 2
    • File systems and their uses
    • The /proc file system and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris

Upon completion of the course, attendees will know what the IETF has been up to lately, and what to expect in upcoming BIND releases. This tutorial will not be a rehash of prior material--new subjects will be covered.

Peter Baer Galvin (S2) galvin_peter is the chief technologist for Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is systems admnistration columnist for SunWorld, and is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and systems administration and has given talks at many conferences.



S4 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington

Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This tutorial won't propose one "perfect solution." Instead, it will try to raise all the questions you should ask in order to design the right solution for your needs.

Topics include:

  • Administrative domains: Who is responsible for what? What can users do for themselves?
  • Desktop services vs. farming
  • Disk layout
  • Free vs. purchased solutions: Do you write your own, or do you outsource?
  • Homogeneous vs. heterogeneous
  • Master database: What do you need to track, and how?
  • Policies to make your life easier
  • Push vs. pull: Do you force data to each host, or wait for a client request?
  • Quick replacement techniques: How to get the user back up in 5 minutes
  • Remote install/upgrade/patching: How can you implement lights-out operation? Handle remote user sites? Keep up with vendor patches?
  • Scaling and sizing: How do you plan?
  • Security vs. sharing
  • Single sign-on: Can one-password access to multiple services be secure?
  • Single system images: Should each user see everything the same way, or should each user's access to each service be consistent with his/her own environment?
  • Tools: What's free? What should you buy? What can you write yourself?

Lee Damon (S4) damon_lee holds a B.S. in speech communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He co-developed departmental and company-wide UNIX environments for IBM, GulfStream Aerospace and QUALCOMM. He is now working in the EE Department at the University of Washington, and is helping to develop the Nikola UNIX infrastructure there.


S5 Linux System Administration
Joshua Jensen, Red Hat, Inc.

Who should attend: System administrators who plan to implement a Linux solution in a production environment. Attendees should be familiar with the basics of system administration in a UNIX/Linux environment: user-level commands, administration commands, and TCP/IP networking. Both novice and intermediate administrators should leave the tutorial having learned something.

From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable on other platforms. Starting with a single server and finishing with a multi-server, 1000+ user environment, case studies will provide practical information for using Linux in the real world.

Topics include:

  • Installation features
  • Disk partitioning and RAID
  • Networking
  • User accounts
  • Services
  • NFS and NIS
  • Security through packet filtering and SSH
  • New developments (journaling file systems, VPNs, and more)

At the completion of the tutorial, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The tutorial will be conducted in an open manner that allows for question-and-answer interruption.

Joshua Jensen jensen_joshua (S5) and examiner, and has been with Red Hat for 3 years. In that time he has written and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, and the Red Hat Certified Engineer course and exam. Joshua has worked with Linux for six years, and has been teaching Cisco Internetworking and Linux courses since 1998.




S7 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation

Who should attend: Network, system, and firewall administrators; security auditors and those who are audited; people involved with responding to intrusions or responsible for network-based applications or systems that might be targets for crackers (determined intruders). Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

Network-based host intrusions, whether they come from the Internet, an extranet, or an intranet, typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the ways crackers perform these activities, what protocols and tools they use, and a number of current methods and exploits. You'll learn how to generate vulnerability profiles of your systems. Additionally, we'll review some important management policies and issues.

We'll focus primarily on tools that exploit many of the common TCP/IP-
based protocols that underlie virtually all Internet applications, including Web technologies, network management, and remote file systems. Some topics will be addressed at a detailed technical level. We'll concentrate on examples drawn from public-domain tools that are widely available and commonly used by crackers.

Topics include:

  • Profiles: what can an intruder determine about your site remotely?
  • Review of profiling methodologies: different "viewpoints" generate different types of profiling information
  • Techniques: scanning, online research, TCP/IP protocol "mis"uses, denial of service, cracking clubs
  • Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
  • Tools: scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, SSLeay/upget
  • Defining management policies to minimize intrusion risk

Topics not covered:

  • Social engineering
  • Buffer overflow exploits
  • Browser (frame) exploits
  • Shell privilege escalation

Brad Johnson (S7, M6) johnson_brad is a vice president of SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the field of secure distributed systems and has recently served as a technical advisor to both Dateline NBC and CNN on network security matters. He has participated in seminal industry initiatives, including the Open Software Foundation, X/Open, and the IETF, and has often published about open systems.Brad was one of the original members of the OSF DCE Evaluation Team. He has a B.A. in computer science from Rutgers University and an M.S. from Lesley College.

