TRAINING
Overview |
By day: Sunday, Monday, Tuesday |
By Instructor | All in One File
Tuesday, October 28, 2003
|
T1 Advanced Topics in System Administration and Security
Trent Hein and Ned McClain, Applied Trust
9:00 a.m.5:00 p.m., Windsor Room
Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner.
This tutorial covers six topics of critical importance to all system administrators and power users.
Topics include:
- Digital forensics tools and techniques: Investigating computer security incidents has become a necessary skill for all system administrators. We'll discuss the secrets of digital forensics, including how to find out what happened without destroying possible evidence. This section will highlight several incident investigation tools and give examples of their use in real-life scenarios.
- Linux kernel tuning: As Linux's popularity in production environments increases, the need for knowledge on tuning a Linux kernel becomes ever so important. Whether it's performance, security, or functionality you're looking to cajole your system into, we'll give you the what to's and the how to's, and even the what you can'ts of this rare art.
- Handling digital forensic evidence: Information collected from a digital crime scene must be handled according to a strict set of rules. We'll talk about what you should do with log files, filesystems, and other digital evidence that might be used in court. This section will get you comfortable with all aspects
of evidence handling, from secure evidence collection to the chain of custody.
- Stateful firewalls: Keeping up with the latest security technology can be a challenge, but it is essential to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering using iptables.
- Network intrusion detection systems: New NIDS products are appearing every day. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. Leave this section with the information you need to select and implement a NIDS solution that's right for you.
- Performance crisis case studies #3: Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you might someday face. This is a great way
to gain practical knowledge in the performance arena.
Trent Hein (T1) is co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.
Ned McClain (T1), co-founder and CTO of Applied Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author
to both the UNIX System Administration Handbook and the Linux Administration Handbook.
T2 System and Network Monitoring: Tools in Depth NEW
John Sellens, Certainty Solutions
9:00 a.m.5:00 p.m., Pacific Salon 2
Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.
This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular
and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca. It will build on the background provided by the introductory "System and Network Monitoring" tutorial, so participants should be familiar with the topics covered in that tutorial.
Participants should expect to leave
the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.
Topics include for Nagios, Cricket, MRTG, and Orca:
- Installation
- Configuration, options, how to manage larger and non-trivial configurations
- Reporting and notifications, proactive and reactive
- Special cases: interesting problems
- How to write scripts or programs to extend functionality
- Dealing effectively with network boundaries and remote sites
- Security concerns, access control
- Ongoing operations
John Sellens (M2, T2) has been involved in system and network
administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
T3 WiFi Security: The Trials and Tribulations of Designing, Deploying, and Using WiFi Networks Securely NEW
William A. Arbaugh, University of Maryland, College Park
9:00 a.m.5:00 p.m., Royal Palm Salon 1/2/3
Who should attend: Designers, administrators, and power users of WiFi networks who need to design, deploy, and/or operate a WiFi network. Previous experience with or knowledge of wireless networking is helpful but not required.
This tutorial will present the security problems with current and legacy WiFi equipment, and then explain the more recent and proposed standard changes designed to mitigate and in some cases eliminate those problems, e.g., WiFi Protected Access (WPA) and Robust Security Network (RSN). Following the explanations, a detailed design example will be presented and the participants will be shown how to design, deploy, and test wireless architectures using legacy, WPA, and RSN equipment.
Finally, participants will be shown how to build and test an architecture using open source software.
Topics include:
- Known attacks against legacy WiFi equipment and the open source tools used for the attacks
- WiFi Protected Access and RSN: what are the changes, and what do they mean?
- Designing a secure WiFi network
- Deploying a secure WiFi network using open source tools
- Testing your WiFi network using open source tools
William Arbaugh (T3) has spent over 15 years performing security research and engineering. Arbaugh and his students were among the first to identify security flaws in the IEEE 802.11 standard, as well as several proposed fixes to the standard. He and his students are actively involved in the IEEE and the IETF standards processes, doing their best to ensure that future standards are more robust. He and Jon Edney are the authors of a forthcoming book (Addison-Wesley, Fall 2003) entitled Wi-Fi Protected Access: Wireless Security and 802.11.
T4 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies
9:00 a.m.5:00 p.m., Pacific Salon 1
Who should attend: UNIX administrators who need more knowledge of Solaris administration.
This course covers a variety of topics that are of importance to
Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 9 features and functions.
