Gerald Carter (S1, M3) has been a member of the SAMBA Team since 1998. He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
S2 Advanced Topics in DNS Administration
Jim Reid, Consultant
9:00 a.m.5:00 p.m., Crescent Room
Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience
of running a name server and be familiar with DNS jargon for resource records,
as well as the syntax of zone files and named.conf.
This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"
Topics include:
- The BIND9 logging subsystem
- Getting the most from the name server's logs
- Managing the name server with rndc
- Configuring split DNS: internal and external versions of a domain
- Using the views mechanism of BIND9 to implement split DNS
- Setting up an internal root server
- Securing the name server
- Running it chroot()
- Using access control lists
- Preventing unwanted access
- Dynamic DNS (DDNS)
- Dynamic updates with nsupdate
- IPv6
- Resolving and answering queries with IPv6
- Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
- The Lightweight Resolver Daemon, lwresd
- Secure DNS (DNSSEC)
- Using Transaction Signatures (TSIG)
- How to sign zones with dnssec-keygen and dnssec-signzone
Jim Reid (S2), started using a PDP11/45 running V7 UNIX 21 years ago and has been working with UNIX systems ever since. He worked for three years at Origin on behalf of Philips Electronics, where he wrote a DNS management system and designed, built, and ran the DNS infrastructure for the corporate network, one of the biggest in the world. He has over a decade's experience in writing and teaching training courses ranging from kernel internals, through system administration and network security, to DNS administration. He's a frequent speaker at conferences and workshops in Europe and the U.S.
S3 Seven Habits of the Highly Effective System Administrator
NEW
Mike Ciavarella, University of Melbourne, Australia ; Lee Damon, University of Washington
9:00 a.m.5:00 p.m., Hampton Room
Who should attend: Administrators who wish they could finish their work faster, get it right the first time, be granted more hours in their week, or increase their job satisfaction and confidence.
We will focus on enabling the
junior system administrator to "do it right the first time."
We aim to accelerate the experience curve for junior system
administrators by teaching them the time-honored tricks and
effective coping strategies that experienced administrators take
for granted and which are necessary for successful growth of both
the administrator and the site.
Some topics will be UNIX-specific, but much of it will be OS-neutral.
The theories translate, even if the specific tools mentioned don't.
Topics include:
- Tools you should use
- Tools you should avoid
- How to approach security
- Why syncronicity is important
- Root passwords: what not to do
- Rethinking your backup strategy
- Policies: the good, the bad, and the ugly
- Training, mentoring, planning for personal growth
- Ethical issues
- Site planning
- Budgeting
- Statistics
- Books for you/books for your users
Mike Ciavarella (S3, M9, M11) has been producing and editing technical
documentation since he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past four years. Mike has an Honours Degree in
Science from the University of Melbourne and is currently
a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's
Security Practice. In his spare time, Mike is a caffeine addict and
photographer.
Lee Damon (S3) has been a UNIX systems administrator since 1985 and
has been active in SAGE
since its inception. He assisted in developing a mixed AIX/SunOS environment
at IBM Watson Research and has developed mixed environments for Gulfstream
Aerospace and QUALCOMM. He is currently leading the development effort
for the Nikola project at the University of Washington Electrical Engineering
department. He is a member of the SAGE Ethics Working Group and was one of
the commentators on the SAGE Ethics document. He has championed awareness of
Ethics in the systems administration community, including writing it into
policy documents. Lee holds a B.S. in Speech Communication from Oregon State University.
S4 Solaris Internals & Architecture: Performance and Resource Management NEW
Richard McDougall and James Mauro, Sun Microsystems
9:00 a.m.5:00 p.m., Sheffield Room
Who should attend: System administrators, performance analysts, application architects,
database administrators, software developers, and capacity planners.
Anyone interested in the organization and structure of the
Solaris kernel and in how to apply that knowledge to the use of
performance tools and resource controls.
The installed base of Solaris systems for
commercial data processing
and scientific computing applications has grown dramatically over
the last several years, and it continues to grow. The Solaris operating
system has matured significantly, with major changes from the UNIX SVR4 source base on which the
early system was built. An understanding of how the system is
organized is required in order to design and develop applications
that take maximum advantage of the various features of the operating
system, understand the data made available via bundled system
utilities, and optimally configure and tune a Solaris system for
a particular application or load.
Topics include:
- The virtual memory system
- The virtual file system
- The multi-threaded process model
- The kernel dispatcher
- Scheduling classes
- File system implementation
- Resource control
- Management facilities
As each topic is discussed, we cover the performance and observability
aspects, including relevant bundled commands and utilities and the
interpretation of the data they present.
This course is based on Solaris 8 and Solaris 9, but
has applicability to earlier releases. Networking (TCP/IP, STREAMS)
facilities and performance are not covered.
