Check out the new USENIX Web site.
LISA '02, 16th Systems Administration Conference, November 3-8, 2002, Philadelphia Marriott, Philadelphia, PA
LISA Home  | Register/Hotel  | Tutorials  | Tech Sessions  | Workshops  | Exhibition  | Organizers  | Activities/BoFs  | At a Glance
Register Now!
Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Sunday, November 3, 2002    

S1 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 8 and several other new topics.

Topics include:

  • Installing and upgrading
    • Architecting your facility
    • Choosing appropriate hardware
    • Planning your installation, filesystem layout, post-installation
    • Installing (and removing) patches and packages
  • Advanced features of Solaris
    • File systems and their uses
    • The /proc file system and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris

galvin_peter Baer Galvin (S1) is the Chief Technologist for Corporate Technologies, and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a columnist for SunWorld, and is coauthor of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions.


S2 Topics in UNIX and Linux Administration, Part 1 NEW
Trent Hein and Ned McClain, Applied Trust Engineering; Evi Nemeth, University of Colorado Emeritus

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics.

Topics include:

  • Logical Volume Management for Linux: Logical volume support for Linux has brought storage flexibility and high availability to the masses. By abstracting physical storage devices, logical volumes let you grow and shrink partitions, efficiently back up databases, and much more. We'll talk about Linux LVM, what you need to get it up and running, and how to take advantage of its many features.
  • Security Packet Filtering Primer: What does the word "firewall" really mean, and how do you set up a packet filter list to implement a basic one? We'll teach you the dos and don'ts of creating a tough packet filter, and talk specifically about capabilities of packages available for Linux.
  • What's New in BIND9? BINDv9 includes a long laundry list of features needed for modern architectures, huge zones, machines serving a zillion zones, co-existence with PCs, security, and IPv6­specifically, dynamic update, incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME records. We'll talk about the gory details of these new features.
  • Network Server Performance Tuning: Instead of throwing expensive hardware at a performance problem, consider that many performance problems are really due to misconfigured networks, systems, and applications. We'll focus on Linux and UNIX performance tuning, with an emphasis on low-cost, high-impact strategies and solutions.
  • Security Crisis Case Studies: Before your very eyes, we'll dissect a set of security incident case studies using many tools available on your system or from the Net. We'll specifically describe how to avoid common security-incident pitfalls.
  • Policy and Politics: Many of the policies and procedures followed at a site are carefully filed in the sysadmin's head. With the worldwide Net invading your local site, these secrets need to be written down, run by lawyers, and followed by your sysadmin staff. We will discuss approaches to these tasks, both good and bad, and illustrate with war stories, sample policy agreements, and procedure checklists.

hein_trent Trent Hein (S2, M2) is co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.


mcclain_ned Ned McClain (S2, M2), co-founder and CTO of Applied Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author to both the UNIX System Administration Handbook and the Linux Administration Handbook.


nemeth_evi Evi Nemeth (S2, M2) has retired from the computer science faculty at the University of Colorado, where she administered UNIX systems, both from the trenches and from the ivory tower. She is a co-author of the UNIX System Administration Handbook (now in its 3rd edition) and its green cousin, the Linux Administration Handbook. Evi is slowly learning what "retired" is supposed to mean, as she spends more time on her sailboat in the Caribbean and less time on computers, networks, and security.


S3 Linux System Administration
Joshua Jensen, Red Hat Inc.

Who should attend: System administrators who plan to implement a Linux solution in a production environment. Attendees should be familiar with the basics of system administration in a UNIX/Linux environment: user-level commands, administration commands, and TCP/IP networking. Both novice and intermediate administrators should leave the tutorial having learned something.

From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable on other platforms. Starting with a single server and finishing with a multi-server, 1000+ user environment, case studies will provide practical information for using Linux in the real world.

Topics include (with an emphasis on security):

  • Installation features
  • Disk partitioning and RAID
  • Networking
  • User accounts
  • Services
  • NFS and NIS
  • Security through packet filtering and SSH
  • New developments (journaling file systems, VPNs, and more)

At the completion of the tutorial, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The instructor invites questions during the presentation.

jensen_joshua_b&w Joshua Jensen (S3, T3) was the first Red Hat instructor and examiner, and has been with Red Hat for 4 years. In that time he has written and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Joshua has worked with Linux for 7 years, and has been teaching Cisco Internetworking and Linux courses since 1998.


S4 Intrusion Detection: Evaluation, Architecture, and Implementation NEW
Cory Scott, ABN-AMRO North America

Who should attend: System, network, and security administrators who understand the basics of IDS technologies and are interested in the details of deploying IDS in their organization. The class will also be attractive to managers who want to implement IDS.

Topics include:

  • How IDS fits into an IT organization
  • How to measure ROI and provide metrics for an IDS deployment. * How tointegrate incident response and other security initiatives
  • How to evaluate IDS technologies
    • Scoping a pilot project
    • Building a test environment.
  • Risk assessment
  • Threat modeling
  • Architecture review of IDS deployments
  • Data collection issues
    • Bandwidth feasibility for network-based IDS
    • log aggregation for host-based IDS
  • How to deal with the intrusion detection community
  • Overview of future IDS technologies

Whenever possible, the tutorial will cover a range of potential environments, from large networks to smaller deployments. The instructor invites attendees to email him before the conference with particular implementation questions or concerns and he will attempt to cover them during class.

scott_cory_BW Cory Scott (S4) has extensive experience in information systems and security and years of experience in network and systems security architecture, as well as operational experience in several demanding datacenters. Currently he is a manager of systems and security at ABN-AMRO North America. Previously he was a security consultant, performing assessment, penetration testing, and intrusion detection research. He has a CISSP certification, with speaking engagements at Blackhat Briefings and SANS. As a technical editor and writer, he has worked on several security publications, including recent technical reviews of "Know Your Enemy: The Honeynet Project" and NIST's "Special Publication on Intrusion Detection Systems."


S5 Hacking and Securing Web-Based Applications NEW
David Rhoades, Maven Security Consulting

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.

