Check out the new USENIX Web site.
LISA '02, 16th Systems Administration Conference, November 3-8, 2002, Philadelphia Marriott, Philadelphia, PA
LISA Home  | Register/Hotel  | Tutorials  | Tech Sessions  | Workshops  | Exhibition  | Organizers  | Activities/BoFs  | At a Glance
Register Now!
Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Tuesday, November 5, 2002    
Full-Day Tutorials
T1 System and Network Monitoring NEW
John Sellens, Certainty Solutions

T2 UNIX Security Threats and Solutions
Matt Bishop, University of California, Davis

T3 Linux Firewalls NEW
Joshua Jensen, Red Hat, Inc.

T4 Configuring and Administering SAMBA Servers
Gerald Carter, Hewlett Packard

T5 System and Network Performance Tuning
Marc Staveley, Soma Networks

T6 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad C. Johnson, SystemExperts Corp.

T7 Advanced Topics in DNS Administration NEW
Jim Reid, Nominum

Half-Day Tutorials, AM
T8 Introduction to Massive Upgrades and Changes NEW
Christine Hogan, Consultant, and Tom Limoncelli, Lumeta, Inc.

T9 Console Servers: Getting up to Speed NEW
David "Zonker" Harris, Certainty Solutions

T10 Documentation Techniques for Sysadmins
Mike Ciavarella, Cybersource Pty Ltd

Half-Day Tutorials, PM
T11 But Is It UNIX? A Mac OS X Administrator's Survival Guide NEW
Aeleen Frisch, Exponential Consulting

T12 Advanced Console Remote Access NEW
David "Zonker" Harris, Certainty Solutions

T13 Advanced Shell Programming
Mike Ciavarella, Cybersource Pty Ltd


T1 System and Network Monitoring NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will introduce the concepts and functions of monitoring systems and will describe the Simple Network Management Protocol (SNMP). It will review some of the most popular monitoring tools and will cover the installation and configuration of a number of freely available monitoring packages. The emphasis will be on the practical, and the tutorial will provide examples of easy-to-implement monitoring techniques.

Topics include:

  • Monitoring--goals, techniques, reporting
  • SNMP--the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other non-SNMP tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications--introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
  • Special situations--remote locations, firewalls, etc.
  • Monitoring implementation roadmap--policies, practices, notifications, escalations, reporting

Participants should expect to leave the tutorial with the information needed to immediately start using a number of monitoring systems and techniques to improve their ability to manage and maintain their systems and networks.

sellens_john John Sellens (T1) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.


T2 UNIX Security Threats and Solutions
Matt Bishop, University of California, Davis

Who should attend: Anyone interested in threats to UNIX security and how to deal with them.

This tutorial uses case histories to show what vulnerabilities the attackers exploited, how the system administrators might have closed those loopholes, and how the intruders were discovered. Concepts and mechanisms, as well as publicly available tools,
are discussed. This course focuses on non-network problems.

Topics include:

  • Security policies vs. security
    mechanisms
  • Password security and cracking
  • Files and auditing
  • Access control mechanisms
  • Management of privileges
  • Malicious logic and the UNIX
    system
  • Basic vulnerabilities analysis
  • Basic incident management
  • Security holes past and current
  • Managing the humans
  • Where to get help

bishop_matt Matt Bishop (T2) began working on problems of computer security, including the security of the UNIX operating system, at Purdue, where he earned his doctorate in 1984. He worked in industry and at NASA before becoming a professor, teaching courses in computer security, cryptography, operating systems, and software engineering at both Dartmouth College and at the University of California at Davis, where he teaches now. Matt's current research interests are analyzing vulnerabilities in operating systems, protocols, and software in general; denial of service; intrusion detection; and formal models of access control.


T3 Linux Firewalls NEW
Joshua Jensen, Red Hat, Inc.

Who should attend: Network and security administrators who are charged with implementing network security and looking for Linux-related solutions. Attendees should have a basic understanding of TCP/IP and some experience in configuring network services. Both beginning administrators and security professionals not versed in the ways of Linux will leave the tutorial having learned something.