S8 Blueprints for High Availability: Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corporation

Who should attend: Beginning and intermediate UNIX system and network administrators, and UNIX developers concerned with building applications that can be deployed and managed in a highly resilient manner. A basic understanding of UNIX system programming, UNIX shell programming, and network environments is required.

This tutorial will explore procedures and techniques for designing, building, and managing predictable, resilient UNIX-based systems in a distributed environment. We will discuss the trade-offs among cost, reliability, and complexity.

Topics include:

  • What is high availability? Who needs it?
  • Defining uptime and cost; "big rules" of system design
  • Disk and data redundancy; RAID and SCSI arrays
  • Host redundancy in HA configs
  • Network dependencies
  • Application system programming concerns
  • Anatomy of failovers: applications, systems, management tools
  • Planning disaster recovery sites and data updates
  • Security implications
  • Upgrade and patch strategies
  • Backup systems: off-site storage, redundancy, and disaster recovery
  • Managing the system: managers, processes, verification

Evan Marcus (S8) marcus_evan is a senior systems engineer and high availability specialist with VERITAS Software Corporation. Evan has more than 12 years of experience in UNIX systems administration. While employed at Fusion Systems and OpenVision Software, Evan worked to bring the first high availability software application for SunOS and Solaris to market. Evan is the author of several articles and talks on the design of high availability systems.



S9 Topics in UNIX and Linux System Administration
Evi Nemeth, University of Colorado; Ned McClain, Consultant; and Trent Hein, Consultant

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics spread throughout the day.

Logical Volume Management for Linux: Logical volume support for Linux has brought storage flexibility and high availability to the masses. By abstracting physical storage devices, logical volumes let you grow and shrink partitions, efficiently back up databases, and much more. We'll talk about Linux LVM, what you need to get it up and running, and how to take advantage of its many features.

Security Packet Filtering Primer: What does the word "firewall" really mean, and how do you set up a packet filter list to implement a basic one? We'll teach you the dos and don'ts of creating a tough packet filter, and talk specifically about capabilities of packages available for Linux.

What's New in BIND9? BINDv9 includes a long laundry list of features needed for modern architectures, huge zones, machines serving a zillion zones, co-existence with PCs, security, and IPv6--specifically, dynamic update, incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME records. We'll talk about the gory details of these new features.

Policy and Politics: Many of the policies and procedures followed at a site are carefully filed in the sysadmin's head. With the worldwide Net invading your local site, these secrets need to be written down, run by lawyers, and followed by your sysadmin staff. We will discuss approaches to these tasks, both good and bad, and illustrate with war stories, sample policy agreements, and procedure checklists.

Security Crisis Case Studies: Before your very eyes, we'll dissect a set of security incident case studies using many tools available on your system or from the Net. We'll specifically examine how to avoid common security-incident pitfalls.

Network Server Performance Tuning: Instead of throwing expensive hardware at a performance problem, consider that kernel and application tuning can yield a performance improvement of several hundred percent. We'll focus on Linux kernel and system tuning, but most of what we cover applies to other UNIX platforms as well.

Evi Nemeth (S9), a faculty member in computer science nemeth_evi at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.




Ned McClain (S9) is a lead engineer at XOR Network mcclain_ned Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.




Trent R. Hein (S9) is co-author of the best-selling UNIX hein_trent System Administration Handbook, and its Linux-focused counterpart, due in bookstores late this year. He has been teaching tutorials on system administration at USENIX conferences since 1989, and lately spends most of his time pondering security methodology for the corporate environment. Trent is Cisco CCIE-certified and is often known to obsess over system and network performance issues.



S10 SSH Introduction Through Implementation NEW
Steve Acheson, Cisco Systems, Inc.

SSH, the Secure Shell program, has matured into a popular and powerful tool for secure system access and securely performing remote functions such as rdist. This tutorial will help you navigate the many SSH features and related software and will show how to use SSH in a large networked environment.