With numerous real-world examples, this informative and entertaining course is based on fact and experience, not theory. The course material is presented in a step-by-step approach, and will apply to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.

Topics include:

  • Information-gathering attacks: How hackers read between the lines
  • User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
  • User sign-off process: Are users really signed off?
  • OS & Web server weaknesses: buffer overflows and default material
  • Encryption: Finding the weakest link
  • Session tracking
    • URL rewriting, basic authentication, and cookie: strengths and weaknesses
    • Session cloning, IP hopping, and other subtle dangers
    • A recipe for strong session IDs
  • Authentication: server, session,
    transactional
  • Transaction-level issues
    • Hidden form elements
    • Unexpected user input
    • GET vs. POST
    • JavaScript filters
    • Improper server logic

Rhoades_David_BW David Rhoades (S5) is president of Maven Security Consulting Inc.Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the U.S .and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from the Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).


S6 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques NEW
Aeleen Frisch, Exponential Consulting

Who should attend: System administrators who want to explore new ways of automating administrative tasks. Shell scripts are appropriate for many jobs, but more complex operations will often benefit from sophisticated tools.

Topics include:

  • Automating installations
    • Vendor-supplied tools
    • Alternative approaches
    • State-of-the-art package control
    • A heterogeneous environment
  • Mark Burgess's cfengine package
    • Installations and beyond
    • "Self-healing" system configurations
    • Other uses
    • cfengine limitations and how to overcome them
  • Don Libes's Expect package for automating interactive procedures
    • What to Expect . . .
    • Using Expect with other tools
    • Security issues
  • Amanda, an enterprise backup management facility
    • Prerequisites
    • Configuration
    • Getting the most from Amanda
  • STEM, a new package for automating network operations
    • Understanding the context and tool capabilities
    • Example applications
    • Performance and scaling

We'll conclude the course with a shell scripts redux covering some shell features you may not have heard of (and a bit of Perl, too).

frisch_aeleenbw Aeleen Frisch (S6, M3, T11) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).


S7 Blueprints for High Availability: Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corp.

Who should attend: Beginning and intermediate UNIX system and network administrators, and UNIX developers concerned with building applications that can be deployed and managed in a highly resilient manner. A basic understanding of UNIX system programming, UNIX shell programming, and network environments is required.

This tutorial will explore procedures and techniques for designing, building, and managing predictable, resilient UNIX-based systems in a distributed environment. We will discuss the trade-offs among cost, reliability, and complexity.Topics include:

  • What is high availability? Who needs it?
  • Defining uptime and cost; "big rules" of system design
  • Disk and data redundancy; RAID and SCSI arrays
  • Host redundancy in HA configs
  • Network dependencies
  • Application system programming concerns
  • Anatomy of failovers: applications, systems, management tools
  • Planning disaster recovery sites and data updates
  • Security implications
  • Upgrade and patch strategies
  • Backup systems: off-site storage, redundancy, and disaster recovery
  • Managing the system: managers, processes, verification
marcus_evan Evan Marcus (S7, M10) is a Senior Systems Engineer and High Availability Specialist with VERITAS Software Corporation. Evan has more than 14 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).


S8 Administering Veritas NetBackup
W. Curtis Preston, The Storage Group

Who should attend: System administrators involved in the design, implementation, and administration of Veritas NetBackup. Participants who are not yet using NetBackup should review NetBackup documentation before attending this session.

Anyone who has implemented a medium-to-large installation of any commercial backup software package understands the challenges that such a project will face. This tutorial focuses on the challenges unique to Veritas NetBackup, with heavy emphasis on configuring NetBackup in such a way that it will be easier to automate, easier to monitor and make reports from, takes full advantage of your storage resources, and, above all, ensures that your data is being protected properly. The tutorial will also answer the questions that all NetBackup administrators find themselves asking and will provide scripts to automate NetBackup.

Topics include (with an emphasis on decisions to be made):

  • NetBackup architecture
  • System design
  • Commonly used (and misunderstood) commands
  • System automation
  • frequently asked questions, including:
    • How do I do offsite tape duplication? Is bpvault worth it?
    • Why can't I delete this tape?
    • Can NetBackup tell me when I'm low on volumes, instead of waiting until I'm out?
    • How do I automate the importing, exporting, and labeling of library volumes?
    • How do I back up NAS systems?
    • Is there any way to manage the exclude lists centrally?

After completing this tutorial, participants will be able to answer all of these questions and will have the tools necessary to better automate their NetBackup installation. They will also be aware of common pitfalls and how to avoid them.

preston_curtis_b&w W. Curtis Preston (S8, S11) is the president of The Storage Group, Inc., a storage consulting firm focused on bridging the gap between customers and storage products. Curtis has ten years' experience designing storage systems for environments both large and small. Curtis has advised the major product vendors regarding product features and implementation methods. He is the administrator of the NetBackup and NetWorker FAQs and answers the "Ask The Experts" backup forum on SearchStorage.com. He is the author of O'Reilly's UNIX Backup & Recovery and Using SANs & NAS, as well as a monthly column in Storage Magazine.


S9 Perl for System Administration: The Networking Power Hours, Part 1 NEW
David N. Blank-Edelman, Northeastern University

Who should attend: System and network administrators with advanced-beginner to intermediate Perl skills (important prerequisite).

Now that we've offered several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this half-day course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll get you jump-started and then dive into the approaches, tools and methods you need to tame these areas with your existing Perl skills.

Topics include:

  • SNMP: How to query and configure SNMP v1- and 3-capable devices
  • Packet Play
    • Sniffing for specific packets
    • Creating packets with Perl
  • Network Monitoring and Mapping: Continuously monitoring a network and displaying the results

This final module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already available to solve this problem.

blank-edelman David N. Blank-Edelman (S9, S12) is the Director of Technology at the Northeastern University College of Computer Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.


S10 Introduction to Domain Name System Administration
William LeFebvre, CNN Internet Technologies

Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."