Administrators are being tasked with bringing order to their LAN and WAN environments. Packet filtering, traffic monitoring, and building and maintaining transparent proxy firewalls can be daunting responsibilities. Extensive configuration examples of Linux-based packet firewalls, common scenarios, and overviews of useful tools will provide valuable solutions.

At the completion of the course attendees should feel confident in their ability to set up and maintain secure networks with flexible access control. The instructor encourages questions during the presentation.

Topics include:

  • Networking overview
  • Linux kernel firewall capabilities
  • /proc kernel tuning
  • Linux 2.4 and Netfilter
    • Table and structure
    • Firewall rules and targets
    • User chains
    • Simple stateful approaches
    • IPChains compatibility
    • Advanced connection tracking
  • Performance tuning
  • Network address translation
    • Port forwarding
    • Round-robin load balancing
    • SNAT and masquerading
  • Sniffers you should fear (and use)
  • Traffic monitoring
  • Practical solutions to common scenarios
jensen_joshua_b&w Joshua Jensen (S3, T3) was the first Red Hat instructor and examiner, and has been with Red Hat for 4 years. In that time he has written and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Joshua has worked with Linux for 7 years, and has been teaching Cisco Internetworking and Linux courses since 1998.


T4 Configuring and Administering SAMBA Servers
Gerald Carter, Hewlett Packard

Who should attend: System and network administrators who wish to integrate SAMBA running on a UNIX-based machine with MS Windows clients. No familiarity with Windows networking concepts will be assumed.

SAMBA is a freely available suite of programs that allows UNIX-based machines to provide file and print services to MS Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As SAMBA makes its way into more and more network shops all over the world, it is common to see "configuring SAMBA servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

  • Installing SAMBA from the ground up
  • The basic Microsoft networking protocols and concepts, such as NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
  • Configuring a UNIX box to provide remote access to local files and printers from Windows clients
  • Utilizing client tools to access files on Windows servers from a UNIX host
  • Configuring SAMBA as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
  • Using SAMBA as a domain controller
  • Configuring SAMBA to participate in network browsing
  • Automating daily management tasks

carter_gerald Gerald Carter (M1, T4), a member of the SAMBA Team since 1998, is employed by Hewlett Packard as a Software Engineer, working on SAMBA-based print appliances. He is writing a guide to LDAP for system administrators, to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and system administrator. He has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself SAMBA in 24 Hours (Sams Publishing).


T5 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine how the virtual memory system, the I/O system, and the file system can be optimized. We'll move on to Network File System tuning and performance strategies. Detailed treatment of network performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues will be covered. We'll cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
    • Practical goals
    • Monitoring intervals
    • Useful statistics
    • Tools, tools, tools
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring* NFS performance tuning
    • NFS server constraints
    • NFS client improvements
    • NFS over WANs
    • Automounter and other tricks
  • Network performance, design, and capacity planning
    • Locating bottlenecks
    • Demand management
    • Media choices and protocols
    • Network topologies: bridges, switches, routers
    • Throughput and latency
    • Modeling resource usage
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time

staveley_mark Marc Staveley (T5) recently took a position with Soma Networks, where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant, and he has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.


T6 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad C. Johnson, SystemExperts Corp.

Who should attend: Network, system, and firewall administrators; security auditors and those audited; those responding to intrusions or responsible for applications or systems that might be targets for crackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

Network-based host intrusions, whether they come from the Internet, an extranet, or an intranet, typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the ways crackers perform these activities, what protocols and tools they use, and a number of current methods and exploits. You'll learn how to generate vulnerability profiles of your systems. Additionally, we'll review some important management policies and issues.

We'll focus primarily on tools that exploit many of the common TCP/IP-
based protocols that underlie virtually all Internet applications. We'll concentrate on examples drawn from public-domain tools that are commonly used by crackers.