Richard McDougall (S4) is an established engineer in the Performance Application
Engineering group at Sun Microsystems, where he focuses on large systems
performance and architecture. He has over twelve years of performance tuning,
application/kernel development and capacity planning experience on many
different flavours of UNIX. Richard has written a wide range of papers and
tools for measurement, monitoring, tracing, and sizing UNIX systems,
including the memory sizing methodology for Sun, the set of tools known as
"MemTool" to allow fine-grained instrumentation of memory for Solaris, the
recent "Priority Paging" memory algorithms in Solaris, and many of the
unbundled tools for Solaris.
Richard, with Jim Mauro, wrote Solaris Internals: Architecture Tips and
Techniques (Sun Microsystems Press/Prentice Hall) and are currently collaborating on an update of the book for Solaris 8, as well as volume II.
James Mauro (S4) is a Senior Staff Engineer in the Performance and
Availability Engineering group at Sun Microsystems. Jim's
current projects are focused on quantifying and improving
enterprise platform availability, including minimizing recovery
times for data services and Solaris. Jim co-developed a framework
for system availability measurement and benchmarking and is
working on implementing this framework within Sun.
S5 Architecting a Secure Infrastructure: From Networking Through Applications NEW
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.5:00 p.m., Royal Palm Salon 1/2
Who should attend: Network and system administrators who will be
responsible for creating and implementing security
infrastructure. Participants should have an understanding of the
fundamentals of networking, basic familiarity with computing and network
components, and some familiarity with UNIX and scripting languages.
This tutorial will describe how to create a
baseline for policy and how to build that into a secure
infrastructure. It will include case studies from several different types
of business needs: commercial, government, university, and ISP. The
emphasis will be on understanding what drives businesses, practical
application of Infrastructure components, and case studies.
Participants should expect to leave the tutorial with the information
needed to begin identifying drivers and techniques to create effective
policies. In addition, participants should expect to leave the tutorial
with the information needed to begin creating a secure infrastructure.
Topics include:
- Writing effective policies
- Setting standards
- Implementing procedures
- Security concepts (AAA, encryption)
- Security approaches
- Security technologies
- Drivers of business
- Infrastructure
- Firewalls
- Networks
- Servers
- Operating systems
- Web infrastructure
- Securing applications
- Reviewing new technologies
- XML
- Middleware messaging
- Portals
- VOIP
- Entitlement
- IDS
- Logging
- Privacy
- Approaches to outsourcing/out-tasking
Steve Acheson (S5) is currently a Information Security Architect at Cisco
Systems, where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for
NASA's Numerical Aerospace Simulations facility at Ames Research
Center. He has worked in the field as a system administrator,
network engineer, and security analyst for over 15 years.
Laura Kuiper (S5) is currently a Computer Security Architect at Cisco
Systems, where she is a senior member of the Computer Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a
network engineer and security analyst for over 9 years.
S6 Intrusion Detection and Prevention Systems NEW
Marcus Ranum, Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 3/4
Who should attend: Network or security managers responsible for an IDS roll-out, security auditors interested in assessing IDS capabilities, and security managers involved in IDS product selection.
This workshop covers the real-world issues you'll encounter as part
of doing an intrusion detection roll-out or product selection.
There's a lot of hype surrounding Intrusion Detection Systems (IDS)
and Intrusion Prevention Systems (IPS)--what works, and what
doesn't? How do they work? Attendees will learn the advantages and disadvantages of popular approaches to IDS. Deploying
an IDS is only the beginning, many users find, as they have to deal
with false positives and noise. We'll discuss these issues as well
as where to deploy IDSes, how to test them, how to build out-of-band
IDS management networks, and how they interact with switches,
routers, and firewalls.
Topics include:
- Technologies
- IDS and IPS: what they are and how they work
- Burglar alarms and honeypots: low-rent IDS
- Misuse detection and anomaly detection
- False positives, noise, and false alarms
- Does freeware stack up to the commercial products?
- Deployment issues
- Where to place IDS within the network
- Alert tuning: what it is and how it works
- How to estimate the size of an IDS deployment
- How to size and design a logging/management architecture
- Tools and tricks for logging and event correlation
- A typical IDS roll-out
- How to test an IDS for correct function
- IDS benchmarks: bogus and bogusest
- Management issues
- How to justify the expenditures on an IDS to management
- Cyclical maintenance
- Alert management procedures
Marcus J. Ranum (S6, M6) is a world-renowned expert
on security system design and implementation. He is recognized as
the inventor of the proxy firewall and the implementor of the
first commercial firewall product. Since the late 1980s, he has
designed a number of ground-breaking security products, including
the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and
Network Flight Recorder's intrusion detection system. He has
been involved in every level of operations of a security product
business, from developer to founder and CEO of NFR. Marcus has
served as a consultant to many FORTUNE 500 firms and national
governments, as well as serving as a guest lecturer and instructor
at numerous high-tech conferences. He holds both the TISC "Clue" award and the ISSA Hall of Fame award.