Topics include:

  • DNS and BIND
  • The DNS Name Hierarchy
  • The four components of DNS
  • Iterative vs. recursive querying
  • Essential resource records: SOA, A, PTR, CNAME, NS
  • Zone transfers and secondaries
  • Vendor-specific differences
lefebvre_bill William LeFebvre (S10, S13) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.


S11 Using SANs and NAS
W. Curtis Preston, The Storage Group

Who should attend: System administrators and system engineers responsible for the design and implementation of storage systems. Attendees should be aware of storage systems concepts; a basic familiarity with SAN and NAS is helpful but not required.

This tutorial will explain the differences and similarities between Storage Area Networks (SAN) and Network Attached Storage (NAS), including an explanation of why NAS is now competing with SAN in certain markets. It will also cover the myriad of backup and recovery options that each brings to the table, and the pros and cons of each of them. It will then offer guidelines on how to decide whether SAN or NAS is right for you.

Topics include:

  • SAN & NAS overview: why and what
  • SAN architecture overview
  • NAS architecture overview
  • Managing SANs
  • Backing up with SANs
  • Managing NAS
  • Backing up NAS

preston_curtis_b&w W. Curtis Preston (S8, S11) is the president of The Storage Group, Inc., a storage consulting firm focused on bridging the gap between customers and storage products. Curtis has ten years' experience designing storage systems for environments both large and small. Curtis has advised the major product vendors regarding product features and implementation methods. He is the administrator of the NetBackup and NetWorker FAQs and answers the "Ask The Experts" backup forum on SearchStorage.com. He is the author of O'Reilly's UNIX Backup & Recovery and Using SANs & NAS, as well as a monthly column in Storage Magazine.


S12 Perl for System Administration: The Networking Power Hours, Part 2 NEW
David N. Blank-Edelman, Northeastern University

Who should attend: System and network administrators with advanced-beginner to intermediate Perl skills (important prerequisite).

Now that we've offered several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this half-day course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll get you jump-started and then dive into the approaches, tools and methods you need to tame these areas with your existing Perl skills.

Part 1 (S9) is not a prerequisite for this class.

Topics include:

  • LDAP: How to use Perl to perform common LDAP operations.
  • Mail
    • Using Perl to send mail with SMTP
    • Using Perl to perform mail operations using POP3 and IMAP
    • Parsing mail
  • Potpourri
    • Parsing logs efficiently and effectively
    • How to roll your own daemons
    • Using encrypted transports from Perl

blank-edelman David N. Blank-Edelman (S9, S12) is the Director of Technology at the Northeastern University College of Computer Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.


S13 Intermediate Topics in Domain Name System Administration
William LeFebvre, CNN Internet Technologies

Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.

Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.

Topics include:

  • Subdomains and delegation
  • Resource records: NS, RP, MX, TXT, AAAA
  • Migration to BIND8
  • DNS management tools
  • DNS design
  • DNS and firewalls
lefebvre_bill William LeFebvre (S10, S13) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.


Monday, November 4, 2002    

M1 Exploring the Potential of LDAP
Gerald Carter, Hewlett Packard

Who should attend: Administrators and programmers interested in the potential of the Lightweight Directory Access Protocol (LDAP) and in exploring issues related to deploying an LDAP infrastructure. This tutorial is not a how-to for a specific LDAP server, nor is it an LDAP developers' course. Rather, it is an evaluation of the potential of LDAP to allow the consolidation of existing deployed directories. No familiarity with LDAP or other Directory Access Protocols will be assumed.

System administrators today run many directory services, though they may be called by such names as DNS and NIS. LDAP, the up-and-coming successor to the X500 directory, promises to allow administrators to consolidate multiple existing directories into one. Vendors across operating-system platforms are lending support.

Topics include:

  • The basics of LDAP
  • Current technologies employing LDAP services
  • Replacing NIS using LDAP
  • Integrating authentication mechanisms for other services (e.g., Apache, Sendmail, Samba) with LDAP
  • LDAP interoperability with other proprietary directory services, such as Novell's NDS and Microsoft's Active Directory
  • Programming tools and languages available for implementing LDAP support in applications

blank-edelman David N. Blank-Edelman (S9, S12) is the Director of Technology at the Northeastern University College of Computer Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.


M2 Topics in UNIX and Linux Administration, Part 2 NEW
Trent Hein and Ned McClain, Applied Trust Engineering; Evi Nemeth, University of Colorado Emeritus

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics. Part 1 is not a prerequisite to this class.

Topics include:

  • Efficient Server Log Management: Server and network device logs are one of the most useful sources of performance and security information. Unfortunately, system logs are often overlooked by organizations, out of either a lack of time or a preference for information from fancier intrusion detection systems. We present a set of open source tools and a unified strategy for securely managing centralized system logs.
  • What's New with Sendmail: Newer versions of sendmail ship with a wealth of features every system administrator should know about. From advanced virus and spam filtering (Milter), to IPv6, to improved LDAP and mailbox abstraction support, we discuss sendmail's hot new features, quirks, and tricks.
  • Performance Crisis Case Studies: Trying to squeeze more performance out of your existing environment? We'll walk you through the pathology of actual performance crisis situations we've encountered, and talk not only about how to fix them but also how to avoid them altogether. There's nothing like learning from real-world situations!
  • Security Tools: A new generation's worth of security management tools are on the loose. We'll help you understand how to use them to your advantage. We'll examine network scanning tools such as Nessus and nmap, as well as new tools to facilitate security forensics.
  • Site Localization and Management: Wouldn't it be nice if new system arrivals meant pushing a button and watching the localization work happen magically before your eyes? Imagine if systems at your site all shared a consistent configuration! We'll talk about modern tools for localization and mass deployment of systems, and how to keep systems up-to-date on a going forward basis.
  • Security Incident Recovery: You've been vigilant about your site's security, but the day still comes when you detect an intruder. How do you handle the situation, analyze the intrusion, and restore both security and confidence to your environment? This crash course in incident handling will give you the skills you need to deal with the unthinkable.

hein_trent Trent Hein (S2, M2) is co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.


mcclain_ned Ned McClain (S2, M2), co-founder and CTO of Applied Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author to both the UNIX System Administration Handbook and the Linux Administration Handbook.


