|
Sunday, November 14, 2004
|
S1 Hands-on Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 1 of 2)
Rik Farrow, Security Consultant
9:00 a.m.–5:00 p.m.
Who should attend: System administrators of Linux and other UNIX systems; anyone who runs a public UNIX server.
Few people enjoy learning how to swim by being tossed into the ocean, but that's what happens if a system you manage gets hacked. You often have little choice other than to reload that system, patch it, and get it running again. This two-day class gives you a chance to work with systems that have been "hacked," letting you search for hidden files or services or other evidence of the intrusion. Examples are taken from real, recent attacks on Linux systems. You will perform hands-on exercises with dual-use tools to replicate what intruders do as well as with tools dedicated to security. The tools vary from the ordinary, such as find and strings, to less familiar but very important ones, such as lsof, scanners, sniffers, and the Sleuth Kit.
The lecture portion of this class covers the background you need to understand UNIX security principles, TCP/IP, scanning, and popular attack strategies.
Day Two will explore the defenses for networks and individual systems. The class will end with a discussion of the use of patching tools for Linux, including cfengine.
Class exercises will require that you have an x86-based laptop computer that can be booted from a KNOPPIX CD. Macintosh owners interested in taking this class should contact the instructor, as a bootable KNOPPIX CD for the PPC may be provided as well if there is sufficient interest. Students will receive a version of Linux on CD that includes the tools, files, and exercises used in the course. If you have a laptop but don't know whether it can run a bootable Linux CD (that will not have an impact on your installed hard drive or operating systems), please download a copy of KNOPPIX (https://www.knoppix.org), burn it, and try it out. KNOPPIX support for wireless is the same as common Linux kernels (not exciting), but KNOPPIX does a superb job of handling most other hardware found in laptops.
Exercises include:
DAY ONE:
- Finding hidden files and evidence of intrusion
- TCP/IP and its abuses
- hping2 probes while using ethereal
- nmap while watching with ethereal or tcpdump (connect and SYN scans)
- Working with buffer-overflow exploit examples
- Apache servers and finding bugs in scripts
DAY TWO:
- John the Ripper, password cracking
- Elevation of privilege and suid shells
- Rootkits, and finding rootkits (chkrootkit)
- Sleuth Kit (looking at intrusion timelines)
- iptables and netfilter
- cfengine configuration
Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.
S2 System and Network Monitoring
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m.
Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.
Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.
Topics include:
- Monitoring: goals, techniques,
reporting
- SNMP: the protocol, reference
materials, relevant RFCs
- Introduction to SNMP MIBs (Management Information Bases)
- SNMP tools and libraries
- Other (non-SNMP) tools
- Security concerns when using SNMP and other tools on the network
- Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
- Special situations: remote locations, firewalls, etc.
- Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting
John Sellens (S2, M2) has been involved in system and network administration
since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
S3 Seven Habits of the Highly Effective System Administrator
Mike Ciavarella, University
of Melbourne, and Lee Damon, University of Washington
9:00 a.m.–5:00 p.m.
Who should attend: Junior system
administrators with anywhere from little to 3+ years of experience
in computer system administration. We will focus on enabling the
junior system administrator to "do it right the first time." Some topics will use UNIX-specific tools as examples, but the class is applicable to any sysadmin and
any OS. Most of the material covered is "the other 90%" of system administration—things
every sysadmin needs to do and to know, but which aren't details of specific
technical implementation.
We aim to accelerate the experience curve for junior system
administrators by teaching them the time honored tricks (and
effective coping strategies) that experienced administrators take
for granted and which are necessary for successful growth of both
the administrator and the site.
The class covers many of the best practices that senior administrators
have long incorporated in their work. We will touch on tools you
should use, as well as tools you should try to avoid. We will touch
on things that come up frequently, as well as those which happen
only once or twice a year. We will look at a basic security approach.
We will talk about issues such as why your computers should all
agree on what time it is, why root passwords should not be the same
on every computer, why backing up every filesystem on every computer
is not always a good idea, policies - where you want them and where
you might want to avoid them. Ethical issues, growth and success
as a solo-sysadmin as well as in small, medium, and large teams.
We will discuss training, mentoring and personal growth planning
as well as site planning, budgeting and logistics. We will discuss
books that can help you and your users.
Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching Software
Engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
Lee Damon (S3) has a B.S. in Speech Communication from Oregon State University. He
has been a UNIX system administrator since 1985 and has been active in SAGE
since its inception. He assisted in developing a mixed AIX/SunOS environment
at IBM Watson Research and has developed mixed environments for Gulfstream
Aerospace and QUALCOMM. He is currently leading the development effort
for the Nikola project at the University of Washington Electrical Engineering
department. He chaired the SAGE Ethics Working Group and coordinated
authorship of the initial draft of the current document. He has championed awareness of
ethics in the system administration community, including writing it into
policy documents.
S4 Solaris Kernel Performance, Observability, and Debugging
James Mauro and Richard McDougall, Sun Microsystems
9:00 a.m.–5:00 p.m.
Who should attend: System/database administrators and
performance analysts wanting to obtain a deeper understanding of the
key Solaris subsystems, as well as the tools and facilities that can
be used to observe, trace, debug and optimize performance. Attendees
should have some basic understanding of operating system principles
and application performance analysis.
Applications are becoming more complex every day, and many of the new
Solaris features significantly reduce the effort required to
administer and anazlyze performance of the entire application and
operating system stack. In this class we provide an architectual
overview of the major Solaris subsystems, and methodologies for the
end-to-end analysis and control.
Topics include:
- Kernel debugging/monitoring tools
- Introduction to core file analysis
- Mastering Solaris DTrace
- How to debug/monitor with 'mdb'
- Performance monitoring and tuning
- Using DTrace for performance optimization
- Overview of Solaris perf tools
- Process management & scheduling
- Introduction to the Solaris process and thread model
- Developing and tuning multi-threaded processes
- Observing debugging processes with the ptools
- Controlling processes with ptools
- Introduction to scheduling
- Controlling and observing scheduling behavior
- File systems
- Overview of Solaris file system architecture
- Understanding caching
- File systems in Solaris - UFS, NFS and the new S10 ZFS
- Measurement and tuning
- Memory
- Overview of Solaris virtual memory
- Observing and managing memory
- Understanding memory utilization, optimizing and monitoring
- Workload consolidation and resource management
- Introduction to tools for workload and resource management
- Workload measurement
- Using Solaris resource manager to isolate and control workloads
- Using zones to containerize applications
James Mauro (S4) is a Senior Staff Engineer in the Performance and Availability
Engineering group at Sun Microsystems. Jim's
current projects are focused on quantifying and improving
enterprise platform availability, including minimizing recovery
times for data services and Solaris. Jim co-developed a framework
for system availability measurement and benchmarking, and is
working on implementing this framework within Sun.
Richard McDougall (S4) is a Sun Microsystems Distinguished Engineer who
specializes in operating systems technology and system performance. He
is based at the Menlo Park Performance and Availability Engineering
group, where he drives development of performance and behavior
enhancements to the Solaris operating system and Sun's hardware
architectures. He has led the development of resource management
principles, has contributed to the development of virtual memory and file
systems within the Solaris operating system, and has architected many
tools for analysis, monitoring, and capacity planning. He is the lead author
for Resource Management (Prentice Hall). He has written numerous
articles and papers on measurement, monitoring, and capacity planning
of Solaris systems and frequently speaks at industry and customer
technical conferences on the topics of system performance and resource
management.
Richard and Jim authored Solaris Internals: Architecture Tips and
Techniques (Sun Microsystems Press/Prentice Hall, Feb 2000, ISBN
0-13-022496-0) and are currently collaborating on an update of the book for
Solaris 8, as well as volume II.
S5 Bridges, Routers, Switches, and Internetworking Protocols
Radia Perlman, Sun Microsystems
9:00 a.m.–5:00 p.m.
Who should attend: Anyone who might need to design a protocol,
implement a protocol, write network-based applications, or plan or
manage a network. Anyone who is just curious about what is really
going on under the covers in a network, and how things got the way
they are. Anyone with the courage to see things from different
angles, and not just parrot orthodoxy. Paradoxically, this tutorial
is good as an introduction to people who are incredibly confused
by all the terms and don't know where to start, as well as people
who have been using this stuff for years, assumed they understood
it, and want to see how all the pieces fit.
The concepts of IP addresses, masks, MAC addresses, routing
algorithms, domains, switches, bridges, are pervasive when dealing
with networks. We all use these terms, and configure these things,
but what is really going on? What are the implications of choosing
a switch vs a router? What kinds of things can go wrong in a
protocol that is misdesigned, misimplemented, or mismanaged? This
tutorial describes the major protocols involved in the network
infrastructure. It describes conceptually what goes on in the packet
switches (both layer 2/bridges and layer 3/routers), as well as
the implications on endnodes. It contrasts connection-oriented
approaches such as ATM and MPLS with connectionless approaches such
as IPv4 and IPv6. It covers the endnode-visible pieces of layer 3,
such as neighbor-discovery and address autoconfiguration. It covers
intradomain routing algorithms (distance vector such as RIP and
link state such as OSPF or IS-IS) and interdomain (BGP). It
describes the spanning tree algorithm used by bridges/switches.
Topics include:
- Layer 2 (MAC) addresses
- Why 6 bytes?
- Relation to layer 3 addresses (IP)
- Bridges
- Basic idea
- Why it's more powerful than a repeater
- Station address learning and forwarding
- Spanning tree
- What are switches? "switched Ethernet"
- Connection-oriented networks: ATM, MPLS
- Connectionless protocols: IPv4, IPv6, and comparison with others
- Neighbor discovery (ARP, DHCP)
- Routing (distance vector vs link state, interdomain vs intradomain)
- IP Multicast
- NAT
Radia Perlman (S5, M5) is a Distinguished Engineer at Sun Microsystems. She is known
for her contributions to bridging (spanning tree algorithm) and routing (link
state routing), as well as security (sabotage-proof networks). She is the
author of Interconnections: Bridges, Routers, Switches, and Internetworking
Protocols and co-author of Network Security: Private Communication in a
Public World, two of the top ten networking reference books, according to
Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.