Topics include:
- Installing and upgrading
- Architecting your facility
- Choosing appropriate hardware
- Planning your installation, filesystem layout, post-installation steps
- Installing (and removing) patches and packages
- Advanced features of Solaris 2
- Filesystems and their uses
- The /proc filesystem and commands
- Useful tips and techniques
- Networking and the kernel
- Virtual IP: configuration and uses
- Kernel and performance tuning: new features, adding devices, tuning, debugging commands
- Devices: naming conventions, drivers, gotchas
- Enhancing Solaris
- High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
- Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
- Tools: useful free tools, tool use strategies
- Security: locking down Solaris, system modifications, tools, SunScreen
- Resources and references
Peter Baer Galvin (T4) is the Chief Technologist for Corporate Technologies and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a contributing editor for SysAdmin Magazine, and is coauthor of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
T5 Deploying and Debugging DHCP NEW
George Neville-Neil, Nominum
9:00 a.m.5:00 p.m., Royal Palm Salon 4
Who should attend: System administrators and other IT professionals involved in
deploying the DHCP protocol. Participants should already have
experience working with and managing TCP/IP networks. After completing this tutorial, participants will be well versed in
the language and internals of DHCP and will be able to deploy and debug the
protocol in a variety of environments, from SOHO to large institutions.
This tutorial covers deploying DHCP and debugging common problems observed in day-to-day operation. Packet traces, drawn from a
production network, are used throughout the course to illustrate
particular points.
Topics include:
- Deployment
- Debugging tools and strategies
- Protocol internals
- Working with DNS
- Relay agents
- Providing for legacy (BOOTP) clients
- Working with failover
George Neville-Neil (T5) is a Senior Software Engineer on the Nominum DCS
product, a high-performance DHCP server targeted at the enterprise
market. He has taught courses on DHCP, as well as other networking
subjects, for USENIX, APRICOT, and others. He is a member of the
ACM Queue editorial advisory board and is the author of
several articles. He has a B.Sc. in Computer Science from Northeastern
University in Boston. His computing interests include network
protocols, operating systems, and embedded systems.
T6 Network Security Assessments Workshop NEW
David Rhoades, Maven Security
9:00 a.m.5:00 p.m., Crescent Room
Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.
How do you test a network for security vulnerabilities? Just plug some IP
addresses into a network-scanning tool and click SCAN, right? Not quite.
Numerous commercial and freeware tools assist in locating network-level
security vulnerabilities. However, these tools are fraught with dangers:
accidental denial-of-service, false positives, false negatives, and
long-winded reporting, to name but a few. Performing a security assessment (a.k.a.
vulnerability assessment or penetration test) against a network environment
requires preparation, the right tools, methodology, knowledge, and more.
Topics include:
- Preparation: What you need before you even begin
- Safety measures
- Architecture considerations: Where you scan from affects how you perform the assessment
- Inventory
- Tools of the trade
- Common pitfalls
- Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
- Research and development: What to do when existing tools don't suffice
- Documentation and audit trail
- How to compile useful reports
David Rhoades (M5, T6) is a principal consultant with Maven Security Consulting. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).
T7 Disaster Planning and Recovery: How to Keep Your Company (and Your Job) Alive
NEW
Evan Marcus, Veritas Software
9:00 a.m.5:00 p.m., Royal Palm Salon 5/6
Who should attend: Anyone responsible for their organization's data. Disaster planning is like insurance: nobody wants to talk about it, and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you did personal disaster planning.
After 9/11, the companies that survived were those that had disaster plans in place. This tutorial will show you
what you need to think about, what you need to plan for (and what you can safely avoid), and how you can put a plan into effect if (God forbid!) you ever need to use it.
We will explore the key aspects of developing a disaster recovery plan, including the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing cost and benefit. We will also take a close look at one organization that recovered completely very quickly after 9/11.
Topics include:
- What a DR plan should contain
- The costs of developing a DR plan
- Do you need a DR plan at all?
- The legal and civil liabilities of not having a plan
- Downtime and data loss as two sides of the same coin
- Four different methods for testing your DR plan
- DR as a subset of high availability
- Methods and technologies for protecting data through a disaster
- How disasters might affect the people who are responsible for recovery
- Building and staffing DR teams
- The role of senior management in DR
- Convincing management that a DR plan is necessary
- A real-life case study of a company that survived the 9/11 disaster
Evan Marcus (T7) is a Principal Engineer
and Data Availability Maven with VERITAS Software Corporation. Evan has more than 15 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of the new second edition of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2003). Evan also co-edited and contributed to The Resilient Enterprise, VERITAS Publishing's disaster recovery book.