M3 Administering Linux in Production Environments
Aeleen Frisch, Exponential Consulting

Who should attend: Current Linux system administrators and administrators from sites considering converting to or adding Linux systems.

This course will cover configuring and managing Linux computer systems in production environments. We will be focusing on the administrative issues that arise when Linux systems are deployed to address a variety of real-world tasks and problems arising in commercial and research-and-development contexts.

Topics include:

  • Recent kernel developments
  • High-performance I/O
    • Advanced filesystems and logical volumes
    • Disk striping
    • Optimizing I/O performance
  • Advanced compute-server environments
    • Beowulf
    • Clustering
    • Parallelization environments/facilities
    • CPU performance optimization
  • High-availability Linux: fault-tolerance options
  • Enterprise-wide authentication
  • Fixing the security problems you didn't know you had (or, what's good enough for the researcher/hobbyist won't do for you)
  • Automating installations and other mass operations
  • Linux in the office environment

frisch_aeleenbw Aeleen Frisch (S6, M3, T11) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).


M4 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington

Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This tutorial won't propose one "perfect solution." Instead, it will try to raise all the questions you should ask in order to design the right solution for your needs.

Topics include:

  • Administrative domains: Who is responsible for what? What can users do for themselves?
  • Desktop services vs. farming
  • Disk layout
  • Free vs. purchased solutions: Do you write your own, or do you outsource?
  • Homogeneous vs. heterogeneous
  • Master database: What do you need to track, and how?
  • Policies to make your life easier
  • Push vs. pull: Do you force data to each host, or wait for a client request?
  • Quick replacement techniques: How to get the user back up in 5 minutes
  • Remote install/upgrade/patching: How can you implement lights-out operation? Handle remote user sites? Keep up with vendor patches?
  • Scaling and sizing: How do you plan?
  • Security vs. sharing
  • Single sign-on: Can one-password access to multiple services be secure?
  • Single system images: Should each user see everything the same way, or should each user's access to each service be consistent with his/her own environment?
  • Tools: What's free? What should you buy? What can you write yourself?

damon_lee Lee Damon (M4) holds a B.S. in speech communication from Oregon State University. He has been a UNIX Systems Administrator since 1985, and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research, and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. He is a member of the SAGE Ethics Working Group, and was one of the commentators on the SAGE Ethics document. He has championed awareness of Ethics in the Systems Administration community, including writing it into policy documents.


M5 Practical Wireless IP: Concepts, Administration, and Security
Philip Cox and Brad C. Johnson, SystemExperts Corp.

Who should attend: Users, administrators, managers, and others interested in learning about some of the fundamental security and usage issues around wireless
IP services. This tutorial assumes some knowledge of TCP/IP networking and client/server computing, the ability or willingness to use administrative GUIs to set up a device, and a general knowledge of common laptop environments.

Whether you like it or not, wireless services are popping up everywhere. And you and your organization will be responsible for understanding and managing the devices you possess. Since the purpose of wireless is to share data when you aren't directly attached to a wired resource, you need to understand the fundamental security and usage options. In this tutorial we will cover a number of topics that affect you in managing and using wireless services. Some of the topics will be demonstrated live using popular wireless devices.

Topics include:

  • Cellular services basics
    • What's out there?
    • Who's using what?
    • What really matters?
  • Wireless LAN fundamentals
    • Architecture
    • Threats
    • 802.11b
    • Configuration examples
    • Antennas
  • Access points
    • Channels, placement
    • Bandwidth, aggregation
    • Congestion
    • Roaming, signals
    • General issues
    • Sniffers
    • Building your own access point
    • 802.11a

cox_phil Philip Cox (M5) is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT and on information security. He is the lead author of Windows 2000 Security Handbook 2nd edition from Osborne McGraw-Hill and contributing author to Windows NT/2000 Network Security from Macmillan Technical Publishing. Phil is also a featured columnist in the USENIX Association Magazine ;login:, and serves on the SANS NT Digest editorial board.


johnson_brad Brad C. Johnson (M5, T6) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has published often about open systems. Brad has served as a technical advisor to organizations such as Dateline NBC and CNN on security matters. He is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. Brad holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.


M6 Building a syslog Infrastructure
Tina Bird, Counterpane Internet Security

Who should attend: System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Although some review is provided, participants should be familiar with the UNIX and Windows operating systems and basic network security.

The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems.

Every device on your network--routers, servers, firewalls, application software--spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.

Topics include:

  • The extent of the audit problem: How much data are you generating every day, and how useful is it?
  • Logfile content: Improving the quality of the data in your logs
  • Logfile generation: syslog and its relatives, including building a central loghost, and integrating MS Windows systems into your UNIX log system
  • Log management: Centralization, parsing, and storing all that data
  • Legal issues: What you can do to be sure you can use your logfiles for human resources issues and for legal prosecutions

This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.

bird_tina Tina Bird (M6) is a network security architect at Counterpane Internet Security. She has implemented and managed a variety of wide-area-network security technologies and has developed, implemented and enforced corporate IS security policies. She is the moderator of the Virtual Private Networks mailing list, and the owner of "VPN Resources on the World Wide Web." Tina has a B.S. in physics from Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.


M7 Technical Tools for Creating Happy Users NEW
Tom Limoncelli, Lumeta, Inc., and Christine Hogan, Consultant

Who should attend: Anyone seeking to increase user happiness though better technology; especially those whose environments contain large numbers of users and/or desktops. If you are considering creating a helpdesk or find yourself being pushed to manage or create helpdesk-like functions, you'll find this tutorial especially useful.

This workshop will present technical solutions that contribute to making a good first impression on users and maintaining that relationship.

