Tutorials:
Overview |
By Day (Sunday,
Monday, Tuesday) |
By Instructor | All in One File
Sunday, December 2, 2001
|
Full-Day Tutorials
S1 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation
S2 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies
S4 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington
S5 Linux System Administration
Joshua Jensen, Red Hat, Inc.
S7 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation
S8 Blueprints for High Availability: Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corporation
S9 Topics in UNIX and Linux System Administration
Evi Nemeth, University of Colorado; Ned McClain, Consultant; and Trent Hein, Consultant
| ![](/legacy/graphics/dot_clear.gif) |
Half-Day Tutorials - Morning
S10 SSH Introduction Through Implementation
NEW
Steve Acheson, Cisco Systems, Inc.
S11 Perl for System Administration
David Blank-Edelman, Northeastern University College
Half-Day Tutorials - Afternoon
S15 Perl Saves the Day
David N. Blank-Edelman, Northeastern University
S16 Understanding and Implementing DHCP
Greg Kulosa, Consultant
|
S1 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation
Who should attend: System and network administrators who implement
or maintain intrusion detection systems, managers charged with selecting and
setting intrusion detection requirements, and anyone who wants to know the
details of how to make intrusion detection work. Familiarity with TCP/IP
networking is a plus.
In today's increasingly networked world, intrusion detection is essential for
protecting resources, data, and reputation. It's a rapidly evolving field with
several models and deployment methods from which to choose.
After taking this tutorial, attendees will understand the fundamental concepts
of intrusion detection and will gain practical insights into designing,
deploying, and managing intrusion detection systems in the real world.
Topics include:
- Why intrusion detection?
- ID and the organization
- Intrusion detection basics
- How attackers attempt to bypass IDS systems
- Case studies for small, medium, and large deployments
Phil Cox (S1, M6)
is a
consultant for SystemExperts
Corporation, a consulting firm that specializes in system security and
management. Phil frequently writes and lectures on issues bridging the gap
between UNIX and Windows NT. He is a featured columnist in ;login;, the
USENIX Association Magazine and has served on numerous USENIX program
committees. Phil holds a B.S. in computer science from the College of
Charleston, South Carolina.
Mark Mellis (S1)
Corporation based in the San Francisco Bay Area. Over the past two years, Mark
has distinguished himself by assisting several of the premier Internet companies
in responding to major network attacks, and in designing and implementing robust
infrastructure to limit future exposure. Mark has established a reputation over
the past seventeen years of achieving the highest level of customer satisfaction
in the areas of Unix, Windows & NT, Macintosh, DNS, Internet and intra-net
connectivity, SMTP email, and WAN technologies. Mark attended the University of
Washington, where he studied Physics.
S2 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies
Who should attend: UNIX administrators who need more knowledge of
Solaris administration.
We will discuss the major new features of recent Solaris releases, including
which to use (and how) and which to avoid. This in-depth course will provide the
information you need to run a Solaris installation effectively. Updated to
include Solaris 8 and several other new topics.
Topics include:
- Installing and upgrading
- Architecting your facility
- Choosing appropriate hardware
- Planning your installation, filesystem layout, post-installation
- Installing (and removing) patches and packages
- Advanced features of Solaris 2
- File systems and their uses
- The /proc file system and commands
- Useful tips and techniques
- Networking and the kernel
- Virtual IP: configuration and uses
- Kernel and performance tuning: new features, adding devices, tuning,
debugging commands
- Devices: naming conventions, drivers, gotchas
- Enhancing Solaris
Upon completion of the course, attendees will know what the IETF has been up to
lately, and what to expect in upcoming BIND releases. This tutorial will not be
a rehash of prior material--new subjects will be covered.
Peter Baer Galvin (S2)
is the chief technologist for
Corporate Technologies, Inc., and was the systems manager for Brown University's
Computer Science Department. He has written articles for Byte and other
magazines, is systems admnistration columnist for SunWorld, and is
co-author of the Operating Systems Concepts and the Applied Operating
Systems Concepts textbooks. As a consultant and trainer, Peter has taught
tutorials on security and systems administration and has given talks at many
conferences.
S4 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington
Who should attend: Anyone who is designing, implementing, or
maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators,
architects, and managers who need to maintain multiple hosts with few admins.
This tutorial won't propose one "perfect solution." Instead, it will try to
raise all the questions you should ask in order to design the right solution for
your needs.
Topics include:
-
Administrative domains: Who is responsible for what? What can users do for
themselves?