S6 Essential Topics in System Administration
Trent Hein and Ned McClain, Applied Trust Engineering
9:00 a.m.–5:00 p.m.
Who should attend: System and network administrators who are
interested in picking up several new technologies quickly.
Topics include:
- BIND9 Tips and Tricks: A Better DNS
Most sites have migrated to BIND9, but are you really getting the most out
of this major rewrite of the Internet's most popular nameserver? Learn
about powerful new functionality such as split views, remote management,
and even DNSSEC. This topic is a must for every modern administrator.
- Rapid Linux Disaster Recovery
Tape backups are essential, but they are not
an efficient way to restore a server in an emergency. We evaluate the ins
and outs of Mondo, an open source disaster recovery tool that can create
bootable recovery CDs from any Linux server. When used in tandem with a
solid tape backup system, Mondo recovery CDs can reduce "bare metal"
recovery time from hours to minutes.
- Linux Kernel Tuning
As Linux's popularity in production environments grows, so does your need to know how
to tune the Linux kernel, whether
performance, security, or functionality is your goal. We'll give you the what-tos, the how-tos," and even
the what-you-can'ts of this rare art.
- Practical Integration of UNIX and Active Directory
With Active Directory, Microsoft introduced an open LDAP directory that has
become the de facto authentication store at many organizations. UNIX/Linux
administrators are often tasked with the unthinkable: to integrate UNIX
authentication with Active Directory. We'll not only explore the standard
integration tools, such as OpenLDAP, PAM, and NSS, but will show you
how to create custom scripts to manage Active Directory from UNIX.
- Performance Crises Case Studies
Don't miss the latest episode of this incredibly popular segment! We've
taken a new set of real-life system administration performance crises and
dissected them, providing insight on how to diagnose and remedy situations
that you may someday face.
- Custom Open Source Performance Monitoring
Most organizations have monitoring systems that provide real-time problem
alerts, but few can produce graphs of resource utilization over time. We provide practical examples of extending a monitoring
system to collect historical performance trends. We'll use examples
specific to Nagios and RRDtool, but the lessons and gotchas discussed here
will prove useful to anyone looking to implement any new monitoring system.
Trent Hein (S6, M6) is co-founder of Applied Trust Engineering, a leader in holistic infrastructure and security. Trent worked on the 4.4
BSD port to the MIPS architecture at Berkeley, is co-author of both
the UNIX Systems Administration Handbook and the Linux Administration
Handbook, and holds a B.S. in Computer Science from the University
of Colorado.
Ned McClain (S6, M6), co-founder and CTO of Applied Trust Engineering, lectures
around the globe on applying cutting-edge technology in production computing
environments. Ned holds a B.S. in Computer Science from
Cornell University and is a contributing author of both
the UNIX Systems Administration Handbook and the Linux Administration
Handbook.
S7 An Introduction to OpenAFS and Its Administration
Esther Filderman, Pittsburgh Supercomputing Center, and Alf Wachsmann, Stanford Linear Accelerator Center
9:00 a.m.–5:00 p.m.
Who should attend: Anyone looking to learn more about OpenAFS and how to
set up and administer an OpenAFS cell.
AFS is a global distributed file system which works on many
different operating systems (UNIX, Windows, Mac OS). It is ideal for
sharing data and software in a heterogeneous distributed computing
environment. Now that AFS has become available through an open source license,
it is available to sites and IT groups of all sizes. Although the use of
AFS is simple, setting up your own AFS servers can be a rather
daunting task.
Topics include:
- Overview of AFS concepts and semantics
- Setting up and managing the AFS client (even without your own servers)
- A working outline of the AFS server processes and how they play together
- How to set up a new AFS cell: design decisions, initial
setup, planning for the future
- Authentication issues: Native KAS vs. Kerberos5
- Backups: How and what to choose to use
- AFS tools to make everything from maintenance to
monitoring easier
Esther Filderman (S7) has been working with AFS since its infancy at
CMU, before it was called AFS, and is currently Senior Operations
Specialist and AFS administrator for the Pittsburgh Supercomputing
Center. She has been working to bring AFS content to LISA conferences
since 1999. She is also coordinating documentation efforts for the
OpenAFS project.
Alf Wachsmann (S7) is working at the Stanford Linear Accelerator Center
(SLAC) in the Computing Services' High-Performance Computing Group,
where he is an infrastructure designer and automation specialist. He
has a doctor's degree in natural sciences obtained in Computer Science
at the University of Paderborn (Germany). He worked as a post-doc in the
computing center of DESY Zeuthen (Germany) before he came to SLAC in
1999.
S8 Network Security Profiles: Protocol Threats, Intrusion Classes, and How Hackers Find Exploits
Brad C. Johnson, SystemExperts Corporation
9:00 a.m.–5:00 p.m.
Who should attend: Administrators, managers, auditors, those being audited,
those responsible for responding to intrusions or responsible for network
resources that might be targets for crackers, hackers, or determined
intruders.
Participants should understand the basics of TCP/IP networking. Examples will
use actual tools and will include small amounts of HTML, JavaScript, and Tcl
code and show command-line arguments and GUI-based applications.
This tutorial is focused on helping you understand how people profile your
network to identify resources that might be vulnerable to attack. Simply put, the
more information somebody can generate about your site (by profiling it),
the more likely it is that they will be able to exploit something on it. This
course will also help you recognize common protocol threats and intrusion
classes.
Topics include:
- Profiling your network and system
- Methods and tools
- An example of a profile
- Intrusions
- Awareness and statistics
- Examples of intrusions
- Common intrusion areas
- Web servers
- Web applications
- Wireless infrastructure
- Modems
- Discovery/profiling tools
- Tools: nmap, ntop, nessus, nikto, Satan/Saint/Sara, curl, dsniff, whisker,
netstumbler, Websleuth
- Understanding protocol tunneling
- Protocol profiling threats
- DNS
- SNMP
- Issues with handhelds
- Web infrastructure
Brad C. Johnson (S8, M8) is vice president of SystemExperts Corporation. He has
participated in seminal industry initiatives such as the Open Software
Foundation, X/Open, and the IETF, and has been published in such journals as
Digital Technical Journal, IEEE Computer Society Press, Information Security
Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password
Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics
related to practical network security, penetration analysis, middleware,
and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in
applied management from Lesley University.
S9
Advanced Perl Programming
Tom Christiansen, Consultant
9:00 a.m.–5:00 p.m.
Who should attend: Anyone with a journeyman-level knowledge of Perl programming who wants to hone Perl skills. This class will cover a wide variety of advanced topics in Perl, including
many insights and tricks for using these features effectively. After
completing this class, attendees will have a much richer understanding of
Perl and will be better able to make it part of their daily routine.
Topics include:
- Symbol tables and typeglobs
- Symbolic references
- Useful typeglob tricks (aliasing)
- Modules
- Autoloading
- Overriding built-ins
- Mechanics of exporting
- Function prototypes
- References
- Implications of reference counting
- Using weak references for self-referential data structures
- Autovivification
- Data structure management, including serialization and persistence
- Closures
- Fancy object-oriented programming
- Using closures and other peculiar referents as objects
- Overloading of operators, literals, and more
- Tied objects
- Managing exceptions and warnings
- When die and eval are too primitive for your taste
- The use warnings pragma
- Creating your own warnings classes for modules and objects
- Regular expressions
- Debugging regexes
- qr// operator
- Backtracking avoidance
- Interpolation subtleties
- Embedding code in regexes
- Programming with multiple processes or threads
- The thread model
- The fork model
- Shared memory controls
- Unicode and I/O layers
- Named Unicode characters
- Accessing Unicode properties
- Unicode combined characters
- I/O layers for encoding translation
- Upgrading legacy text files to Unicode
- Unicode display tips
- What's new in Perl lately
- Switch statement
- Defined-or operators
- Pre-compiled modules
- Dynamic handles
- Virtual I/O through strings
Tom Christiansen (S9) has been involved with Perl since day zero of its initial public release in 1987. Author of several books on Perl,
including The Perl Cookbook and Programming Perl from O'Reilly, Tom is
also a major contributor to Perl's online documentation. He holds
undergraduate degrees in computer science and Spanish and a Master's in
computer science. He now lives in Boulder, Colorado.
|
Monday, November 15, 2004
|
|
M1 Hands-On Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 2 of 2)
Rik Farrow, Security Consultant
9:00 a.m.–5:00 p.m.
See Part 1, S1, for the description of the first day of this tutorial.
Day two of this class focuses on practical forensics, that is, how to analyze a possibly hacked Linux or UNIX system from a system administrator's perspective. As a system administrator, you will not be acting as law enforcement, trying to find the perpetrator, but instead will be working as quickly as possible with the goal of uncovering what went wrong. Finding rootkits and backdoors on a sample hacked system gives you an idea of what you might find on other similar systems. You can also get clues about the nature of the attack by discovering the tools left behind on a system by an attacker.
The final portion of this class focuses on patching, with a discussion of cfengine. As this is the second day of a two-day, hands-on course, we will not repeat material covered on the first day, including getting the CD working with your laptop. If you plan on attending the course only the second day, you might want to contact the instructor before the class and get a test CD to ensure that your laptop will work in the classroom environment.
Exercises include:
- John the Ripper, password cracking
- Using and modifying KNOPPIX Linux boot CD
- Elevation of privilege and suid shells
- Rootkits, and finding rootkits (chkrootkit)
- Sleuth Kit (looking at intrusion timelines)
- iptables and netfilter
- cfengine configuration
Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.
M2 System and Network Monitoring: Tools in Depth
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m.
Who should attend: Network and system administrators ready to
implement comprehensive monitoring of their systems and networks
using the best of the freely available tools. Participants should
have an understanding of the fundamentals of networking, familiarity
with computing and network components, UNIX system administration
experience, and some understanding of UNIX programming and scripting
languages.
This tutorial will provide in-depth instruction in the installation
and configuration of some of the most popular and effective system
and network monitoring tools, including Nagios, Cricket, MRTG, and
Orca.
Participants should expect to leave the tutorial with the information
needed to immediately implement, extend, and manage popular monitoring
tools on their systems and networks.