Topics include:

  • Profiles: what can an intruder determine about your site remotely?
  • Review of profiling methodologies: different "viewpoints" generate different types of profiling information
  • Techniques: scanning, online research, TCP/IP protocol "mis"uses, denial of service, cracking clubs
  • Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
  • Tools: scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, SSLeay/upget
  • Defining management policies to minimize intrusion risk

Topics not covered:

  • Social engineering
  • Buffer overflow exploits
  • Browser (frame) exploits
  • Shell privilege escalation
johnson_brad Brad C. Johnson (M5, T6) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has published often about open systems. Brad has served as a technical advisor to organizations such as Dateline NBC and CNN on security matters. He is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. Brad holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.


T7 Advanced Topics in DNS Administration NEW
Jim Reid, Nominum

Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf.

This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"

Topics include:

  • The BIND9 Logging Subsystem
    • Getting the most from the name server's logs
  • Managing the name server with rndc
  • Configuring split DNS: internal and external versions of a domain
    • Using the views mechanism of BIND9 to implement split DNS
  • Setting up an internal root server
  • Securing the name server
    • Running it chroot()ed
    • Using access control lists
    • Preventing unwanted access
  • Dynamic DNS (DDNS)
    • Dynamic updates with nsupdate
  • IPv6
    • Resolving and answering queries with IPv6
    • Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
  • The Lightweight Resolver Daemon, lwresd
  • Secure DNS (DNSSEC)
    • Using Transaction Signatures (TSIG)
    • How to sign zones with dnssec-keygen and dnssec-signzone
reid_jim_new Jim Reid (T7) started using a PDP11/45 running V7 UNIX 21 years ago and has been working with UNIX systems ever since. He worked for three years at Origin on behalf of Philips Electronics, where he wrote a DNS management system and designed, built, and ran the DNS infrastructure for the corporate network, one of the biggest in the world. He has over a decade's experience in writing and teaching training courses ranging from kernel internals, through system administration and network security, to DNS administration. He's a frequent speaker at conferences and workshops in Europe and the U.S. His book on DNS administration with BIND9 will be published in 2002.


T8 Introduction to Massive Upgrades and Changes NEW
Christine Hogan, Consultant, and Tom Limoncelli, Lumeta, Inc.

Who should attend: Sysadmins from environments where upgrading a single large server or hundreds of individual hosts is common. Although it's focused on UNIX and IP networks, all sysadmins will benefit from this tutorial. Examples include situations found in both small and large sites.

Imagine renumbering the IP addresses of thousands of hosts, none of which sees more than one interruption. Imagine upgrading a large server that provides dozens of critical services with confidence that it will be done on time and with all services working. Imagine performing one or more changes on 1,000 individual hosts without fear that you've installed the same typo on each. Imagine a tutorial that teaches how to make those things happen.

This tutorial will mix theory with case studies of real events--both success stories and disasters.

Topics include:

  • What is change management?
  • Change mangement basics: change request, approval, execution, testing
  • Explicit approval vs. explicit objection
  • Case study: Network (WAN) change management
  • Flight director technique for major maintenance windows
  • The Secret to Sucessful Server Upgrades
  • Case study: upgrading a major application server
  • Case study: upgrading a multi-purpose server
  • Service conversions
  • Case study: IP renumbering and reorganization

hogan_christine_BW Christine Hogan (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is an independent consultant, currently studying for a Ph.D. at Imperial College, London. Previously employed by Synopsys and Global Networking and Computing (GNAC, Inc.), she serves as consultant to start-ups, e-commerce sites, bio-tech companies, and large multi-national hardware and software companies. Her system administration career began at the Department of Mathematics in Trinity College Dublin.


limoncelli_tom_BW Tom Limoncelli (M7, T8), co-author of The Practice of System and Network Administration from Addison-Wesley, is Director of Operations at Lumeta Corporation, where he is responsible for building and scaling the deployment systems. A sysadmin and network wonk since 1987, he has worked at Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.


T9 Console Servers: Getting up to Speed NEW
David "Zonker" Harris, Certainty Solutions

Who should attend: System and network administrators who are supporting large, distributed networks; anyone with a large terminal-server deployment for remote console access; senior administrators and network operations staff looking for monitoring, mentoring, and collaboration tools.