-
Desktop services vs. farming
-
Disk layout
-
Free vs. purchased solutions: Do you write your own, or do you outsource?
-
Homogeneous vs. heterogeneous
-
Master database: What do you need to track, and how?
-
Policies to make your life easier
-
Push vs. pull: Do you force data to each host, or wait for a client request?
-
Quick replacement techniques: How to get the user back up in 5 minutes
-
Remote install/upgrade/patching: How can you implement lights-out operation?
Handle remote user sites? Keep up with vendor patches?
-
Scaling and sizing: How do you plan?
-
Security vs. sharing
-
Single sign-on: Can one-password access to multiple services be secure?
-
Single system images: Should each user see everything the same way, or should
each user's access to each service be consistent with his/her own environment?
-
Tools: What's free? What should you buy? What can you write yourself?
Lee Damon (S4)
holds a B.S. in speech communication
from Oregon State University. He has been a UNIX system administrator since 1985
and has been active in SAGE since its inception. He has been a UNIX system
administrator since 1985 and has been active in SAGE since its inception. He
co-developed departmental and company-wide UNIX environments for IBM, GulfStream
Aerospace and QUALCOMM. He is now working in the EE Department at the University
of Washington, and is helping to develop the Nikola UNIX infrastructure there.
S5 Linux System Administration
Joshua Jensen, Red Hat, Inc.
Who should attend: System administrators who plan to implement a
Linux solution in a production environment. Attendees should be familiar with
the basics of system administration in a UNIX/Linux environment: user-level
commands, administration commands, and TCP/IP networking. Both novice and
intermediate administrators should leave the tutorial having learned something.
From a single server to a network of workstations, the Linux environment can be
a daunting task for administrators knowledgeable on other platforms. Starting
with a single server and finishing with a multi-server, 1000+ user environment,
case studies will provide practical information for using Linux in the real
world.
Topics include:
-
Installation features
-
Disk partitioning and RAID
-
Networking
-
User accounts
-
Services
-
NFS and NIS
-
Security through packet filtering and SSH
-
New developments (journaling file systems, VPNs, and more)
At the completion of the tutorial, attendees should feel confident in their
ability to set up and maintain a secure and useful Linux network. The tutorial
will be conducted in an open manner that allows for question-and-answer
interruption.
Joshua Jensen
(S5)
and examiner, and has been with Red Hat for 3 years. In that time he has written
and maintained large parts of the Red Hat curriculum: Networking Services and
Security, System Administration, and the Red Hat Certified Engineer course and
exam. Joshua has worked with Linux for six years, and has been teaching Cisco
Internetworking and Linux courses since 1998.
S7 Network Security Profiles: A
Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation
Who should attend: Network, system, and firewall administrators;
security auditors and those who are audited; people involved with responding to
intrusions or responsible for network-based applications or systems that might
be targets for crackers (determined intruders). Participants should understand
the basics of TCP/IP networking. Examples will use actual tools and will also
include small amounts of HTML, JavaScript, and Tcl.
Network-based host intrusions, whether they come from the Internet, an extranet,
or an intranet, typically follow a common methodology: reconnaissance,
vulnerability research, and exploitation. This tutorial will review the ways
crackers perform these activities, what protocols and tools they use, and a
number of current methods and exploits. You'll learn how to generate
vulnerability profiles of your systems. Additionally, we'll review some
important management policies and issues.
We'll focus primarily on tools that exploit many of the common TCP/IP-
based protocols that underlie virtually all Internet applications, including Web
technologies, network management, and remote file systems. Some topics will be
addressed at a detailed technical level. We'll concentrate on examples drawn
from public-domain tools that are widely available and commonly used by
crackers.
Topics include:
-
Profiles: what can an intruder determine about your site remotely?
-
Review of profiling methodologies: different "viewpoints" generate different
types of profiling information
-
Techniques: scanning, online research, TCP/IP protocol "mis"uses, denial of
service, cracking clubs
-
Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
-
Tools: scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl,
Nmap, SSLeay/upget
-
Defining management policies to minimize intrusion risk
Topics not covered:
-
Social engineering
-
Buffer overflow exploits
-
Browser (frame) exploits
-
Shell privilege escalation
Brad Johnson (S7, M6)
is
a vice president of SystemExperts Corporation, a consulting firm that
specializes in system security and management. He is a well-known authority in
the field of secure distributed systems and has recently served as a technical
advisor to both Dateline NBC and CNN on network security matters. He has
participated in seminal industry initiatives, including the Open Software
Foundation, X/Open, and the IETF, and has often published about open
systems.Brad was one of the original members of the OSF DCE Evaluation Team. He
has a B.A. in computer science from Rutgers University and an M.S. from Lesley
College.