Topics include:

  • The importance of making a good first impression
  • Perception vs. visibility: "customers" vs. "users"
  • The secret to making users feel they are the center of the universe: an algorithm for ordering request priorities
  • How to make a good first impression always
    • The employee's first day
    • Every day
  • Technology that helps make a good first impression
    • The first-day checklist
    • Rapid PC deployment techniques (Ghost, JumpStart, AutoLoad, etc.)
    • Tools to improve homogeneity (cfengine, etc.)
  • Helpdesks (both real and virtual)
    • Pros and cons of formal helpdesks
    • How to create and manage a helpdesk
    • Survey of request and ticket systems
  • Customer care: the 9-step process for handling customer requests
  • Catching what's wrong before they do
    • Monitoring services
    • Historical trend analysis
    • Should you have a NOC?
  • Training every customer-facing person needs
limoncelli_tom_BW Tom Limoncelli (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is Director of Operations at Lumeta Corporation, where he is responsible for building and scaling the deployment systems. A sysadmin and network wonk since 1987, he has worked at Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.


hogan_christine_BW Christine Hogan (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is an independent consultant, currently studying for a Ph.D. at Imperial College, London. Previously employed by Synopsys and Global Networking and Computing (GNAC, Inc.), she serves as consultant to start-ups, e-commerce sites, bio-tech companies, and large multi-national hardware and software companies. Her system administration career began at the Department of Mathematics in Trinity College Dublin.


M8 SAN-Enable Your Backup System NEW
Jacob Farmer, Cambridge Computer Services

Who should attend: Anyone who is struggling with backup and restore, and anyone who anticipates growing his/her backup system in the next year.

Backup/restore is the killer app for storage area networks, and you do not need to have a SAN disk system in order to SAN-enable your backup system. This class takes an under-the-hood look at the surprisingly affordable SAN backup technology.

We focus on the conservative use of new technologies and how to get the best results from your budget. The course covers architectures and principles that will be relevant to any backup software.

Topics include:

  • Blocks, files, storage objects, and metadata
  • Block-level vs. file-level backups
  • 4 ways to take a snapshot
  • Storage interfaces and protocols in relation to backup
  • Tape-library sharing (a.k.a. LAN-free backup)
    • Specifying an affordable SAN infrastructure
    • Connecting existing tape devices on the SAN
  • Sizing and configuring SAN bridges and routers
  • Challenges of device addressing
  • Fibre-channel tape devices
  • Fail-over for backup connections
  • Directing backup traffic flow on the SAN
  • Tape-drive technology: AIT, LTO, DLT, STK
  • Disk-enabled backup
  • Disk-to-disk backup
  • Virtual tape and disk staging
  • "Serverless" backup and alternatives
  • High-performance NAS backup
    • Parallel file systems
    • NDMP (Network Data Management Protocol)

farmer_jacob_BW Jacob Farmer (M8, M11) is the CTO of Cambridge Computer Services, an integrator and training provider specializing in storage management. He has more than 15 year's experience with data storage technologies and is an accomplished author and lecturer. He writes the expert advice column for InfoStor magazine (the leading trade publication of the data storage industry) and is currently is currently working on a book on storage networking technologies.


M9 Regular Expression Mastery NEW
Mark-Jason Dominus, Plover Systems Co.

Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.

Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems.

The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.

In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."

Topics include:

  • Inside the regex engine
    • Regular expressions are programs
    • Backtracking
    • NFA vs. DFA
    • POSIX and Perl
    • Quantifiers
    • Greed and anti-greed
    • Anchors and assertions
    • Backreferences
  • Disasters and optimizations
    • Where machines come from
    • Disaster examples
    • Tokenizing
    • New optimizations
    • Matching strings with balanced parentheses
dominus_mark-jason Mark-Jason Dominus (M9, M12) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. Last year his work on the Rx regular expression debugger won the Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.


M10 Building a Disaster Recovery Plan NEW
Evan Marcus, VERITAS Software Corp.

Who should attend: Anyone who needs to develop a disaster recovery plan.

We'll identify the key parts of a plan, how to test it, and some of the technology that can speed recovery, with an eye toward balancing costs and benefit.

Topics include:

  • What a DR plan should contain
  • The costs of developing a DR plan
  • Do you need a DR plan at all?
  • Downtime and data loss: two sides of the same coin
  • Four different methods for testing your DR plan
  • DR as a subset of high availability
  • Methods and technologies for protecting data through a disaster
  • How disasters may affect the people who are responsible for recovery
  • Building and staffing DR teams
  • The role of senior management in DR
  • A real-life case study of a company that survived a major disaster
dominus_mark-jason Mark-Jason Dominus (M9, M12) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. Last year his work on the Rx regular expression debugger won the Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.


M11 Next-Generation Storage Architectures: Beyond Conventional SAN and NAS NEW
Jacob Farmer, Cambridge Computer Services

Who should attend: System architects, storage administrators, and disaster-recovery planners who are interested in cutting-edge storage technologies and/or whose needs have not been satisfied by the big vendors. Some familiarity with storage networking and/or SCSI and network file systems would be useful.

Proprietary monolithic SAN and NAS subsystems are giving way to open-system and distributed architectures. Data-transfer protocols such as SCSI, NFS, and CIFS are facing competition from VI and DAFS. Fibre-channel and parallel SCSI interfaces are challenged by Gigabit Ethernet and serial ATA. Bottlenecks imposed by PCI and SBUS stand to be eliminated by Infiniband with RDMA. This class identifies solutions available today and hints at what to expect for tomorrow.

Students will leave with ideas for leveraging existing hardware investments and for planning future migration strategies.

Topics include:

  • Fundamentals of storage system architectures
  • Shortcomings of conventional SAN and NAS architectures
  • Performance bottlenecks
  • Cost-reducing strategies
  • Comparison of storage interfaces: fibre channel, SCSI, serial ATA, Infiniband, Ethernet
  • Comparison of storage protocols: CIFS, NFS, SCSI, VI, DAFS
  • Open systems storage virtualization
  • The convergence of SAN and NAS
  • High-performance file sharing (NAS on steroids)
    • Indirect file systems
    • SAN-enabled file systems
  • Parallel file systems
  • Distributed metadata
  • Fixed content
  • Content-addressable storage
farmer_jacob_BW Jacob Farmer (M8, M11) is the CTO of Cambridge Computer Services, an integrator and training provider specializing in storage management. He has more than 15 year's experience with data storage technologies and is an accomplished author and lecturer. He writes the expert advice column for InfoStor magazine (the leading trade publication of the data storage industry) and is currently is currently working on a book on storage networking technologies.