T8 Next Generation Backup Systems
NEW
Jacob Farmer, Cambridge Computer Services
9:00 a.m.12:30 p.m., Sheffield Room
Who should attend: System administrators involved in the design and management of
backup systems and policymakers responsible for protecting their
organization's data. A general familiarity with server and storage
hardware is assumed. The class focuses on architectures and core
technologies and is relevant regardless of what backup hardware
and software you currently use. Students will leave this lecture with immediate ideas for effective,
inexpensive improvements to their backup systems. They will also
walk away with a model for defining their requirements and identifying
vulnerabilities.
Backup and restore is still the greatest point of pain in the data
center. After years of relatively little technology innovation,
a flurry of new technologies have arrrived on the scene. Many of these technologies are affordable
add-ons to existing backup systems. Others are point solutions that
work independently. This tutorial will set the new technologies into context and provide a framework for formulating
and fulfilling data protection policies.
Topics include:
- A model for defining backup/restore requirements
- Switching the focus from backup to restore
- Applying inexpensive SAN technology to existing backup systems
- Hybrid SAN/LAN backup systems
- Interfacing with third-party snapshots
- Real-time replication
- Block-level incremental backups
- Using disk in the backup system
- Disk-to-disk backup architectures
- Staging tape backups to disk
- Virtual tape systems
- Backing up email systems
- Bare metal restore
- Managing backup and restore for remote sites
- The latest tape drive hardware: LTO-2, S-AIT
Jacob Farmer (T8, T11) is the CTO of
Cambridge Computer Services, a specialized
integrator of backup systems and storage networks. He has over 15
years' experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking which is scheduled to be completed toward
the end of 2003.
T9 Time Management for System Administrators: Getting It All Done and Not Going (More) Crazy! NEW
Tom Limoncelli, Lumeta
9:00 a.m.12:30 p.m., Hampton Room
Who should attend: Sysadmins who want to improve their
time-management skills, who want to have more control over their time
and better follow-through on assignments. If you feel overloaded, miss
appointments, and forget deadlines and tasks, this class is for you.
Do any of these statements sound like you?
- I don't have enough time to get all my work done.
- I don't have control over my schedule
- I'm spending all my time mopping the floor; I don't have
time to fix the leaking pipe.
- My boss says I don't work hard enough, but I'm always working
my off!
Tom Limoncelli used to be a time-management disaster. He reformed
himself and offers his insights in this tutorial. Tom currently
has two job functions at an understaffed startup, chairs conferences,
writes books, maintains 4 personal Web sites, serves on the boards of
two nonprofits, and has a very full social life. Yet he keeps it
all together and has time for himself. If you think you don't have time to take this tutorial, you really
need to take this tutorial!
Topics include:
- Why typical "time management" books don't work for sysadmins
- How to delegate tasks effectively
- How to use RT and other request tracking tools
- A way to keep from ever forgetting a user's request
- Why "to do" lists fail and how to make them work
- Managing your boss
- Managing email more effectively with procmail
- Prioritizing tasks so that users think you're a genius
- Getting more out of your Palm Pilot
- Having more time for fun (for people with a social life)
- Tips on automating sysadmin processes
- Efficient phone calls: how to avoid major time wasters
- How to leave the office every day with a smile on your face
Tom Limoncelli (T9, T12) co-author of
The Practice of System and Network
Administration (Addison-Wesley), is Director of Network Operations
at Lumeta Corporation, where he is responsible for building and
scaling the network. A sysadmin and network wonk since 1987, he
has worked at Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
T10 Perl for System Administration: The Networking Power Hours, Part 1
David N. Blank-Edelman, Northeastern University CCS
9:00 a.m.12:30 p.m., Pacific Salon 3
Who should attend: System and
network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite).
After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.
Topics include:
- SNMP: The Simple Network Management Protocol isn't always so simple to use or understand, but it is ubiquitous. We'll learn how to use Perl to query and configure SNMP versions 1- and 3-capable devices such as switches, routers, and workstations.
- Packet play: It is not uncommon to have to sniff a network looking for specific packets (or sometimes even produce them yourself). Maybe you're debugging a network service or performing a penetration test. We'll look at both sniffing for specific packets and creating them
ourselves from Perl.
- Network monitoring and mapping: With SNMP and packet skills under our belt, we can begin to approach the hard topic of continuously monitoring a network and displaying the results. This module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already built to solve this problem.
David N. Blank-Edelman (T10, T13) is the Director of Technology at the
Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.