Topics include:

  • SSH features and authentication methods
  • Overview of the different versions (both public and commercial)
  • How to secure X11 connections using SSH
  • How to do secure port forwarding with SSH
  • Software available for use with SSH (e.g., rdist, rsync)
  • How to impliment SSH in a large networked environment

Steve Acheson (S10) is currently a Computer Security acheson_steve_b&w Analyst at Cisco Systems, Inc. where he is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Prior to working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field as a System Administrator, Network Engineer and Security Analyst for over 10 years.



S11 Perl for System Administration
David Blank-Edelman, Northeastern University College

Who should attend: System administrators with at least advanced-beginner to intermediate experience with Perl who would like a clear understanding of how to use Perl to make their jobs easier.

Perl was originally created to help with system administration, so it is a wonder that there's not more instructional material available. This tutorial aims to remedy this situation by presenting a solid three hours of instruction on using Perl for system administration. You are also likely to deepen your knowledge of Perl.

Based on the instructor's just-published O'Reilly book, this tutorial will take a multi-platform approach to the subject. We'll be exploring cutting-edge and old standby system-administration topics as they manifest themselves on both UNIX and Windows NT/2000 platforms.

Topics include:

  • Secure Perl scripting
  • Files and file systems (including source control, XML, databases, and log files)
  • SQL databases via DBI and ODBC
  • Email as a system administration tool (including spam analysis)
  • Network directory services (including NIS, DNS, LDAP, and ADSI)
  • Network management (including SNMP and WBEM)

David N. Blank-Edelman (S11, S15) is the Director of blank-edelman Technology at the Northeastern University College of Computer Science and the author of the new O'Reilly book Perl for System Administration. He has spent the last 14 years as a system/network administrator in large multi-platform environments including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal and has written many magazine articles on world music.




S15 Perl Saves the Day
David N. Blank-Edelman, Northeastern University

Who should attend: People with system administration duties, advanced-beginner to intermediate Perl experience, and a desire to make their jobs easier and less stressful in times of sysadmin crisis.

Perl is an excellent language for rapid development and prototyping. Thanks to the power of the core language and the large body of additional modules, it is often possible to write programs quickly to solve pressing problems. System administrators have no shortage of pressing problems, so knowing how to wield this "swiss-army chain saw" can be a lifesaver.

This tutorial will be centered around a set of "battle stories" and the Perl source code used to deal with them. The code presented in this class will be mostly UNIX-based, though the approaches we'll talk about won't be operating-system-specific. Attendees will leave this class with new ideas for writing small Perl programs to get out of big sysadmin pinches.

David N. Blank-Edelman (S11, S15) is the Director of blank-edelman Technology at the Northeastern University College of Computer Science and the author of the new O'Reilly book Perl for System Administration. He has spent the last 14 years as a system/network administrator in large multi-platform environments including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal and has written many magazine articles on world music.



S16 Understanding and Implementing DHCP
Greg Kulosa, Consultant

Who should attend: Anyone with networked TCP/IP clients who wants to distribute network information to those clients automatically. Attendees should have a basic knowledge of TCP/IP and typical network setup. Attendees should also understand procedures for installing and working with their operating system.

DHCP can be used to distribute IP address, router, DNS, WINS, and other information to network clients, without having to manually configure each machine.

Topics include:

  • DHCP protocol in depth
  • Detailed coverage of ISC DHCP server
    • Failover protocol and how to configure
    • Dynamic DNS configuration
    • Classes
    • Conditional behavior (if, then)
    • Allowing or denying specific hosts
    • Allowing or denying by host type or sending specific options to certain host types
  • Relay agents and Relay Agent Information Option
  • Common DHCP clients
  • Debugging tips

Greg Kulosa (S16) has been a Unix Systems Administra kulosa_greg tor for 10+ years. He is currently a Senior consultant, solving a myriad of host and networking problems for a variety of clients. He has rolled out DHCP to networks from 2 to 1500 machines (Windows, Macintosh, Linux, Solaris 2.xclients).





?Need help? Use our Contacts page.
Last changed: 21 November 2001 ml
LISA 2001 index
Events calendar
USENIX home