M12 Perl Program Repair Shop and Red Flags NEW
Mark-Jason Dominus, Plover Systems Co.

Who should attend: System administrators and others who write Perl programs or deal with Perl programs other people have written.

In the typical program, 30% to 50% is just fat, harboring bugs and wasting maintenance and execution time. It's easy to learn to recognize and remove this fat, leaving your code more robust, more reliable, more readable, and more modular.

All the bad Perl code in this class is guaranteed 100% genuine and typical--no fake examples. We will examine several typical system administration programs in detail and see how to improve them. The class will focus on "red flags," the obvious warning signs in your code. We concentrate on techniques that yield big benefits for little effort. Clever tricks are forbidden, because everyone has off days, and this class is about how to write good, clean code even on the off days.

Participants are encouraged to submit their own code for respectful, anonymous review in the class. (Send it to mjd-lisa-repair+@plover.com before July 22.)

Topics include:

  • Families of variables
  • Making relationships explicit
  • Refactoring
  • Programming by convention
  • The Flesh Blanket
  • Structural vs. functional code
  • Conciseness
  • Why you should avoid the "." operator
  • Elimination of global variables
  • Superstition
  • The "use strict" zombies
  • Repressed subconscious urges
  • The cardinal rule of computer programming
  • The psychology of repeated code
  • Programs that are 10% backslashes
  • What can go wrong with "if"and "else"
  • The Condition that Ate Michigan
  • Resisting Holy Doctrine
  • How (and why) to let "undef" be the special value
  • Trying it both ways

dominus_mark-jason Mark-Jason Dominus (M9, M12) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. Last year his work on the Rx regular expression debugger won the Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.


M13 Practical Project Management NEW
Strata Rose Chalup, VirtualNet Consulting

Who should attend: Sysadmins who want to stay hands-on as team leads or system architects and need a new set of skills with which to tackle bigger, more complex challenges. No previous experience with project management is required. Participants will get a no-nonsense grounding in methods that work without adding significantly to one's workload. People who have been through traditional multi-day project management courses will be shocked, yet refreshed, by the practicality of our approach. To get the most out of this tutorial, participants should have some real-world project or complex task in mind for the lab sections.

This tutorial focuses on complementing your own organizational style (or lack thereof) with a toolbox of ways to organize and manage complex tasks without drowning in paperwork or clumsy, meeting-intensive methodologies. Also emphasized is how to bridge the gap between ad-hoc methods and the kinds of tracking and reporting that traditionally trained managers will understand.

Topics include:

  • Quick basics of project management
  • Skill sets
    • Defining success
    • Chunking and milestoning
    • Delegating
    • Tracking
    • Reporting
  • Problem areas
  • Project mangement tools
    • What tools should do for you
    • UNIX commands and scripts for 90+%
    • Freeware PM tool options
    • The only 15 minutes of MS Project you'll ever need
  • Real-world lab
    • Applying skillsets to a sample project
    • Generating skeleton documents and notes as we go along
    • Project Fixit Q&A
Chalup_Strata_Rose Strata Rose Chalup (M13) began as a fledgling sysadmin in 1983, and has been leading and managing complex IT projects for many years, serving in roles ranging from Project Manager to Director of Network Operations. She has authored several articles on management and working with teams, and specializes in multi-vendor infrastructure rollouts. Another MIT dropout, Strata is founder and CEO of VirtualNet Consulting, and applies her management skills on various volunteer boards, including BayLISA and SAGE.


Tuesday, November 5, 2002    

T1 System and Network Monitoring NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will introduce the concepts and functions of monitoring systems and will describe the Simple Network Management Protocol (SNMP). It will review some of the most popular monitoring tools and will cover the installation and configuration of a number of freely available monitoring packages. The emphasis will be on the practical, and the tutorial will provide examples of easy-to-implement monitoring techniques.

Topics include:

  • Monitoring--goals, techniques, reporting
  • SNMP--the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other non-SNMP tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications--introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
  • Special situations--remote locations, firewalls, etc.
  • Monitoring implementation roadmap--policies, practices, notifications, escalations, reporting

Participants should expect to leave the tutorial with the information needed to immediately start using a number of monitoring systems and techniques to improve their ability to manage and maintain their systems and networks.

sellens_john John Sellens (T1) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.


T2 UNIX Security Threats and Solutions
Matt Bishop, University of California, Davis

Who should attend: Anyone interested in threats to UNIX security and how to deal with them.

This tutorial uses case histories to show what vulnerabilities the attackers exploited, how the system administrators might have closed those loopholes, and how the intruders were discovered. Concepts and mechanisms, as well as publicly available tools,
are discussed. This course focuses on non-network problems.

Topics include:

  • Security policies vs. security
    mechanisms
  • Password security and cracking
  • Files and auditing
  • Access control mechanisms
  • Management of privileges
  • Malicious logic and the UNIX
    system
  • Basic vulnerabilities analysis
  • Basic incident management
  • Security holes past and current
  • Managing the humans
  • Where to get help

bishop_matt Matt Bishop (T2) began working on problems of computer security, including the security of the UNIX operating system, at Purdue, where he earned his doctorate in 1984. He worked in industry and at NASA before becoming a professor, teaching courses in computer security, cryptography, operating systems, and software engineering at both Dartmouth College and at the University of California at Davis, where he teaches now. Matt's current research interests are analyzing vulnerabilities in operating systems, protocols, and software in general; denial of service; intrusion detection; and formal models of access control.


T3 Linux Firewalls NEW
Joshua Jensen, Red Hat, Inc.