Topics include, for each of Nagios, Cricket, MRTG, and Orca:
- Installation—Basic steps, prerequisites, common problems, and solutions
- Configuration, setup options, and how to manage larger and non-trivial configurations
- Reporting and notifications—proactive and reactive
- Special cases—how to deal with interesting problems
- Extending the tools—how to write scripts or programs to extend the functionality of the basic package
- Dealing effectively with network boundaries and remote sites
- Security concerns and access control
- Ongoing operation
John Sellens (S2, M2) has been involved in system and network administration
since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
M3 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: UNIX administrators who need more knowledge of Solaris administration.
We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. This tutorial has been updated to include Solaris 10 features and functions.
Topics include:
- Installing and upgrading
- Architecting your facility
- Choosing appropriate hardware
- Planning your installation, filesystem layout, post-installation steps
- Installing (and removing) patches and packages
- Avoiding single points of failure
- Advanced features of Solaris 2
- Filesystems and their uses
- The /proc filesystem and commands
- Useful tips and techniques
- Networking and the kernel
- Virtual IP: configuration and uses
- Kernel and performance tuning: new features, adding devices, tuning, debugging commands
- Devices: naming conventions, drivers, gotchas
- Enhancing Solaris
- High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
- Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
- Tools: useful free tools, tool use strategies
- Security: locking down Solaris, system modifications, tools, SunScreen
- Resources and references
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
M4 System Log Aggregation, Statistics, and Analysis
Marcus Ranum, Trusecure Corp.
9:00 a.m.–5:00 p.m.
Who should attend: System and network administrators who are interested in
learning what's going on in their firewalls, servers, network,
and systems; anyone responsible for security and audit or
forensic analysis.
This tutorial covers techniques and software tools for
building your own log analysis system, from aggregating
all your data in a single place, through normalizing it,
searching, and summarizing, to generating statistics and
alerts and warehousing it. We will focus primarily on
open source tools for the UNIX environment, but will
also describe tools for dealing with Windows systems
and various devices such as routers and firewalls.
Topics include:
- Estimating log quantities and log system requirements
- Syslog: mediocre but pervasive logging protocol
- Back-hauling your logs
- Building a central loghost
- Dealing with Windows logs
- Logging on Windows loghosts
- Parsing and normalizing
- Finding needles in haystacks: searching logs
- I'm dumb, but it works: artificial ignorance
- Bayesian spam filters for logging
- Storage and rotation
- Databases and logs
- Leveraging the human eyeball: graphing log data
- Alerting
- Legalities of logs as evidence
Marcus Ranum (M4, W2) is senior scientist at Trusecure Corp. and a world-renowned expert
on security system design and implementation.
He is recognized as the inventor of the proxy firewall and the
implementer of the first commercial firewall product. Since the
late 1980s, he has designed a number of groundbreaking security
products, including the DEC SEAL, the TIS firewall toolkit, the
Gauntlet firewall, and NFR's Network Flight Recorder intrusion
detection system. He has been involved in every level of operations
of a security product business, from developer, to founder and CEO
of NFR. Marcus has served as a consultant to many FORTUNE 500 firms
and national governments, as well as serving as a guest lecturer
and instructor at numerous high-tech conferences. In 2001, he was
awarded the TISC Clue award for service to the security community,
and he holds the ISSA lifetime achievement award.
M5 Network Security Protocols: Theory and Current Standards
Radia Perlman, Sun Microsystems,
and Charlie Kaufman, Microsoft
9:00 a.m.–5:00 p.m.
Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required.
First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built.
We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols.
Armed with this conceptual knowledge of the toolkit of tricks, we describe and
critique current standards.
Topics include:
- What problems are we trying to solve?
- Cryptography
- Key distribution
- Trust hierarchies
- Public key (PKI) vs. secret key solutions
- Handshake issues
- Diffie-Hellman
- Man-in-middle defense
- Perfect forward secrecy
- Reflection attacks
- PKI standards
- Real-time protocols
- SSL/TLS
- IPsec (including AH, ESP, and IKE)
- Secure email
- Web security
Radia Perlman (S5, M5) is a Distinguished Engineer at Sun Microsystems. She is known
for her contributions to bridging (spanning tree algorithm) and routing (link
state routing), as well as security (sabotage-proof networks). She is the
author of Interconnections: Bridges, Routers, Switches, and Internetworking
Protocols and co-author of Network Security: Private Communication in a
Public World, two of the top ten networking reference books, according to
Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.
Charlie Kaufman (M5) is Security Architect for the Common Language Runtime group at
Microsoft. He is editor of the new Internet Key Exchange
(IKEv2) protocol for the IPsec working group of IETF. He has contributed
to a number of IETF standards efforts, including chairing the Web
Transaction Security WG, and serving as a member of the Internet
Architecture Board (IAB). He served on the National Academy of Sciences
expert panel which wrote the book "Trust in Cyberspace". He was previously a
Distinguished Engineer at IBM, where he was Chief Security Architect for
Lotus Notes and Domino, and before that Network Security Architect for
Digital. He holds over 25 patents in the fields of computer security and
computer networking. He is coauthor of Network Security: Private
Communication in a Public World (Prentice Hall, 2002).
M6 Six More Essential Topics in System Administration
Trent Hein and Ned McClain, Applied Trust Engineering
9:00 a.m.–5:00 p.m.
Who should attend: System and network administrators who are
interested in picking up several new technologies quickly.
Topics include:
- Practical Network Intrusion Detection
Network intrusion detection has recently matured enough to be useful at
some organizations. Before investing in a massive commercial NIDS
implementation, join us for a discussion of the latest in this field. We'll
evaluate the strengths and weaknesses of various technologies, and what
might work best for your organization. In addition, we will arm you with
enough practical information to deploy an open source NIDS in your
environment.
- Deploying Secure Linux Systems
What needs to be done to secure a new Linux system before you connect to
the network? We'll walk through the essentials of locking down a modern
Linux system and provide tricks to manage its long-term security. These
techniques will help you sleep at night and avoid security headaches down
the road.
- Effective Log Analysis with SEC
Server and network device logs are one of the most useful sources of
performance and security information. Unfortunately, organizations often
ignore system logs, either from lack of time to analyze the logs
or out of frustration with automated analysis tools. We discuss the Simple Event
Correlator, an open source tool for parsing log messages that is
particularly easy to use and configure.
- Stateful Firewalls
Keeping up with the latest security technology can be a challenge, but it
is essential if you are to prevent unwanted intrusions. We'll cover the latest in
basic firewall technology on both Cisco and Linux platforms. Specific
topics covered include context-based access control, reflexive access
lists, and stateful filtering on Linux systems using iptables.
- Security Incident Handling
You've been vigilant about your site's security, but the day still comes
when you detect an intruder. How do you handle the situation, analyze the
intrusion, and restore both security and confidence to your environment?
This crash course in incident handling will give you the skills you need to
assemble a plan at your site to deal with the unthinkable.
- Security Crisis Case Studies
Before your very eyes, we'll dissect a set of real-life security incident
case studies using many tools available on your system or downloadable from the Net.
We'll specifically describe how to avoid common security-incident pitfalls,
and we'll cover the basics of incident investigation.
Trent Hein (S6, M6) is co-founder of Applied Trust Engineering, a leader in
holistic infrastructure and security. Trent worked on the 4.4
BSD port to the MIPS architecture at Berkeley, is co-author of both
the UNIX Systems Administration Handbook and the Linux Administration
Handbook, and holds a B.S. in Computer Science from the University
of Colorado.
Ned McClain (S6, M6) co-founder and CTO of Applied Trust Engineering, lectures
around the globe on applying cutting-edge technology in production computing
environments. Ned holds a B.S. in Computer Science from
Cornell University and is a contributing author of both
the UNIX Systems Administration Handbook and the Linux Administration
Handbook.
M7 Designing, Implementing and Using PKI to Provide Enterprise Security Services
Steve Acheson and Doug Dexter, Cisco Systems
9:00 a.m.–12:30 p.m.
Who should attend: Developers, technical implementers, and managers considering or already
involved with providing a security service based on digital certificates.
PKI has received a bad reputation as being too expensive,
too difficult, and short on payoff. This tutorial provides concrete examples
of working PKI solutions that solve critical business issues relating
to code-signing, device identification, application identity, and VPN
and wireless credential management.
Topics include:
- Public/private key pairs
- Certificates
- Other tools used to provide security services via a public key infrastructure
- PKI trust models
- Enterprise services a PKI can provide
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco
Systems, Inc., where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for NASA's
Numerical Aerospace Simulations facility at Ames Research Center. He
has worked in the field for over 15 years as a system administrator, network engineer, and
security analyst.
Doug Dexter (M7) has been an Information Security Architect with Cisco Systems Corporate Information Security Department for six years. He and
Steve Acheson are the architects for Cisco's internal PKI deployment, which
provides certificates and signs the production code for IP phones, call
managers, and cable modems. Prior to working at Cisco, Doug was in the
US Army for 11 years and is currently a Major in an Army Reserve
Information Warfare unit. He holds an M.B.A. from the University of Texas
at Austin with a concentration in Information Systems, Controls, and
Assurance, and is a CISSP and an MCSE.
M8 Security Standards and Why You Need to Understand Them
Brad C. Johnson and Richard E. Mackey, Jr., SystemExperts Corporation
9:00 a.m.–12:30 p.m.
Who should attend: Administrators, technicians, and managers at any
level who need to understand the gist of the key security standards
and the laws and industry trends that are making these standards
critical to doing business.
Organizations are turning
to security standards both to measure and to document the completeness
and adequacy of their security program. You may need to simply put
a check in the box that says you "substantially comply" with a
particular standard or you may need to prove to yourself, customers, and
partners that you follow acceptable security practices. Unfortunately, organizations do not have a
widely accepted method to prove they are secure. We look to security
standards to meet this need.
Computer security has seen a number of standards, compliance
specifications, and certification authorities. Today, a few are beginning
to gain acceptance by industry groups, but it is still difficult to tell
which of these will stand the test of time and practicality.
Consequently, it's important to understand, at least at a high
level, what the most popular initiatives are attempting to do, what
problems these standards address, and the value they provide.