S7 Mac OS X System Administration NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 5/6
Who should attend: System administrators who are or will be responsible for
managing Mac OS X systems or are merely curious about it. A
modest background in UNIX system administration is assumed,
including familiarity with basic operating system concepts,
configuring and managing network services, and host and network
security.
Mac OS X is the advanced, BSD-based operating system from
Apple. While many of the technologies are familiar,
some aspects of this new OS make working with it
quite a bit different from other UNIX systems you've managed.
This tutorial presents an overview of the design of Mac OS X
and takes a practical approach to the administrative
aspects of the system. By the end of the course, you'll be
familiar with the fundamentals of the operating system and
have a grab-bag of time-saving tips. These will give you a
quick boost in administering Mac OS X.
Topics include:
- Operating system components
- Management applications
- Boot sequence
- Filesystem issues
- Software installation
- Account management
- Directory and authentication services
- Networking
- File sharing
- Print services
- Web and mail services
- Security issues
- Setup tasks
Leon Towns-von Stauber (S7, M8) started using UNIX systems in 1990 and
has been administering them professionally for the last nine
years in service provider, corporate, and educational
environments. Although he's worked extensively with Solaris,
Linux, HP-UX, AIX, and too many other flavors of UNIX, the
purchase of a NeXT workstation in 1991 introduced him to the
operating system lineage that he would follow from NeXTstep
through to Mac OS X today. Currently he is working on books
for O'Reilly & Associates on Mac OS X security and system
administration.
S8 Using IPsec NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.12:30 p.m., Pacific Salon 1
Who should attend: System and network administrators responsible for network security.
Participants should be familiar with basic networking, including a general
understanding of TCP/IP and experience with network design and system
administration. Work with IPsec is not assumed, nor is expertise in a
particular operating system necessary.
Networks are a traditionally hostile medium, with packet sniffers,
eavesdroppers, man-in-the-middle and replay attacks, and other
ne'er-do-wells working hard to intercept, read, and modify
your traffic. And that's just on your LAN! Enter IPsec. This tutorial
addresses what IPsec is, how it works, and how to use it to
mitigate the afore-mentioned risks, and more. Participants will gain a strong understanding of IPsec's internals, will learn
to recognize when IPsec is the appropriate solution, and will be able to use it
effectively to enhance their network's security.
Topics include:
- How IPsec works: tunnels, transports, encryption and authentication
- Using X.509 certificates and the Internet Keying Exchange (IKE) to automate connection management
- IPsec's strengths and weaknesses
- Debugging connections
- Taking advantage of Linux's opportunistic encryption
- Configuration walkthroughs for Linux, FreeBSD and NetBSD, OpenBSD, Windows 2000, and/or Cisco IOS (depending on audience needs)
Mike DeGraw-Bertsch (S8, M7) has been working with FreeBSD for ten years, and
has been active in security for the last five years. He has written
articles for the O'Reilly Network and SysAdmin Magazine and is writing
UNIX Systems and Network Security for Springer-Verlag. Mike
is a security and networking consultant and spends
his free time as an ice hockey goalie.
S9 Enterprise Log Analysis: Tips, Tricks, and Techniques
NEW
Sweth Chandramouli, Idiopathic Systems Consulting
9:00 a.m.12:30 p.m., Pacific Salon 2
Who should attend: Intermediate to advanced systems, network, and
security administrators with responsibility for analysis of large
or complex amounts of log data. Familiarity with either or both
of UNIX syslog and Windows EventLog is assumed.
This tutorial will provide an overview of advanced
log analysis techniques, with a focus on learning how to recognize
the types of data for which different techniques are appropriate,
rather than on application-specific implementations of those
techniques.
Topics include:
- Positive and negative filtering
- Graphical and algorithmic outlier analysis
- Historical analysis
- Procedural correlation
- Object classification analysis
- Event distillation/reduction
Sweth Chandramouli (S9) is the Founder and President of
Idiopathic Systems Consulting, providing information security, UNIX and
network systems design and implementation, and data analysis services
for a client base ranging from sole proprietorships to Fortune 100
companies to the US government. He has previously served as CTO for
Homeland Security (Justice Programs) at Lockheed Martin Information
Technology, and as Director of Systems Architecture for ServerVault,
Inc.
Sweth has an extensive background in the field of Log Analysis,
including the development of log analysis tools for companies such as
Counterpane Internet Security and agencies such as the US DHS Bureau of
Immigration and Customs Enforcement. He is also an active contributor
to the loganalysis mailing list, and has written about the topic
extensively.
S10 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.12:30 p.m., Pacific Salon 3
Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.
Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems.
The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.
In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."