S8 Blueprints for High Availability:
Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corporation
Who should attend: Beginning and intermediate UNIX system and
network administrators, and UNIX developers concerned with building applications
that can be deployed and managed in a highly resilient manner. A basic
understanding of UNIX system programming, UNIX shell programming, and network
environments is required.
This tutorial will explore procedures and techniques for designing, building,
and managing predictable, resilient UNIX-based systems in a distributed
environment. We will discuss the trade-offs among cost, reliability, and
complexity.
Topics include:
-
What is high availability? Who needs it?
-
Defining uptime and cost; "big rules" of system design
-
Disk and data redundancy; RAID and SCSI arrays
-
Host redundancy in HA configs
-
Network dependencies
-
Application system programming concerns
-
Anatomy of failovers: applications, systems, management tools
-
Planning disaster recovery sites and data updates
-
Security implications
-
Upgrade and patch strategies
-
Backup systems: off-site storage, redundancy, and disaster recovery
-
Managing the system: managers, processes, verification
Evan Marcus (S8)
is a senior systems engineer and
high availability specialist with VERITAS Software Corporation. Evan has more
than 12 years of experience in UNIX systems administration. While employed at
Fusion Systems and OpenVision Software, Evan worked to bring the first high
availability software application for SunOS and Solaris to market. Evan is the
author of several articles and talks on the design of high availability systems.
S9 Topics in UNIX and Linux System
Administration
Evi Nemeth, University of Colorado; Ned McClain, Consultant; and
Trent Hein, Consultant
Who should attend: System and network administrators who are
interested in picking up several new technologies in an accelerated manner. The
format consists of six topics spread throughout the day.
Logical Volume Management for Linux: Logical volume support for Linux has
brought storage flexibility and high availability to the masses. By abstracting
physical storage devices, logical volumes let you grow and shrink partitions,
efficiently back up databases, and much more. We'll talk about Linux LVM, what
you need to get it up and running, and how to take advantage of its many
features.
Security Packet Filtering Primer: What does the word "firewall" really
mean, and how do you set up a packet filter list to implement a basic one? We'll
teach you the dos and don'ts of creating a tough packet filter, and talk
specifically about capabilities of packages available for Linux.
What's New in BIND9? BINDv9 includes a long laundry list of features
needed for modern architectures, huge zones, machines serving a zillion zones,
co-existence with PCs, security, and IPv6--specifically, dynamic update,
incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME
records. We'll talk about the gory details of these new features.
Policy and Politics: Many of the policies and procedures followed at a
site are carefully filed in the sysadmin's head. With the worldwide Net invading
your local site, these secrets need to be written down, run by lawyers, and
followed by your sysadmin staff. We will discuss approaches to these tasks, both
good and bad, and illustrate with war stories, sample policy agreements, and
procedure checklists.
Security Crisis Case Studies: Before your very eyes, we'll dissect a set
of security incident case studies using many tools available on your system or
from the Net. We'll specifically examine how to avoid common security-incident
pitfalls.
Network Server Performance Tuning: Instead of throwing expensive hardware
at a performance problem, consider that kernel and application tuning can yield
a performance improvement of several hundred percent. We'll focus on Linux
kernel and system tuning, but most of what we cover applies to other UNIX
platforms as well.
Evi Nemeth (S9), a faculty member in computer science
at the University of Colorado, has managed UNIX systems for the past 20 years,
both from the front lines and from the ivory tower. She is co-author of the
UNIX System Administration Handbook.
Ned McClain (S9) is a lead engineer at XOR Network
Engineering. He is currently helping with the 3rd edition of the UNIX System
Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in
computer science from Cornell University and has done research with both the CS
and Engineering Physics departments at Cornell.
Trent R. Hein (S9) is co-author of the best-selling UNIX
System Administration Handbook, and its Linux-focused counterpart, due in
bookstores late this year. He has been teaching tutorials on system
administration at USENIX conferences since 1989, and lately spends most of his
time pondering security methodology for the corporate environment. Trent is
Cisco CCIE-certified and is often known to obsess over system and network
performance issues.
S10 SSH Introduction Through
Implementation NEW
Steve Acheson, Cisco Systems, Inc.
SSH, the Secure Shell program, has matured into a popular and powerful tool for
secure system access and securely performing remote functions such as rdist.