Topics include:
- Why: The motivations
- Laws: Sarbanes-Oxley, Gramm-Leach-Bliley
- Partnerships
- Internal audits
- What: The standards
- How: The mechanisms
- ISO 17799 reviews and certifications
- Security audits
- Security assessments
- Information criticality assessment (e.g., NSA IAM)
- Penetration and application testing
Brad C. Johnson (S8, M8) is vice president of SystemExperts Corporation. He has
participated in seminal industry initiatives such as the Open Software
Foundation, X/Open, and the IETF, and has been published in such journals as
Digital Technical Journal, IEEE Computer Society Press, Information Security
Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password
Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics
related to practical network security, penetration analysis, middleware,
and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in
applied management from Lesley University.
Richard E. Mackey, Jr. (M8) is principal of SystemExperts Corporation.
Dick Mackey is regarded as one of the industry's foremost authorities on
distributed computing infrastructure and security. Before joining
SystemExperts, he worked in leading technical and director positions at The
Open Group, The Open Software Foundation (DCE), and BBN Corporation (Cronus
Distributed Computing Environment). He has been published often in security
magazines such as ISSA Password, .NET, Information Security, and SC Secure
Computing. He is a regular speaker on computer security topics at various
industry conferences. Dick has a B.S. and an M.S. in Electrical and Computer Engineering from the University of Massachusetts at Amherst.
M9 Revenge of the Three-Headed Dog
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–12:30 p.m.
Who should attend: Administrators who want to
understand Kerberos 5 implementations on both UNIX/Linux and Windows clients
and servers.
For many organizations, Kerberos is an an old technology that has been
driven to the forefront by deployments of Microsoft Active Directory
domains. The introduction of a standard authentication protocol into
Windows domains has caused many network administrators to reexamine ways
to integrate UNIX/Linux and Windows clients in a single authentication
model.
Topics include:
- Key concepts of the Kerberos 5 protocol
- Specific related authentication interfaces such as SASL and
GSSAPI
- The specifics of implementing of Krb5 realms
- Implementations of Krb5 cross-realm trusts
- Integration of Windows and UNIX/Linux clients into Krb5 realms
- Possible pitfalls of using popular
Krb5 implementations such as MIT, Heimdal, and Windows 200x
Gerald Carter (M9, T2, R2) has been a member of the SAMBA development Team
since 1998. He has published articles with various
Web-based magazines and teaches courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration for O'Reilly Publishing.
M10 Over the Edge System Administration, Volume 1
David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.
Who should attend: Old-timers who think they've already seen it all, and those who
want to develop inventive thinking early in their career. Join us and be
prepared to be delighted, disgusted, and amazed. Most of all, be ready to
enrich your network and system adminstration by learning to be different.
It's time to learn how to break the rules, abuse the tools, and generally
turn your system administration knowledge inside out. This class is a
cornucopia of ideas for creative ways to take the standard (and sometimes
not-so-standard) system administration tools and techniques and use them in
ways no one would expect. We'll also cover some tools you may have missed.
Topics include:
- How to (ab)use perfectly good network transports by using them for
purposes never dreamed of by their authors
- How to increase user satisfaction during downtimes with 6 lines of Perl
- How to improve your network services by intentionally throwing away data
- How to drive annoying Web-only applications that don't have a command
line interface—without lifting a finger
- How to use ordinary objects you have lying around the house, such as Silly
Putty, to make your life easier (seriously!)
David N. Blank-Edelman (M10, R3, R6) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the last 19 years as a system/network administrator in large multi-
platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He has given several successful
invited talks off the beaten path at LISA.
M11 Troubleshooting: A Basic Skill
Geoff Halprin, The SysAdmin Group
1:30 p.m.–5:00 p.m.
Who should attend: System administrators wishing to hone their ability to
troubleshoot a problem under pressure, on a system of which their knowledge may be limited.
One of the most basic skills a system administrator must be
able to call upon is that of problem diagnosis and resolution, that is,
troubleshooting. It doesn't matter what else you do; if the system
is broken, your priority is to fix it.
Topics include:
- A general process for troubleshooting
- Specific techniques that will help you get to the root of the problem
- Ways to identify candidate solutions with confidence
Geoff Halprin (M11) has spent over 25 years as a software developer, system administrator, consultant, and troubleshooter. He has written software from system management tools to mission-critical billing systems, has built and run networks for enterprises
of all sizes, and has been called upon to diagnose problems in every aspect of computing infrastructure and software. He has spent more years troubleshooting other
people's systems and programs than he cares to remember. Geoff was on the board
of the System Administrators Guild (SAGE) and is now a member of the
USENIX board of directors.
M12 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques
Æleen Frisch, Exponential Consulting
1:30 p.m.–5:00 p.m.
Who should attend: System administrators who want to explore new
ways of automating administrative tasks. Shell scripts are
appropriate for many jobs, but more complex operations will
often benefit from sophisticated tools.
Topics include:
- Automating installations
- Vendor-supplied tools
- Alternative approaches
- State-of-the-art package control
- Heterogeneous environments
- Other Tools
- Expect: Automating interactive processes
- What to Expect . . .
- Using Expect with other tools
- Security issues
- Amanda, an enterprise backup management facility
- Prerequisites
- Configuration
- Getting the most from Amanda
- STEM, a new package for automating network operations
- Understanding the context and tool capabilities
- Sample applications
- Performance and security issues
- Nagios: Monitoring network and device performance
- How it works
- Sample configurations
- Extending Nagios
- RRDTool: Examining retrospective system data
- Basic operation
- Advanced graphing
- Options for data collection
Æleen Frisch (M12, T3) has been a system administrator for over 20 years. She currently
looks after a pathologically heterogeneous network of UNIX and Windows
systems. She is the author of several books, including Essential
System Administration (now in its 3rd edition).
|
Tuesday, November 16, 2004
|
T1 Network Security Assessments Workshop—Hands-On (Day 1 of 2)
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.
How do you test a network for security vulnerabilities? Just plug
some IP addresses into a network-scanning tool and click SCAN,
right? If only it were that easy. Numerous commercial and freeware tools assist
in locating network-level security vulnerabilities. However, these
tools are fraught with dangers: accidental denial-of-service,
false positives, false negatives, and long-winded reporting, to name but
a few. Performing a security assessment (a.k.a. vulnerability assessment
or penetration test) against a network environment requires
preparation, the right tools, methodology, knowledge, and more.
This hands-on workshop will cover the essential topics for performing
an effective and safe network assessment.
Class exercises will require that students have an x86-based laptop
computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet
network card. Please download a copy of KNOPPIX-STD
(https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system
on a network offering DHCP. Be sure your network card is recognized by
Knoppix-STD, otherwise you will not be able to participate in most classroom
exercises. Wireless access will not be supported during class.
Topics include:
- Preparation: What you need before you even begin
- Safety measures: This often-overlooked topic will cover important
practical steps to minimize or eliminate adverse effects on critical networks
- Architecture considerations: Where you scan from affects how you perform the assessment
- Inventory: Taking an accurate inventory of active systems and protocols
on the target network
- Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
- Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
- Research and development: What to do when existing tools don't suffice
- Documentation and audit trail: How to keep accurate records easily
- How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.
Day 1
- Lab setup and preparation
- Security assessment overview
- Types of assessments
- Choosing an assessment approach
- Assessment preparation
- Defining the purpose
- Rules of engagement
- Assessment logistics
- Open vs. closed testing
- Passive vs. active testing; depth of testing
- Denial of service (DoS)
- Enumeration of target information
- Permission
- Assessment safety
- Verification of tool authenticity
- Vetting tools
- Safety concepts
- The dangers of automated scanners
- Automated tool safety summary
- Documentation and audit trail
- Assessment phase 1: network inventory
- Ping scanning
- Discrete port scanning (host inventory only)
- DNS queries
- Traceroute
- ARP scanning
Day 2
- Assessment phase 2: target analysis
- TCP port scanning
- UDP port scanning
- SNMP
- Assessment phase 3: exploitation and confirmation
- Automated vulnerability scanning tools
- (Online) brute-force attacks
- (Offline) password cracking
- Manual testing
- Special consideration testing
- Firewalls and routers
- Auditing email servers
- Web servers
- Stealth technique summary
- Vulnerability scanning tools
- Automated scanning tools
- Commercial scanners
- Nessus
- Nessus Clients
- Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security
Consulting, Inc. Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the US
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
T2 Implementing LDAP Directories
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.
Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.
System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.
Topics include:
- Replacing NIS domains
- Integrating Samba user accounts
- Authenticating RADIUS clients
- Integrating MTAs such as Sendmail, Qmail, or Postfix
- Creating address books for mail clients
- Managing user access to HTTP and FTP services
- Storing DNS zone information
- Managing printer information
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
T3 Administering Linux in Production Environments
Æleen Frisch, Exponential Consulting
9:00 a.m.–5:00 p.m.
Who should attend: Both current Linux system administrators and
administrators from sites considering converting to Linux or adding
Linux systems to their current computing resources. We will be focusing on the
administrative issues that arise when Linux systems are deployed
to address a variety of real-world tasks and problems arising from
both commercial and research and development contexts.
Topics include:
- Recent kernel developments
- High-performance I/O
- Advanced filesystems and logical volumes
- Disk striping
- Optimizing I/O performance
- Advanced compute-server environments
- Beowulf
- Clustering
- Parallelization environments/facilities
- CPU performance optimization
- High availability Linux: fault tolerance options
- Enterprise-wide authentication
- Fixing the security problems you didn't know you had (or, what's good
enough for the researcher/hobbyist won't do for you)
- Automating installations and other mass operations
- Linux in the office environment
Æleen Frisch (, M12, T3) has been a system administrator for over 20 years. She currently
looks after a pathologically heterogeneous network of UNIX and Windows
systems. She is the author of several books, including Essential
System Administration (now in its 3rd edition).
T4 Advanced Technology in Sendmail
Eric Allman, Sendmail, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: System administrators who want to learn more about the
Sendmail program, particularly details of configuration and operational
issues. This tutorial assumes that you are already familiar with Sendmail,
including installation, configuration, and operation.