Topics include:
- Inside the regex engine
- Regular expressions are programs
- Backtracking
- NFA vs. DFA
- POSIX and Perl
- Quantifiers
- Greed and anti-greed
- Anchors and assertions
- Backreferences
- Disasters and optimizations
- Where machines come from
- Disaster examples
- Tokenizing
- New optimizations
- Matching strings with balanced parentheses
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
S11 Veritas Volume Manager:
Beyond the GUI NEW
Douglas Hughes, Global Crossing
1:30 p.m.5:30 p.m., Pacific Salon 1
Who should attend: Those who wish to learn how to effectively
make use of the copious command line capabilities of Veritas Volume
Managerm and how VxVM integrates with system startup
scripts. Some familiarity with how VxVM works at a high level is helpful.
Intermediate to advanced users may find the mid to end parts of the course
most interesting. Beginners will receive a short introduction to volume
manager terminology. There should be something for everybody.
Topics include:
- Fundamentals of terminology and volume components (volume, plex, subdisk)
(a short comparison with disksuite and LVM)
- Creating volumes
- Workhorse tools (vxassist, vxresize, vxsd, vxedit, vxmake)
- Performance tuning (vxstat, vxtrace)
- How it works at bootup
- Recovery and maintenance
- What the daemons do
- Disk and volume management (to encapsulate or not, capacity planning, naming)
- Dynamic multi-pathing
Not covered:
- Specifics of integration with hardware vendors
Doug Hughes (S11) is a founding member of and frequent contributor to the veritas-vx
and ssa-managers mailing lists. He has been using Veritas Volume Manager
since the mid 1990s. He is also the keeper of one of the tips and
tricks Web pages for Veritas and related storage technologies
(https://www.will.to/vxstuff). Doug has a B.E. in Computer Engineering
from Pennsylvania State University and currently works for a large
multinational telecommunications company.
S12 Combating Spam Using SpamAssassin, MIMEDefang, and Perl NEW
David Skoll, Roaring Penguin Software
1:30 p.m.5:30 p.m., Pacific Salon 2
Who should attend: System administrators, network administrators, and
email administrators tackling the problem of spam in the enterprise.
Participants should have a basic familiarity with SMTP and Perl.
The course will feature a high-speed introduction to SpamAssassin on
UNIX/Linux and MIMEDefang and will describe concrete steps
administrators can take to reduce spam. It will then zero in on
MIMEDefang (created by David Skoll) and Sendmail. Participants will
have ample opportunity to ask about the application of MIMEDefang and
Perl modules in their particular environment.
Topics include:
- Introduction to mail filtering
- Why filter?
- What are we filtering?
- Where to filter: on server, or on client?
- Introduction to Sendmail's Milter API
- Introduction to MIMEDefang
- Writing MIMEDefang filters
- Advanced filter writing
- Information to use: HELO, relay address, envelope addresses, message content
- Receive-only addresses and bounces
- To bounce, or not to bounce?
- Attachment stripping
- Common spam techniques and how to fight them
- SpamAssassin integration
- Advanced topics
- Tuning MIMEDefang to handle huge loads
- Preserving relay information across a chain of MX hosts
- Recipient-verification on the final MX host before accepting mail
David Skoll (S12) is founder and president of Roaring Penguin Software,
Inc., a consulting firm focused on deploying intelligent computing
infrastructures for businesses of all sizes and incorporating Linux
into heterogeneous environments. Skoll is the developer of MIMEDefang,
the acclaimed open-source email inspection software, and creator of
RP-PPPoE, deployed across Linux servers and clients worldwide. He is
author of Caldera's OpenLinux Unleashed and frequently writes and
presents for the Linux and open source communities. More information
can be found at https://www.roaringpenguin.com.
S13 Perl Programming: Tricks of the Wizards UPDATED
Mark-Jason Dominus, Consultant and Author
1:30 p.m.5:30 p.m., Pacific Salon 3
Who should attend: Anyone who has a basic familiarity with Perl's
packages, references, modules, and objects, and wants to become a wizard.
This class will explore Perl's most unusual features. We'll look at
some of the standard modules written by famous wizards such as Tom
Christiansen, Damian Conway, and Larry Wall, and learn what they're
for and how they work.
Topics include:
- Perl's remarkable "glob" feature
- An assortment of uses of globs
- The much-used and mysterious Exporter module
- How to do globby magic with Perl 6, which won't have globs
- Unusual uses of the "tie" function, including:
- Hashes with case-insensitive keys
- Arrays that mirror the contents of a file
- Filehandles that suppress annoying output
- "AUTOLOAD," the Function of Last Resort
- The new "source filter" feature, which allows you to program in any language and translate to Perl at the last moment
- How to add a switch statement to Perl
- How to make Perl 5 emulate the variable syntax of Perl 6
- Last but not least: Nine useful enchantments that take only 30 seconds each
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.