This class will cover installation and configuration of Conserver, an open-source client/server application, with session logging, for remote console access. We'll include Q&A time for participants to address their specific site needs and requirements. The tutorial will include a demonstration of Conserver.

This class will not cover in-depth RS-232 hook-up questions, but the instructor will make himself available for those types of questions ouside of tutorial time.

Topics include:

  • Overview of console and terminal server devices
  • Conserver background (code history, branches)
  • Recent feature additions and code changes
  • How to install and configure Conserver
  • Implementation best practices
  • Implementing distributed mode (multiple servers)
  • How to mine information from logs
  • Evaluating and mitigating security risks
  • Exploring some interesting existing deployments

Harris_David_K_Z David K. Z. Harris (T9, T12) has been a network plumber for more than a decade, and he likes many kinds of puzzles. He's been a member of the Technical Staff at Certainty Solutions (formerly GNAC) for over four years. Connecting various devices together (such as making networks work, or hooking up serial consoles) is just another interesting puzzle.


T10 Documentation Techniques for Sysadmins
Mike Ciavarella, Cybersource Pty Ltd

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Topics include:

  • Why system administrators need to document
  • The document life cycle
  • Targeting your audience
  • An adaptable document framework
  • Common mistakes
  • Tools to assist the documentation process

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

  Mike Ciavarella (T10, T13) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for Macmillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne in Australia, and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.


T11 But Is It UNIX? A Mac OS X Administrator's Survival Guide NEW
Aeleen Frisch, Exponential Consulting

Who should attend: UNIX system administrators who want or need to administer Macintosh systems running OS X. Familiarity with UNIX system administration concepts and tasks is assumed.

Topics include:

  • What is this beast and what's Darwin (and why should I care)?
  • Networking: How Apple broke a million things with one bad decision, and how to get them working again
  • User management
  • File systems and disks (and what all those strange files are)
  • Process management: UNIX and MacOS applications
  • Managing funky Mac peripherals and user expectations

We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment.

frisch_aeleenbw Aeleen Frisch (S6, M3, T11) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).


T12 Advanced Console Remote Access NEW
David "Zonker" Harris, Certainty Solutions

Who should attend: System administrators supporting many UNIX hosts; network administrators with large, distributed networks; security architects looking for alternate ways to control secure devices; senior administrators looking for mentoring and collaboration tools, or just trying to do more with less.

The serial console port on a host or device can give you valuable security data, allow configuration you cannot access via the operating system on most devices, and be your fastest method of getting a labored host back under control. We'll explore methods for securely extending your reach to the serial consoles around your enterprise, and evaluating the vendors.

This class will not cover in-depth RS-232 hook-up questions, but the instructor will make himself available for the types of questions ouside of tutorial time.

Topics include:

  • What are my options?
  • Should I worry about Serial BREAK?
  • Why use terminal servers?
  • How is a Console Server different?
  • Evaluating console server hardware
  • Evaluating and mitigating security risks
  • Authentication and access issues
  • Console access hosts via SSH and clients
  • Benefits of logging console sessions

Harris_David_K_Z David K. Z. Harris (T9, T12) has been a network plumber for more than a decade, and he likes many kinds of puzzles. He's been a member of the Technical Staff at Certainty Solutions (formerly GNAC) for over four years. Connecting various devices together (such as making networks work, or hooking up serial consoles) is just another interesting puzzle.


T13 Advanced Shell Programming

Mike Ciavarella, Cybersource Pty Ltd
Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages.

This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

  • Common mistakes and unsafe practices
  • Modular shell script programming
  • Building blocks: awk, sed, etc.
  • Writing secure shell scripts
  • Performance tuning
  • Choosing the right utilities for the job
  • Addressing portability at the design stage
  • When not to use shell scripts

  Mike Ciavarella (T10, T13) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for Macmillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne in Australia, and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.



?Need help? Use our Contacts page.

Last changed: 18 July 2002 jr
LISA '02 Home
Events calendar
USENIX home