This tutorial will help you navigate the many SSH features and related software
and will show how to use SSH in a large networked environment.
Topics include:
-
SSH features and authentication methods
-
Overview of the different versions (both public and commercial)
-
How to secure X11 connections using SSH
-
How to do secure port forwarding with SSH
-
Software available for use with SSH (e.g., rdist, rsync)
-
How to impliment SSH in a large networked environment
Steve Acheson (S10) is currently a Computer Security
Analyst at Cisco Systems, Inc. where he is a senior member of the Computer
Information Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall access.
Prior to working for Cisco, Steve managed security for NASA's Numerical
Aerospace Simulations facility at Ames Research Center. He has worked in the
field as a System Administrator, Network Engineer and Security Analyst for over
10 years.
S11 Perl for System Administration
David Blank-Edelman, Northeastern University College
Who should attend: System administrators with at least
advanced-beginner to intermediate experience with Perl who would like a clear
understanding of how to use Perl to make their jobs easier.
Perl was originally created to help with system administration, so it is a
wonder that there's not more instructional material available. This tutorial
aims to remedy this situation by presenting a solid three hours of instruction
on using Perl for system administration. You are also likely to deepen your
knowledge of Perl.
Based on the instructor's just-published O'Reilly book, this tutorial will take
a multi-platform approach to the subject. We'll be exploring cutting-edge and
old standby system-administration topics as they manifest themselves on both
UNIX and Windows NT/2000 platforms.
Topics include:
-
Secure Perl scripting
-
Files and file systems (including source control, XML, databases, and log files)
-
SQL databases via DBI and ODBC
-
Email as a system administration tool (including spam analysis)
-
Network directory services (including NIS, DNS, LDAP, and ADSI)
-
Network management (including SNMP and WBEM)
David N. Blank-Edelman (S11, S15) is
the Director of
Technology at the Northeastern University College of Computer Science and the
author of the new O'Reilly book Perl for System Administration. He has spent the
last 14 years as a system/network administrator in large multi-platform
environments including Brandeis University, Cambridge Technology Group, and the
MIT Media Laboratory. He has served as Senior Technical Editor for the Perl
Journal and has written many magazine articles on world music.
S15 Perl Saves the Day
David N. Blank-Edelman, Northeastern University
Who should attend: People with system administration duties,
advanced-beginner to intermediate Perl experience, and a desire to make their
jobs easier and less stressful in times of sysadmin crisis.
Perl is an excellent language for rapid development and prototyping. Thanks to
the power of the core language and the large body of additional modules, it is
often possible to write programs quickly to solve pressing problems. System
administrators have no shortage of pressing problems, so knowing how to wield
this "swiss-army chain saw" can be a lifesaver.
This tutorial will be centered around a set of "battle stories" and the Perl
source code used to deal with them. The code presented in this class will be
mostly UNIX-based, though the approaches we'll talk about won't be
operating-system-specific. Attendees will leave this class with new ideas for
writing small Perl programs to get out of big sysadmin pinches.
David N. Blank-Edelman (S11, S15) is
the Director of
Technology at the Northeastern University College of Computer Science and the
author of the new O'Reilly book Perl for System Administration. He has spent the
last 14 years as a system/network administrator in large multi-platform
environments including Brandeis University, Cambridge Technology Group, and the
MIT Media Laboratory. He has served as Senior Technical Editor for the Perl
Journal and has written many magazine articles on world music.
S16
Understanding and Implementing DHCP
Greg Kulosa, Consultant
Who should attend: Anyone with networked TCP/IP clients who wants
to distribute network information to those clients automatically. Attendees
should have a basic knowledge of TCP/IP and typical network setup. Attendees
should also understand procedures for installing and working with their
operating system.
DHCP can be used to distribute IP address, router, DNS, WINS, and other
information to network clients, without having to manually configure each
machine.
Topics include:
-
DHCP protocol in depth
-
Detailed coverage of ISC DHCP server
-
Failover protocol and how to configure
-
Dynamic DNS configuration
-
Classes
-
Conditional behavior (if, then)
-
Allowing or denying specific hosts
-
Allowing or denying by host type or sending specific options to certain host
types
-
Relay agents and Relay Agent Information Option
-
Common DHCP clients
-
Debugging tips
Greg Kulosa (S16) has been a Unix Systems Administra
tor for 10+ years. He is currently a Senior consultant, solving a myriad of host
and networking problems for a variety of clients. He has rolled out DHCP to
networks from 2 to 1500 machines (Windows, Macintosh, Linux, Solaris
2.xclients).
|