T11 iSCSI and IP Storage Networking
NEW
Jacob Farmer, Cambridge Computer Services
1:30 p.m.5:30 p.m., Sheffield Room
Who should attend: System administrators involved in the design and management of
storage and backup systems. A general familiarity with SCSI, storage
devices, and Ethernet switching is assumed. Experience with
storage area networks is helpful but not required. After completing this tutorial, students will know enough about the
various technologies to make purchasing decisions and to design
and configure IP and hybrid storage networks.
Storage area networks (SANs) have traditionally been built on fibre
channel, a relatively expensive and inflexible interface. In the
past two years, products have come to market that allow storage area
networks to leverage Ethernet for less expensive host
connections, for bridging remote SANs, and even for core switching.
In early 2003, the IETF ratified the iSCSI specification, ushering
in a new class of affordable SAN products that leverage your existing
Ethernet and IP infrastructure. This tutorial explains how to design
and configure storage area networks using various Ethernet and
IP-based technologies. In addition, it covers next-generation
file systems that can leverage an Ethernet SAN.
Topics include:
- A crash course on storage area networks
- The shortcomings of SCSI and the advent of fibre channel
- The shortcomings of fibre channel and the need for IP SANs
- iSCSI host connections: configuration options
- iSCSI targets: configuration and alternative architectures
- Three ways to mix iSCSI, fibre channel, and parallel SCSI
- Storage routers
- Storage virtualization
- Multi-protocol switches
- Bridging SANs with IP (FC-IP)
- Core switching with IP (iFCP and mFCP)
- High-performance, SAN-enabled file systems
Jacob Farmer (T8, T11) is the CTO of
Cambridge Computer Services, a specialized
integrator of backup systems and storage networks. He has over 15
years' experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking which is scheduled to be completed toward
the end of 2003.
T12 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Lumeta
1:30 p.m.5:30 p.m., Hampton Room
Who should attend: Sysadmins from environments where upgrading a
single large server, or hundreds of individual hosts, is common.
Although the focus will be on UNIX and IP networks, all sysadmins will benefit
from this tutorial. Examples include situations found both in
small and in large sites.
Imagine a project that involves renumbering the IP addresses on
thousands of hosts, none of which sees more than one interruption.
Imagine upgrading a large server that provides dozens of critical
services with confidence that it will be done on time and with all
services working. Imagine performing one or more changes on 1,000
individual hosts without fear that you've installed the same typo
on each. Imagine a tutorial that teaches the disciplines involved
in making those things happen.
This tutorial will include a mix of theory and case studies
of real events. Case studies will include success stories as well
as disastersthere's much to be learned from both.
Topics include:
- A sample "change management" policy you can start using right away
- The network life cycle: birth, certification, decommission
- Case study: network change management (avoiding outages, managing risk)
- The project everyone hates: moving your data center
- Surviving weekend-long maintenance windows with no major problems
- The secret to successful server upgrades
- Case study: upgrading a major application server
- Case study: upgrading a multi-purpose server
- Service conversions (it's more than just upgrading the software)
- Building and staffing DR teams
- Case study: IP renumbering and reorganization
Tom Limoncelli (T9, T12) co-author of
The Practice of System and Network
Administration (Addison-Wesley), is Director of Network Operations
at Lumeta Corporation, where he is responsible for building and
scaling the network. A sysadmin and network wonk since 1987, he
has worked at Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
T13 Perl for System Administration: The Networking Power Hours, Part 2
David N. Blank-Edelman, Northeastern University CCS
1:30 p.m.5:30 p.m., Pacific Salon 3
Who should attend: System and
network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite). Part 1 (T10) is not a prerequisite for this class.
After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.
Topics include:
- LDAP: If you don't already have a directory service running in your environment, chances are you will soon. It is equally likely that this directory service will be built on or be accessible by the Lightweight Directory Access Protocol. We'll
see how to use Perl to perform common LDAP operations.
- Mail: Perl is an excellent tool for speaking different mail protocols. We'll learn how to use it to send mail with SMTP and perform
different mail operations using POP3 and IMAP. Once we know how to receive mail, we'll look at the process of parsing the mail to help us deal with it.
- Potpourri: There are so many topics in the networking arena that we bend the one-topic-per-hour rule for the last hour. In this module we'll look at how to parse logs
efficiently and effectively, roll your own daemons, and use encrypted transports from Perl.
David N. Blank-Edelman (T10, T13) is the Director of Technology at the
Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.
|