Who should attend: Network and security administrators who are charged with implementing network security and looking for Linux-related solutions. Attendees should have a basic understanding of TCP/IP and some experience in configuring network services. Both beginning administrators and security professionals not versed in the ways of Linux will leave the tutorial having learned something.

Administrators are being tasked with bringing order to their LAN and WAN environments. Packet filtering, traffic monitoring, and building and maintaining transparent proxy firewalls can be daunting responsibilities. Extensive configuration examples of Linux-based packet firewalls, common scenarios, and overviews of useful tools will provide valuable solutions.

At the completion of the course attendees should feel confident in their ability to set up and maintain secure networks with flexible access control. The instructor encourages questions during the presentation.

Topics include:

  • Networking overview
  • Linux kernel firewall capabilities
  • /proc kernel tuning
  • Linux 2.4 and Netfilter
    • Table and structure
    • Firewall rules and targets
    • User chains
    • Simple stateful approaches
    • IPChains compatibility
    • Advanced connection tracking
  • Performance tuning
  • Network address translation
    • Port forwarding
    • Round-robin load balancing
    • SNAT and masquerading
  • Sniffers you should fear (and use)
  • Traffic monitoring
  • Practical solutions to common scenarios
jensen_joshua_b&w Joshua Jensen (S3, T3) was the first Red Hat instructor and examiner, and has been with Red Hat for 4 years. In that time he has written and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Joshua has worked with Linux for 7 years, and has been teaching Cisco Internetworking and Linux courses since 1998.


T4 Configuring and Administering SAMBA Servers
Gerald Carter, Hewlett Packard

Who should attend: System and network administrators who wish to integrate SAMBA running on a UNIX-based machine with MS Windows clients. No familiarity with Windows networking concepts will be assumed.

SAMBA is a freely available suite of programs that allows UNIX-based machines to provide file and print services to MS Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As SAMBA makes its way into more and more network shops all over the world, it is common to see "configuring SAMBA servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

  • Installing SAMBA from the ground up
  • The basic Microsoft networking protocols and concepts, such as NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
  • Configuring a UNIX box to provide remote access to local files and printers from Windows clients
  • Utilizing client tools to access files on Windows servers from a UNIX host
  • Configuring SAMBA as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
  • Using SAMBA as a domain controller
  • Configuring SAMBA to participate in network browsing
  • Automating daily management tasks

carter_gerald Gerald Carter (M1, T4), a member of the SAMBA Team since 1998, is employed by Hewlett Packard as a Software Engineer, working on SAMBA-based print appliances. He is writing a guide to LDAP for system administrators, to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and system administrator. He has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself SAMBA in 24 Hours (Sams Publishing).


T5 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine how the virtual memory system, the I/O system, and the file system can be optimized. We'll move on to Network File System tuning and performance strategies. Detailed treatment of network performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues will be covered. We'll cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
    • Practical goals
    • Monitoring intervals
    • Useful statistics
    • Tools, tools, tools
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring* NFS performance tuning
    • NFS server constraints
    • NFS client improvements
    • NFS over WANs
    • Automounter and other tricks
  • Network performance, design, and capacity planning
    • Locating bottlenecks
    • Demand management
    • Media choices and protocols
    • Network topologies: bridges, switches, routers
    • Throughput and latency
    • Modeling resource usage
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time

staveley_mark Marc Staveley (T5) recently took a position with Soma Networks, where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant, and he has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.


T6 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad C. Johnson, SystemExperts Corp.

Who should attend: Network, system, and firewall administrators; security auditors and those audited; those responding to intrusions or responsible for applications or systems that might be targets for crackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

Network-based host intrusions, whether they come from the Internet, an extranet, or an intranet, typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the ways crackers perform these activities, what protocols and tools they use, and a number of current methods and exploits. You'll learn how to generate vulnerability profiles of your systems. Additionally, we'll review some important management policies and issues.

We'll focus primarily on tools that exploit many of the common TCP/IP-
based protocols that underlie virtually all Internet applications. We'll concentrate on examples drawn from public-domain tools that are commonly used by crackers.

Topics include:

  • Profiles: what can an intruder determine about your site remotely?
  • Review of profiling methodologies: different "viewpoints" generate different types of profiling information
  • Techniques: scanning, online research, TCP/IP protocol "mis"uses, denial of service, cracking clubs
  • Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
  • Tools: scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, SSLeay/upget
  • Defining management policies to minimize intrusion risk

Topics not covered:

  • Social engineering
  • Buffer overflow exploits
  • Browser (frame) exploits
  • Shell privilege escalation
johnson_brad Brad C. Johnson (M5, T6) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has published often about open systems. Brad has served as a technical advisor to organizations such as Dateline NBC and CNN on security matters. He is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. Brad holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.


T7 Advanced Topics in DNS Administration NEW
Jim Reid, Nominum

Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf.

This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"

Topics include:

  • The BIND9 Logging Subsystem
    • Getting the most from the name server's logs
  • Managing the name server with rndc
  • Configuring split DNS: internal and external versions of a domain
    • Using the views mechanism of BIND9 to implement split DNS
  • Setting up an internal root server
  • Securing the name server
    • Running it chroot()ed
    • Using access control lists
    • Preventing unwanted access
  • Dynamic DNS (DDNS)
    • Dynamic updates with nsupdate
  • IPv6
    • Resolving and answering queries with IPv6
    • Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
  • The Lightweight Resolver Daemon, lwresd
  • Secure DNS (DNSSEC)
    • Using Transaction Signatures (TSIG)
    • How to sign zones with dnssec-keygen and dnssec-signzone
reid_jim_new Jim Reid (T7) started using a PDP11/45 running V7 UNIX 21 years ago and has been working with UNIX systems ever since. He worked for three years at Origin on behalf of Philips Electronics, where he wrote a DNS management system and designed, built, and ran the DNS infrastructure for the corporate network, one of the biggest in the world. He has over a decade's experience in writing and teaching training courses ranging from kernel internals, through system administration and network security, to DNS administration. He's a frequent speaker at conferences and workshops in Europe and the U.S. His book on DNS administration with BIND9 will be published in 2002.