In the past few years the face of email has changed dramatically. No
longer is it sufficient to use the default configurations, even in
single-user systems. Spam, regulation, high loads, and increased concerns
about privacy and authentication have caused major changes in sendmail and
in the options available to you.
After a very brief review of Sendmail functionality and terminology, we will
explore some of the newer important features.
Topics include:
- SMTP authentication
- TLS encryption
- The Milter (mail filter interface)
- Many of the newer policy control interfaces
This will be an intense, fast-paced tutorial. It is strongly recommended that
you have read or are familiar with the materials in the Sendmail book
published by O'Reilly and Associates, preferably the 3rd edition (but at least
the 2nd edition).
Eric Allman (T4) is the original author of Sendmail, co-founder and CTO of
Sendmail, Inc., and co-author of Sendmail, published by O'Reilly. At
U.C. Berkeley, he was the chief programmer on the INGRES database
management project, leader of the Mammoth project, and an early
contributer to BSD, authoring syslog, tset, the -me troff macros, and
trek. Eric designed database user and application interfaces at
Britton Lee (later Sharebase) and contributed to the Ring Array
Processor project for neural-network-based speech recognition at the
International Computer Science Institute. Eric is on the Editorial
Review Board of ACM Queue magazine and is a former member of the Board
of Directors of the USENIX Association.
T5 VoIP Principles and Implementation with Asterisk
Heison Chak, SOMA Networks
9:00 a.m.–5:00 p.m.
Who should attend: Managers and system administrators involved in the evaluation, design,
implementation, and deployment of VoIP infrastructures. Participants do
not need prior exposure to VoIP but should understand the principles of networking.
Attendees will come away from this tutorial with strategies for cost -saving improvements to their existing infrastructures and practical
information on deploying VoIP in a variety of environments.
This tutorial will cover VoIP principles, VoIP networks, and their
interaction and interface with the traditional PSTN (Public Switched
Telephone Network) and IP networks. The tutorial will compare a number of
widely used codecs (voice encoders) and VoIP
protocols. As well, The Asterisk open source PBX will be presented to demonstrate
VoIP principles and applications.
Topics include:
- PSTN overview
- VoIP basics
- Codecs (G.711, G.729, etc.)
- Protocols (SIP, IAX, etc.)
- Performance metrics (jitter, latency, etc.)
- VoIP networks (FWD, IAXtel, etc.)
- Implementation examples with Asterisk
- Hardware
- IVR (interactive voice response)
- Dialplan
- TTS (text to speech) applications
Heison Chak (T5) works for SOMA Networks as a network engineer, focusing on network
management and performance analysis as
well as the implementation of data and voice networks. He has
undertaken to design a VoIP platform and to migrate SOMA Networks to it
from an existing legacy PBX system. Chak is an active member of
the Asterisk community.
T6 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m.
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.
We'll examine the virtual memory system, the I/O system and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.
Topics include:
- Performance tuning strategies
- Server tuning
- Filesystem and disk tuning
- Memory consumption and swap space
- System resource monitoring
- NFS issues
- Automounter and other tricks
- Network performance, design, and capacity planning
- Application tuning
- System resource usage
- Memory allocation
- Code profiling
- Job scheduling and queuing
- Real-time issues
- Managing response time
Marc Staveley (T6) works with Soma Networks, where he is applying his many years of experience with UNIX development and administration in
leading their IT group. Previously Marc had been an independent
consultant and also held positions at Sun Microsystems, NCR,
Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development,
multi-threaded programming, system administration, and performance
tuning.
T7 Advanced Shell Programming
Mike Ciavarella, University of Melbourne
9:00 a.m.–12:30 p.m.
Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).
The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.
Topics include:
- Common mistakes and unsafe practices
- Modular shell script programming
- Building blocks: awk, sed, etc.
- Writing secure shell scripts
- Performance tuning
- Choosing the right utilities for the job
- Addressing portability at the design stage
- When not to use shell scripts
Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching Software
Engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
T8 Eliminating Backup System Bottlenecks Using Disk-to-Disk and Other Methods
Jacob Farmer, Cambridge Computer Corp.
9:00 a.m.–12:30 p.m.
Who should attend: System administrators involved in the design
and management of backup systems and policymakers responsible for
protecting their organization's data. A general familiarity with
server and storage hardware is assumed. The class focuses on
architectures and core technologies and is relevant regardless of
what backup hardware and software you currently use. Students will
leave this lecture with immediate ideas for effective, inexpensive
improvements to their backup systems.
The end may finally be in sight for the pains of backup and restore.
The cost of disk storage has crossed the line: it has finally become
practical to use disk to enhance or replace tape-based backup
systems. In turn, software applications have come to market to
facilitate the use of disk in backup systems. Now the problem is
sorting out all of the options and fitting them into your existing
infrastructure. This lecture identifies the major bottlenecks in
conventional backup systems and explains how to address them. The
emphasis is placed on the various roles inexpensive disk can play in
your data protection strategy; however, attention is given to
SAN-enabled backup, the current state and future of tape drives,
iSCSI, and virtual tape.
Topics include:
- Identifying and eliminating backup system bottlenecks
- Conventional disk staging
- Virtual tape libraries
- Incremental forever and synthetic full backup strategies
- Information life cycle management and nearline archiving
- Data replication
- Continuous backup
- Snapshots
- The current and future tape drives
- Zero duplication file systems
- iSCSCI
Jacob Farmer (T8) is the CTO of Cambridge Computer Services, a specialized
integrator of backup systems and storage networks. He has over 15
years of experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking.
T9 Combating Spam Using Sendmail, MIMEDefang, and Perl
David Skoll, Roaring Penguin Software
9:00 a.m.–12:30 p.m.
Who should attend: System administrators, network administrators, and
email administrators tackling the problem of spam in the enterprise.
Participants should be familiar with Sendmail and Perl. Use of or
familiarity with MIMEDefang will be helpful but not necessary to
get the most out of this practical session.
This tutorial will suggest concrete steps administrators can
take to reduce spam using open-source tools for UNIX and Linux.
Topics include:
- Introduction to mail filtering
- Introduction to Milter
- MIMEDefang architecture
- Writing MIMEDefang filters
- SpamAssassin integration
- Virus scanner integration
- Checking address existence at the periphery
- Streaming mail for different recipients
- Greylisting
- Sendmail's SOCKETMAP feature and MIMEDefang
- Performance tuning
- Gathering statistics
- MIMEDefang's notification facility
The spam problem will be outlined briefly, with a focus on main
techniques used by spammers. Attendees will then be shown how to use
MIMEDefang Perl code to detect and combat some of those
techniques. Attendees will also have the opportunity to discuss the
use of MIMEDefang and Perl to achieve their specific goals.
After completing this tutorial, participants will be aware not only
of top spamming techniques, but of concrete methods for combating the
problem using open-source tools.
David Skoll (T9) is founder and president of Roaring Penguin Software, Inc., a firm specializing in email filtering. Skoll is the developer of MIMEDefang,
the acclaimed open-source email inspection software, and the primary developer of CanIt and CanIt-PRO, commercial anti-spam
systems based on MIMEDefang. He is
author of Caldera's OpenLinux Unleashed and frequently writes and
presents for the Linux and open source communities. More information
can be found at https://www.roaringpenguin.com.
T10 Documentation Techniques for SysAdmins
Mike Ciavarella, University
of Melbourne
1:30 p.m.–5:00 p.m.
Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Topics include:
- Why system administrators need to document
- The document life cycle
- Targeting your audience
- An adaptable document framework
- Common mistakes
- Tools to assist the documentation process
Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching Software
Engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
T11 Solaris 10 Security Features
Peter Baer Galvin, Corporate Technologies
1:30 p.m.–5:00 p.m.
Who should attend: Solaris systems managers and administrators interested in
the new security features in Solaris 10 (and features in previous Solaris
releases that they may not be using).
This course covers a variety of topics surrounding Solaris 10 and security.
Solaris 10 includes many new features, and there are new issues to consider
when deploying, implementing, and managing Solaris 10.
Topics include:
- Solaris cryptographic framework
- NFS V4
- Solaris privileges
- Solaris Flash archives and live upgrade
- Moving from NIS to LDAP
- Dtrace
- WBEM
- Smartcard interfaces and APIs
- Kerberos enhancements
- FTP client and server enhancements
- PAM enhancements
- Auditing enhancements
- Password history checking
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
T12 Administering NetBackup
W. Curtis Preston, Glasshouse
Technologies
1:30 p.m.–5:00 p.m.
Who should attend: Administrators and operators of medium to large
NetBackup systems.
Although NetBackup can be administered relatively easily, it can
also be misconfigured relatively easily. Misconfigurations can
cause failed, slow, unnecessary, and unreliable backups. In addition,
they can result in some filesystems or databases accidentally being
excluded from the backup. This tutorial will explain in detail
best practices designed to give you optimum efficiency with minimal
risk, including the recent trend of using disk in your backup system.
NetBackup comes with a dizzying number of options costing from
hundreds to tens of thousands of dollars each. Making sense of
these options can be a difficult and expensive task.
This tutorial will explain the major new features and options in
NetBackup releases 4.5 and 5.x. More important, it will cover
which of these features and options give you the most bang for the
buck.
Topics include:
- NetBackup architecture
- Understanding multistreaming & multiplexing
- Relationship between the Media Manager and NetBackup
- Command line interface
- Important commands to know, including some undocumented commands and options
- bpgetconfig & bpsetconfig, my two new favorite commands
- bpgp: the beauty and the danger
- bppl*: configure all your policies and schedules on the command line
- bpimagelist & bpimmedia: find those backups
- vmquery: find those tapes
- vmchange: move those tapes around
- Designing a NetBackup system
- Sizing the server
- System architecture: what kind of servers and how many of them
- Integrating disk into the mix
W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse
Technologies, the global leader in independent storage services. Curtis has ten years experience designing storage systems for
many environments, both large and small. As a recognized expert in the
field, Curtis has advised the major product vendors regarding product
features and implementation methods. Curtis is the administrator of the
NetBackup, and NetWorker FAQs, and answers the "Ask The Experts" backup
forum on SearchStorage.com. He is also the author of O'Reilly's "UNIX
Backup & Recovery," and "Using SANs & NAS," as well as a monthly column in
Storage Magazine.
|
Wednesday, November 17, 2004
|
W1 Network Security Assessments Workshop—Hands-On (Day 2 of 2)
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.