T8 Introduction to Massive Upgrades and Changes NEW
Christine Hogan, Consultant, and Tom Limoncelli, Lumeta, Inc.

Who should attend: Sysadmins from environments where upgrading a single large server or hundreds of individual hosts is common. Although it's focused on UNIX and IP networks, all sysadmins will benefit from this tutorial. Examples include situations found in both small and large sites.

Imagine renumbering the IP addresses of thousands of hosts, none of which sees more than one interruption. Imagine upgrading a large server that provides dozens of critical services with confidence that it will be done on time and with all services working. Imagine performing one or more changes on 1,000 individual hosts without fear that you've installed the same typo on each. Imagine a tutorial that teaches how to make those things happen.

This tutorial will mix theory with case studies of real events--both success stories and disasters.

Topics include:

  • What is change management?
  • Change mangement basics: change request, approval, execution, testing
  • Explicit approval vs. explicit objection
  • Case study: Network (WAN) change management
  • Flight director technique for major maintenance windows
  • The Secret to Sucessful Server Upgrades
  • Case study: upgrading a major application server
  • Case study: upgrading a multi-purpose server
  • Service conversions
  • Case study: IP renumbering and reorganization

hogan_christine_BW Christine Hogan (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is an independent consultant, currently studying for a Ph.D. at Imperial College, London. Previously employed by Synopsys and Global Networking and Computing (GNAC, Inc.), she serves as consultant to start-ups, e-commerce sites, bio-tech companies, and large multi-national hardware and software companies. Her system administration career began at the Department of Mathematics in Trinity College Dublin.


limoncelli_tom_BW Tom Limoncelli (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is Director of Operations at Lumeta Corporation, where he is responsible for building and scaling the deployment systems. A sysadmin and network wonk since 1987, he has worked at Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.


T9 Console Servers: Getting up to Speed NEW
David "Zonker" Harris, Certainty Solutions

Who should attend: System and network administrators who are supporting large, distributed networks; anyone with a large terminal-server deployment for remote console access; senior administrators and network operations staff looking for monitoring, mentoring, and collaboration tools.

This class will cover installation and configuration of Conserver, an open-source client/server application, with session logging, for remote console access. We'll include Q&A time for participants to address their specific site needs and requirements. The tutorial will include a demonstration of Conserver.

This class will not cover in-depth RS-232 hook-up questions, but the instructor will make himself available for those types of questions ouside of tutorial time.

Topics include:

  • Overview of console and terminal server devices
  • Conserver background (code history, branches)
  • Recent feature additions and code changes
  • How to install and configure Conserver
  • Implementation best practices
  • Implementing distributed mode (multiple servers)
  • How to mine information from logs
  • Evaluating and mitigating security risks
  • Exploring some interesting existing deployments

Harris_David_K_Z David K. Z. Harris (T9, T12) has been a network plumber for more than a decade, and he likes many kinds of puzzles. He's been a member of the Technical Staff at Certainty Solutions (formerly GNAC) for over four years. Connecting various devices together (such as making networks work, or hooking up serial consoles) is just another interesting puzzle.


T10 Documentation Techniques for Sysadmins
Mike Ciavarella, Cybersource Pty Ltd

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Topics include:

  • Why system administrators need to document
  • The document life cycle
  • Targeting your audience
  • An adaptable document framework
  • Common mistakes
  • Tools to assist the documentation process

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

  Mike Ciavarella (T10, T13) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for Macmillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne in Australia, and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.


T11 But Is It UNIX? A Mac OS X Administrator's Survival Guide NEW
Aeleen Frisch, Exponential Consulting

Who should attend: UNIX system administrators who want or need to administer Macintosh systems running OS X. Familiarity with UNIX system administration concepts and tasks is assumed.

Topics include:

  • What is this beast and what's Darwin (and why should I care)?
  • Networking: How Apple broke a million things with one bad decision, and how to get them working again
  • User management
  • File systems and disks (and what all those strange files are)
  • Process management: UNIX and MacOS applications
  • Managing funky Mac peripherals and user expectations

We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment.

frisch_aeleenbw Aeleen Frisch (S6, M3, T11) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).


T12 Advanced Console Remote Access NEW
David "Zonker" Harris, Certainty Solutions

Who should attend: System administrators supporting many UNIX hosts; network administrators with large, distributed networks; security architects looking for alternate ways to control secure devices; senior administrators looking for mentoring and collaboration tools, or just trying to do more with less.

The serial console port on a host or device can give you valuable security data, allow configuration you cannot access via the operating system on most devices, and be your fastest method of getting a labored host back under control. We'll explore methods for securely extending your reach to the serial consoles around your enterprise, and evaluating the vendors.

This class will not cover in-depth RS-232 hook-up questions, but the instructor will make himself available for the types of questions ouside of tutorial time.

Topics include:

  • What are my options?
  • Should I worry about Serial BREAK?
  • Why use terminal servers?
  • How is a Console Server different?
  • Evaluating console server hardware
  • Evaluating and mitigating security risks
  • Authentication and access issues
  • Console access hosts via SSH and clients
  • Benefits of logging console sessions

Harris_David_K_Z David K. Z. Harris (T9, T12) has been a network plumber for more than a decade, and he likes many kinds of puzzles. He's been a member of the Technical Staff at Certainty Solutions (formerly GNAC) for over four years. Connecting various devices together (such as making networks work, or hooking up serial consoles) is just another interesting puzzle.


T13 Advanced Shell Programming
Mike Ciavarella, Cybersource Pty Ltd

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages.

This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

  • Common mistakes and unsafe practices
  • Modular shell script programming
  • Building blocks: awk, sed, etc.
  • Writing secure shell scripts
  • Performance tuning
  • Choosing the right utilities for the job
  • Addressing portability at the design stage
  • When not to use shell scripts

  Mike Ciavarella (T10, T13) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for Macmillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne in Australia, and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.



?Need help? Use our Contacts page.

Last changed: 27 Sept. 2002 jel
LISA '02 Home
Events calendar
USENIX home