How do you test a network for security vulnerabilities? Just plug
some IP addresses into a network-scanning tool and click SCAN,
right? If only it were that easy. Numerous commercial and freeware tools assist
in locating network-level security vulnerabilities. However, these
tools are fraught with dangers: accidental denial-of-service,
false positives, false negatives, and long-winded reporting, to name but
a few. Performing a security assessment (a.k.a. vulnerability assessment
or penetration test) against a network environment requires
preparation, the right tools, methodology, knowledge, and more.
This hands-on workshop will cover the essential topics for performing
an effective and safe network assessment.
Class exercises will require that students have an x86-based laptop
computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet
network card. Please download a copy of KNOPPIX-STD
(https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system
on a network offering DHCP. Be sure your network card is recognized by
Knoppix-STD, otherwise you will not be able to participate in most classroom
exercises. Wireless access will not be supported during class.
Topics include:
- Preparation: What you need before you even begin
- Safety measures: This often-overlooked topic will cover important
practical steps to minimize or eliminate adverse effects on critical networks
- Architecture considerations: Where you scan from affects how you perform the assessment
- Inventory: Taking an accurate inventory of active systems and protocols
on the target network
- Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
- Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
- Research and development: What to do when existing tools don't suffice
- Documentation and audit trail: How to keep accurate records easily
- How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.
Day 1
- Lab setup and preparation
- Security assessment overview
- Types of assessments
- Choosing an assessment approach
- Assessment preparation
- Defining the purpose
- Rules of engagement
- Assessment logistics
- Open vs. closed testing
- Passive vs. active testing; depth of testing
- Denial of service (DoS)
- Enumeration of target information
- Permission
- Assessment safety
- Verification of tool authenticity
- Vetting tools
- Safety concepts
- The dangers of automated scanners
- Automated tool safety summary
- Documentation and audit trail
- Assessment phase 1: network inventory
- Ping scanning
- Discrete port scanning (host inventory only)
- DNS queries
- Traceroute
- ARP scanning
Day 2
- Assessment phase 2: target analysis
- TCP port scanning
- UDP port scanning
- SNMP
- Assessment phase 3: exploitation and confirmation
- Automated vulnerability scanning tools
- (Online) brute-force attacks
- (Offline) password cracking
- Manual testing
- Special consideration testing
- Firewalls and routers
- Auditing email servers
- Web servers
- Stealth technique summary
- Vulnerability scanning tools
- Automated scanning tools
- Commercial scanners
- Nessus
- Nessus Clients
- Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security
Consulting, Inc. Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the US
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
W2 Defeating Junk/Spam Email
Marcus Ranum, Trusecure Corp.
9:00 a.m.–5:00 p.m.
Who should attend: Network and system administrators
responsible for email systems; people who are annoyed by junk email;
mail server administrators; senior managers who want to understand the
technologies for blocking junk email. Some familiarity with Internet email systems is recommended. Familiarity with
UNIX system administration is a must.
Is unplugging from the network the only way to avoid junk email? Many
organizations are finding that junk email is a major time-waster and
performance hog. Some individuals are finding that, every morning, 95% of their inbox is
garbage.
This workshop covers real-world issues in dealing with junk email, and how
to block a significant percentage of it from your personal or corporate
network. Attendees will learn the various techniques of junk email blocking,
the tools that are available, and the advantages and disadvantages of various
approaches. We will also examine a number of popular tools in detail, and
discuss configuration and tuning issues.
Topics include:
- Junk email: you know what it is when you get it
- Whitelisting, blacklisting, and blackholing
- Early attempts at junk email blocking
- The state of the art in junk email blocking
- Tools and techniques
- Setting up a centralized junk email blocking system
- Integrating junk email blocking into various mail clients
- Integrating junk email blocking into various servers
- Legalities and legal initiatives
Marcus Ranum (M4, W2) is senior scientist at Trusecure Corp. and a world-renowned expert
on security system design and implementation.
He is recognized as the inventor of the proxy firewall and the
implementer of the first commercial firewall product. Since the
late 1980s, he has designed a number of groundbreaking security
products, including the DEC SEAL, the TIS firewall toolkit, the
Gauntlet firewall, and NFR's Network Flight Recorder intrusion
detection system. He has been involved in every level of operations
of a security product business, from developer, to founder and CEO
of NFR. Marcus has served as a consultant to many FORTUNE 500 firms
and national governments, as well as serving as a guest lecturer
and instructor at numerous high-tech conferences. In 2001, he was
awarded the TISC Clue award for service to the security community,
and he holds the ISSA lifetime achievement award.
W3 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m.
Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs. Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems. The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did. In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i." Topics include: - Inside the regex engine
- Regular expressions are programs
- Backtracking
- NFA vs. DFA
- POSIX and Perl
- Quantifiers
- Greed and anti-greed
- Anchors and assertions
- Backreferences
- Disasters and optimizations
- Where machines come from
- Disaster examples
- Tokenizing
- New optimizations
- Matching strings with balanced parentheses
Mark-Jason Dominus (W3, W6) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
W4 Cisco Device Configuration Basics, Part 1
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–12:30 p.m.
Who should attend: Anyone who bought a Cisco
router or switch on Ebay and wants to know
how to configure it.
This class will go through the steps you need to take to configure your
router or switch from the day you receive it to actually using it.
Topics include:
- Introduction to IOS and its naming
- Cabling your device(s)
- Loading a new image
- Stepping through the configuration basics
- Using the "Setup" script
- Using the Cisco command line interface
- Setting up a hostname, DNS, etc.
- Setting up Network Time Protocol (NTP)
- Router specifics
- Configuring the interfaces and IP addresses
- Forwarding packets (basic routing)
- Switch specifics
- Configuring ports
- Setting up VLANs
- Security: Access Control List basics
- Troubleshooting
- "show" commands
- "debug" commands
- CDP (Cisco Discovery Protocol)
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco
Systems, Inc., where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for NASA's
Numerical Aerospace Simulations facility at Ames Research Center. He
has worked in the field for over 15 years as a system administrator, network engineer, and
security analyst.
Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco
Systems, Inc., where she is a senior member of the Computer Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Laura managed the network at SAIC.
She has worked in the field as a network engineer and security analyst
for over 9 years.
W5 Oracle Backup and Recovery
W. Curtis Preston, Glasshouse
Technologies
9:00 a.m.–12:30 p.m.
Who should attend: System administrators with Oracle in their environment.
Oracle is one of the most popular databases in today's datacenter,
and yet its backup and recovery are often misunderstood and
misconfigured. Learn everything everything you need to know about
Oracle and its backups in this half-day tutorial. We'll start
with an explanation of Oracle architecture, designed especially for
the non-DBA. We'll debunk a few myths along the way, such as the one
that says Oracle datafiles don't change while Oracle is in
backup mode. (You'd be surprised how many people believe that
myth.) Other myths we'll debunk include "You can't do hot
backups without RMAN" and "You can't use RMAN without buying
expensive backup software." Having explained all the pieces that
go into Oracle backup and recovery, the instructor will demonstrate
various Oracle backup and recovery scenarios live.
Topics include:
- Oracle architecture
- Data files
- Tablespaces
- Redo logs
- Control files
- Rollback segment
- Physical backups without a storage manager
- Scripting backups without RMAN
- Using RMAN without a storage manager
- Physical backups with a storage manager
- Managing the archived redo logs
- Recovering Oracle
- Logical backups
W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse
Technologies, the global leader in independent storage services. Curtis has ten years experience designing storage systems for
many environments, both large and small. As a recognized expert in the
field, Curtis has advised the major product vendors regarding product
features and implementation methods. Curtis is the administrator of the
NetBackup, and NetWorker FAQs, and answers the "Ask The Experts" backup
forum on SearchStorage.com. He is also the author of O'Reilly's "UNIX
Backup & Recovery," and "Using SANs & NAS," as well as a monthly column in
Storage Magazine.
W6 Perl Program Repair Shop and Red Flags
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:00 p.m.
Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months'
experience programming in Perl.
You've probably been working too hard when you program,
writing twenty lines of code when you only needed ten. But there is a
better way, and I will show it to you. You'll learn how to improve
your own code and the code of others, making it cleaner, more
readable, more reusable, and more efficient, while at the same time
making it 30-50% smaller. Smaller code contains fewer bugs and takes
less time to maintain.
We will examine several real code examples in detail and see how to
improve them. We'll focus on red flags--warning
signs in your code that are plainly visible once you know what to look
for--and on techniques that require little complex thought or
ingenuity. All the bad code in this class is guaranteed 100% genuine
and typical.
Participants are encouraged to submit their own code for anonymous
review in the class. (Send it to
mjd-lisa-2003+@plover.com.) Class
content varies depending on submissions, but is sure to include some
of the topics listed below.
Topics include:
- Families of variables
- Making relationships explicit
- Refactoring
- Programming by convention
- The Flesh Blanket
- Conciseness
- Why you should avoid the "." operator
- Elimination of global variables
- Superstition
- The "use strict" zombies
- Repressed subconscious urges
- The cardinal rule of computer programming
- The psychology of repeated code
- Techniques for eliminating repeated code
- What can go wrong with "if" and "else"
- The Condition That Ate Michigan
- Resisting "Holy Doctrine"
- Trying it both ways
- Structural vs. functional code
- Elimination of structure
- Boolean values
- Programs that take two steps forward and one step back
- Programs that are 10% backslashes
- 'print print print print print '
- C-style "for" loops
- Loop counter variables
- Array length variables
- Unnecessary shell calls
- How (and why) to let "undef" be the special value
- Confusion of internal and external representations of data
- Tool use
- Elimination of repeated code with higher-order functions
- Learning to use a hammer
- The "swswsw" problem
- Avoiding special cases
- Using uniform data representations
Mark-Jason Dominus (W3, W6) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
W7 Cisco Device Configuration Basics, Part 2
Steve Acheson and Laura Kuiper, Cisco Systems
1:30 p.m.–5:00 p.m.
Who should attend: Anyone who bought a Cisco
router or switch on Ebay and wants to know
how to configure it. This class will build on the morning
class, W4, to help you get the most out of your Cisco equipment.
Topics include:
- Review of IOS capabilities and image features
- Setting up SNMP monitoring
- SSH (secure access)
- Switch specifics
- Spanning tree
- Trunking
- Differences between CatOS- and IOS-based switches
- Router Specifics
- Making your router a DHCP server
- Doing NAT/PAT with your router
- Using the GUI SDM (Security Device Manager) to configure your router
- More security
- PVLAN edge (protected port)
- Local authentication
- RADIUS authentication
- Advanced ACLs
- Using your router as a VPN gateway
- Additional capabilities your router offers
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco
Systems, Inc., where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for NASA's
Numerical Aerospace Simulations facility at Ames Research Center. He
has worked in the field for over 15 years as a system administrator, network engineer, and
security analyst.
Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco
Systems, Inc., where she is a senior member of the Computer Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Laura managed the network at SAIC.
She has worked in the field as a network engineer and security analyst
for over 9 years.
W8 Introduction to Host Configuration and Maintenance with Cfengine
Mark Burgess, Oslo University College
1:30 p.m.–5:00 p.m.
Who should attend: System administrators with a minimal
knowledge of a scripting language who wish to start using cfengine to
automate the maintenance and security of their systems. UNIX
administrators will be most at home in this tutorial, but cfengine can
also be used on Windows 2000 and above.
Cfengine is a tool for setting up and maintaining a configuration
across a network of hosts. It is sometimes called a tool for "Computer
Immunology"--your computer's own immune system. You can think of
cfengine as a very high level language, much higher-level than Perl
or shell, together with a smart agent. The idea behind cfengine is to
create a single "policy" or set of configuration files that describes
the setup of every host on your network, without sacrificing their
autonomy.
Cfengine runs on every host and makes sure that it is in a
policy-conformant state; if necessary, any deviations from policy
rules are fixed automatically. Unlike tools such as rdist, cfengine does
not require hosts to open themselves to any central authority, nor to
subscribe to a fixed image of files. It is a modern tool, supporting
state-of-the-art encryption and IPv6 transport, that can handle
distribution and customization of system resources in huge networks
(tens of thousands of hosts). Cfengine runs on hundreds of thousands
of computers all over the world.
Topics include:
- The components of cfengine and how they are used
- How to get the system running
- How to develop a suitable policy, step by step
- Security
- Examples
- How to customize cfengine for special tasks
Mark Burgess (W8, F4) is a professor at Oslo University College and is the
author of
cfengine. He has been researching the
principles of network
and system administration for over ten years and is the author
of Principles of Network and System Administration (John Wiley & Sons).
He is frequently invited to speak at conferences.
|
Thursday, November 18, 2004
|
R1 Hacking & Securing Web-based Applications—Hands-On (Day 1 of 2)
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: People who are auditing Web application security,
developing Web applications, or managing the development of a Web
application.
Is your Web application secure? CD Universe, CreditCard.com, and
others have found out the hard way: encryption and firewalls are
not enough. Numerous commercial and freeware tools assist in locating network-level
security vulnerabilities. However, these tools are incapable of
locating security issues for Web-based applications.
With numerous real-world examples from the instructor's years of
experience with security assessments, this informative and entertaining
course is based on fact, not theory. The course material is
presented in a step-by-step approach, and will apply to Web portals,
e-commerce (B2B or B2C), online banking, shopping, subscription-based
services, or any Web-enabled application.
Class exercises will require that students have an x86-based laptop
computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet
network card. Please download a copy of KNOPPIX-STD
(https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system
on a network offering DHCP. Be sure your network card is recognized by
Knoppix-STD, otherwise you will not be able to participate in most classroom
exercises. Wireless access will not be supported during class.
Topics include:
- The primary risks facing Web applications
- Exposures and vulnerabilities in HTML and JavaScript, authentication,
and session tracking
- Tools, techniques, and methodologies required to locate weaknesses
- Recommendations for mitigating exposures found
- Best practices for Web application security
Students will be provided access to several target Web applications.
Some of these applications are real applications with known security
issues. Others are mock applications
designed by Maven Security to simulate real security issues. At
each step, the instructor will supply the tools needed and demonstrate
the required techniques. All software provided will be publicly available freeware.
Day 1
- Introduction
- The problem and root causes
- Web primer: HTTP and HTML
- Foundational security
- OS vulnerabilities
- Web server security highlights
- Web server and Web application output
- HTTP headers
- HTML and JavaScript
- Encryption ciphers
- Error messages
- Caching
- Authentication
- Authentication: digital certificates; form-based; HTTP basic
- Threats to authentication
- Sign-on
- User name harvesting
- Brute-force password guessing
- Password harvesting
- Resource exhaustion
Day 2
- Session issues
- Session tracking mechanisms
- Session ID best practices
- Session cloning
- Transaction issues
- Malicious user input
- Hidden form elements
- GET vs. POST
- JavaScript filters
- Improper application logic
- Cross-site scripting (XSS)
- Third-party products
- Testing procedures
- Methodology and safety
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security
Consulting, Inc. Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the US
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
R2 Managing Samba 2.2 & 3.0
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.
Who should attend: System administrators who are
currently managing Samba servers or are planning to deploy
new servers this year. This course will outline the new
features of Samba 3.0, including working demonstrations
throughout the course session.
Topics include:
- Providing basic file and print services
- Upgrading a Samba server from version 2.2 to 3.0
- Integrating with Windows NT 4.0 and Active Directory
authentication services
- Centrally managing printer drivers for Windows clients
- Managing NetBIOS network browsing
- Implementing a Samba primary domain controller along with
Samba backup domain controllers
- Migrating from a Windows NT 4.0 domain to a Samba domain
- Utilizing account storage alternatives to smbpasswd such
as LDAP
- Making use of Samba VFS modules for features such as virus
scanning and a network recycle bin
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
R3 Perl for System Administration
David N. Blank-Edelman, Northeastern University
9:00 a.m.–12:30 p.m.
Who should attend: System and
network administrators with at least advanced-beginner to intermediate Perl skills, who would like a clearer understanding of how Perl can make their jobs easier.
Perl was originally created to help with system administration, so
it is a wonder that there isn't more instructional material
available to help people in our field use Perl to their
advantage. This tutorial hopes to begin to remedy this situation by presenting
a solid three hours of instruction on using Perl for system
administration. You are also likely to deepen
your knowledge of Perl.
Based on the instructor's upcoming O'Reilly book, this tutorial will
take a multi-platform approach to the subject. We'll be exploring
cutting-edge and old standby system administration topics as they
manifest themselves on both UNIX and Windows NT/2000.
Topics include:
- Secure Perl scripting
- Dealing with files and filesystems
- Source control
- XML
- Databases
- Log files
- Dealing with SQL databases via DBI and ODBC
- Email as a sysadmin tool (including spam analysis)
- Network directory services: NIS, DNS, LDAP, ADSI
- Network management: SNMP and WBEM
David N. Blank-Edelman (M10, R3, R6) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the last 19 years as a system/network administrator in large multi-
platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He has given several successful
invited talks off the beaten path at LISA.
R4 Next-Generation Security Tools
Peter Baer Galvin, Corporate Technologies
9:00 a.m.–12:30 p.m.
Who should attend: Systems managers and security managers interested in
current security problems and the new generation of tools designed to solve
those problems.
This course covers a variety of topics of importance to those
designing or implementing security solutions for their installations. It
starts with the nasty world of current security threats and the
problems sites have to solve. It then talks about what is solvable and
what still has no solution. Finally, it covers each of the possible
solutions in detail.
(Note: Most of these solutions are commercial products.)
Topics include:
- A security methodology
- Determining the state of your world
- Determining the problems to solve
- Policy and procedure
- Risk assessment, security audit, and penetration testing
- Firewalls: Why don't they work?
- Protecting Web servers
- Reducing spam
- Patch management and avoiding patching
- Network snooping
- Gaining status knowledge of your facility
- Content filtering and antivirus software
- Weak and strong authentication
- Spyware and peer-to-peer networks
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
R5 Introduction to Domain Name System Administration
William LeFebvre, CNN Internet Technologies
9:00 a.m.–12:30 p.m.
Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.
DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.
This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."
Topics include:
- DNS and BIND
- The DNS name hierarchy
- The four components of DNS
- Iterative vs. recursive querying
- Essential resource records: SOA, A, PTR, CNAME, NS
- Zone transfers and secondaries
- Vendor-specific differences
William LeFebvre (R5, F5) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.
R6 Perl Saves the Day: Writing Small Perl Programs to Get You Out of Big Sysadmin Pinches
David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.
Who should attend: System administrators with at least advanced-beginner to
intermediate Perl skills. This tutorial will show them how to get themselves
out of a jam using Perl.
Perl is an excellent language for rapid development and
prototyping. Thanks to the power of the core language and the large
body of additional modules, it is often possible to write quick
programs to solve pressing problems. System administrators have no
shortage of pressing problems, so knowing how to wield this
"swiss-army chain saw" can be a lifesaver.
Centering on battle stories
and the Perl source code used to deal with them, we'll discuss
approaches to system administration crises using
Perl. The code presented in this class will be mostly UNIX-related,
with a sprinkling of Windows NT/2000 examples, but the approaches
we'll talk about will not be operating-system specific. Students are
welcome to bring their own pressure-cooker problems (solved
or not) for class discussion.
David N. Blank-Edelman (M10, R3, R6) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the last 19 years as a system/network administrator in large multi-
platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He has given several successful
invited talks off the beaten path at LISA.
R7 Recovering from Linux Hard Drive Disasters
Theodore Ts'o, IBM Linux Technology Center
1:30 p.m.–5:00 p.m.
Who should attend: Linux system administrators and users.
Ever had a hard drive fail? Ever kick yourself because you didn't
keep backups of critical files, or you discovered that your regularly
nightly backup didn't succeed?
Of course not: you keep regular backups and
verify them frequently to make sure they are successful, right? But for those of
you who think you might nevertheless someday need this information,
this tutorial will discuss ways of
recovering from hardware or software disasters.
Topics include:
- Low-level techniques to recover data from a corrupted
ext2/ext3 filesystem when backups aren't available
- Recovering from a corrupted partition table
- Using e2image to back up critical ext2/3 filesystem metadata
- Using e2fsck and debugfs to sift through a corrupted filesystem
- Some measures to avoid needing to use heroic measures
Theodore Ts'o (R7) has been a Linux kernel developer since almost the very
beginnings of Linux: he implemented POSIX job control in the
0.10 Linux kernel. He is the maintainer and author of the Linux COM
serial port driver and the Comtrol Rocketport driver, and he architected
and implemented Linux's tty layer. Outside of the kernel, he is
the maintainer of the e2fsck filesystem consistency checker. Ted
is currently employed by IBM Linux Technology Center.
R8 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Cibernet
1:30 p.m.–5:00 p.m.
Who should attend: Sysadmins from environments where upgrading a
single large server, or hundreds of individual hosts, is common.
Although the focus will be on UNIX and IP networks, all sysadmins will benefit
from this tutorial. Examples include situations found both in
small and in large sites.
Imagine a project that involves renumbering the IP addresses on
thousands of hosts, none of which sees more than one interruption.
Imagine upgrading a large server that provides dozens of critical
services with confidence that it will be done on time and with all
services working. Imagine performing one or more changes on 1,000
individual hosts without fear that you've installed the same typo
on each. Imagine a tutorial that teaches the disciplines involved
in making those things happen.
This tutorial will include a mix of theory and case studies
of real events. Case studies will include success stories as well
as disasters—there's much to be learned from both.
Topics include:
- A sample "change management" policy you can start using right away
- The network life cycle: birth, certification, decommission
- Case study: network change management (avoiding outages, managing risk)
- The project everyone hates: moving your data center
- Surviving weekend-long maintenance windows with no major problems
- The secret to successful server upgrades
- Case study: upgrading a major application server
- Case study: upgrading a multi-purpose server
- Service conversions (it's more than just upgrading the software)
- Case study: IP renumbering and reorganization
Tom Limoncelli (R8, F3), co-author of The Practice of System and Network
Administration
(Addison-Wesley), is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he
has worked at Dean for America, Lumeta, Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
|
Friday, November 19, 2004
|
F1 Hacking & Securing Web-based Applications—Hands-On (Day 2 of 2)
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: People who are auditing Web application security,
developing Web applications, or managing the development of a Web
application.
Is your Web application secure? CD Universe, CreditCard.com, and
others have found out the hard way: encryption and firewalls are
not enough. Numerous commercial and freeware tools assist in locating network-level
security vulnerabilities. However, these tools are incapable of
locating security issues for Web-based applications.
With numerous real-world examples from the instructor's years of
experience with security assessments, this informative and entertaining
course is based on fact, not theory. The course material is
presented in a step-by-step approach, and will apply to Web portals,
e-commerce (B2B or B2C), online banking, shopping, subscription-based
services, or any Web-enabled application.
Class exercises will require that students have an x86-based laptop
computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet
network card. Please download a copy of KNOPPIX-STD
(https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system
on a network offering DHCP. Be sure your network card is recognized by
Knoppix-STD, otherwise you will not be able to participate in most classroom
exercises. Wireless access will not be supported during class.
Topics include:
- The primary risks facing Web applications
- Exposures and vulnerabilities in HTML and JavaScript, authentication,
and session tracking
- Tools, techniques, and methodologies required to locate weaknesses
- Recommendations for mitigating exposures found
- Best practices for Web application security
Students will be provided access to several target Web applications.
Some of these applications are real applications with known security
issues. Others are mock applications
designed by Maven Security to simulate real security issues. At
each step, the instructor will supply the tools needed and demonstrate
the required techniques. All software provided will be publicly available freeware.
Day 1
- Introduction
- The problem and root causes
- Web primer: HTTP and HTML
- Foundational security
- OS vulnerabilities
- Web server security highlights
- Web server and Web application output
- HTTP headers
- HTML and JavaScript
- Encryption ciphers
- Error messages
- Caching
- Authentication
- Authentication: digital certificates; form-based; HTTP basic
- Threats to authentication
- Sign-on
- User name harvesting
- Brute-force password guessing
- Password harvesting
- Resource exhaustion
Day 2
- Session issues
- Session tracking mechanisms
- Session ID best practices
- Session cloning
- Transaction issues
- Malicious user input
- Hidden form elements
- GET vs. POST
- JavaScript filters
- Improper application logic
- Cross-site scripting (XSS)
- Third-party products
- Testing procedures
- Methodology and safety
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security
Consulting, Inc. Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the US
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
F2 Cisco Security Features
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–5:00 p.m.
Who should attend: Network and system engineers looking to improve their
familiarity with Cisco's security capabilities; security professionals
interested in the technical details of securing enterprise-class networks.
As security concerns become more pervasive throughout the enterprise
market, pressure on network engineers to be more security-conscious
continues to grow. In tandem, as smaller enterprises increase their reliance on
networked systems, they need network engineers to keep these systems
secure. This session provides network engineers with a detailed overview of
enterprise networking security and explores how Cisco security
features can help the enterprise network.
Topics include:
- Infrastructure
- Device configurations
- Device access and user administration
- Routing protocol security
- Layer 2/switches
- Access control
- Access Control Lists (ACLs)
- Standard vs. extended
- Dynamic
- Time-based
- Firewalls
- CBAC
- PIX
- Authentication services
- Netword Admission Control (NAC)
- IP telephony
- Wireless LANs
- 802.1x
- Intrusion prevention
- VPNs
- Monitoring
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco
Systems, Inc., where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for NASA's
Numerical Aerospace Simulations facility at Ames Research Center. He
has worked in the field for over 15 years as a system administrator, network engineer, and
security analyst.
Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco
Systems, Inc., where she is a senior member of the Computer Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Laura managed the network at SAIC.
She has worked in the field as a network engineer and security analyst
for over 9 years.
F3 Time Management for System Administrators: Getting It All Done and Not Going (More) Crazy!
Tom Limoncelli, Cibernet
9:00 a.m.–12:30 p.m.
Who should attend: Sysadmins who want to improve their
time-management skills, who want to have more control over their time
and better follow-through on assignments. If you feel overloaded, miss
appointments, and forget deadlines and tasks, this class is for you.
Do any of these statements sound like you?
- I don't have enough time to get all my work done.
- I don't have control over my schedule
- I'm spending all my time mopping the floor; I don't have
time to fix the leaking pipe.
- My boss says I don't work hard enough, but I'm always working
my —— off!
Tom Limoncelli used to be a time-management disaster. He reformed
himself and offers his insights in this tutorial. Tom currently
has two job functions at a financial services company, chairs conferences,
writes books, maintains four personal Web sites, serves on the boards of
two nonprofits, and has a very full social life. Yet he keeps it
all together and has time for himself. If you think you don't have time to take this tutorial, you really need to take this tutorial!
Topics include:
- Why typical "time management" books don't work for sysadmins
- How to delegate tasks effectively
- How to use RT and other request tracking tools
- A way to keep from ever forgetting a user's request
- Why "to do" lists fail and how to make them work
- Managing your boss
- Managing email more effectively with procmail
- Prioritizing tasks so that users think you're a genius
- Getting more out of your Palm Pilot
- Having more time for fun (for people with a social life)
- Tips on automating sysadmin processes
- Efficient phone calls: how to avoid major time wasters
- How to leave the office every day with a smile on your face
Tom Limoncelli (R8, F3), co-author of The Practice of System and Network
Administration
(Addison-Wesley), is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he
has worked at Dean for America, Lumeta, Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
F4 Advanced Topics in Host Configuration and Maintenance with Cfengine
Mark Burgess, Oslo University College
9:00 a.m.–12:30 p.m.
Who should attend: System administrators with a working knowledge of
cfengine (or who have attended the introductory course) and who wish
to extend their understanding of cfengine with examples and usage
patterns. UNIX and Mac OS X administrators will be most at home in this
tutorial, but cfengine can also be used on Windows 2000 and above.
Cfengine contains many features and facilities that make it a powerful
tool for system administration, but it has a large manual that is
difficult to absorb without training. In this tutorial we assume that
attendees have a basic understanding of how cfengine works and would
like to develop a number of "best practices" and examples
to maximize their returns.
Topics include:
- Review of some basics
- Automating deployment of software throughout your infrastructure
- UNIX/Mac/Windows
- update.conf
- cron and cfexecd
- When to run
- Integrating data from information sources
- Structure and organization of config
- The overlapping-set model
- Import
- Modules
- Methods
- When to use these tools
- Special functions and variables
- Variables, scalars, arrays
- Associative arrays and their limitations
- ExecResult, ReturnsZero, etc.
- ReadArray, ReadList, etc.
- IsNewerThan, IsDir, etc.
- Searching, matching, and wildcards
- Search filters
- Regular expressions
- Wildcard expansions
- How does cfagent evaluate things?
- Thinking declaratively
- Ordering: When does it matter?
- Locks; What are they, and why are they there?
- Iteration over lists
- Control, actionsequence, alerts
- Services and security
- PP keys and exchange (trust model)
- Authentication stages
- Rule orderings
- IPv6 issues
- Peer-to-peer services
- Example: Backing up laptops
- Host monitoring
- cfenvd
- Interfacing to tcpdump
- Understanding cfenvgraph output
- PeerCheck neighborhood watch
- FriendStatus function
- Future developments and discussion
Mark Burgess (W8, F4) is a professor at Oslo University College and is the
author of
cfengine. He has been researching the
principles of network
and system administration for over ten years and is the author
of Principles of Network and System Administration (John Wiley & Sons).
He is frequently invited to speak at conferences.
F5 Intermediate Topics in Domain Name System Administration
William LeFebvre, CNN Internet Technologies
9:00 a.m.–12:30 p.m.
Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.
Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.
Topics include:
- Subdomains and delegation
- Resource records: NS, RP, MX, TXT, AAAA
- Migration to BIND8
- DNS management tools
- DNS design
- DNS and firewalls
William LeFebvre (R5, F5) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.
|
|
|