S1 Hands-on Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 1 of 2)
Who should attend: System administrators of Linux and other UNIX systems; anyone who runs a public UNIX server.
|Rik Farrow, Security Consultant
9:00 a.m.5:00 p.m.
Few people enjoy learning how to swim by being tossed into the ocean, but that's what happens if a system you manage gets hacked. You often have little choice other than to reload that system, patch it, and get it running again. This two-day class gives you a chance to work with systems that have been "hacked," letting you search for hidden files or services or other evidence of the intrusion. Examples are taken from real, recent attacks on Linux systems. You will perform hands-on exercises with dual-use tools to replicate what intruders do as well as with tools dedicated to security. The tools vary from the ordinary, such as find and strings, to less familiar but very important ones, such as lsof, scanners, sniffers, and the Sleuth Kit.
The lecture portion of this class covers the background you need to understand UNIX security principles, TCP/IP, scanning, and popular attack strategies.
Day Two will explore the defenses for networks and individual systems. The class will end with a discussion of the use of patching tools for Linux, including cfengine.
Class exercises will require that you have an x86-based laptop computer that can be booted from a KNOPPIX CD. Macintosh owners interested in taking this class should contact the instructor, as a bootable KNOPPIX CD for the PPC may be provided as well if there is sufficient interest. Students will receive a version of Linux on CD that includes the tools, files, and exercises used in the course. If you have a laptop but don't know whether it can run a bootable Linux CD (that will not have an impact on your installed hard drive or operating systems), please download a copy of KNOPPIX (http://www.knoppix.org), burn it, and try it out. KNOPPIX support for wireless is the same as common Linux kernels (not exciting), but KNOPPIX does a superb job of handling most other hardware found in laptops.
- Finding hidden files and evidence of intrusion
- TCP/IP and its abuses
- hping2 probes, or xprobe with ethereal again
- nmap while watching with ethereal or tcpdump (connect and SYN scans)
- Working with buffer-overflow exploit examples
- Apache servers and finding bugs in scripts
- John the Ripper, password cracking
- Using and modifying KNOPPIX Linux boot CD
- Elevation of privilege and suid shells
- Rootkits, and finding rootkits (chkrootkit)
- Sleuth Kit (looking at intrusion timelines)
- iptables and netfilter
- cfengine configuration
- Vulnerability scanning with nessus
Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.
S2 Next Generation Storage Networking and Data Protection
Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This lecture is technical in nature, but it
does not address command-line syntax or the operation of
specific products or technologies. Rather, the focus is on general
architectures and various approaches to scaling in both
performance and capacity. Since storage technologies tend to be
expensive, there is some discussion of the relative cost of different
technologies and of strategies for managing cost and achieving
results on a limited budget.
|Jacob Farmer, Cambridge Computer Services
9:00 a.m.5:00 p.m.
There has been tremendous innovation in the data storage industry
in the past few years, and this year the pace has quickened.
Proprietary monolithic SAN and NAS subsystems are giving way to
open-system and distributed architectures. Data-transfer protocols
such as SCSI, NFS, and CIFS are facing competition from VI and
DAFS. Fibre-channel and parallel SCSI interfaces are challenged by
Gigabit Ethernet, iSCSI, and serial ATA. Bottlenecks imposed by
I/O buses and stacks stand to be eliminated by Infiniband and
RDMA. Finally, traditional file-based tape backup systems are
being challenged by disk-to-disk backup and block-level backup
technologies, which promise to eliminate backup windows while minimizing the chance of data loss.
This tutorial describes the latest technologies to hit the market
for storage networking and data protection and offers advice on
how to integrate these technologies into existing environments as well as how to set up whole new systems. The first half of the lecture covers
the latest technologies for primary storage: SAN and NAS architectures,
virtual storage, parallel file systems, storage interfaces, etc.
The second half of the lecture focuses on secondary storage: backup
systems, data replication, archiving, etc.
- Storage networking
- Fundamentals of storage networking
- Shortcomings of conventional SAN and NAS architectures
- Comparison of storage interfaces: fibre channel, SCSI, serial ATA, Infiniband, Ethernet
- Comparison of storage protocols: CIFS, NFS, SCSI, VI, DAFS
- Open systems storage virtualization
- The convergence of SAN and NAS
- High-performance file sharing (NAS on steroids)
- SAN-enabled file systems
- Wide-area file systems
- Parallel file systems
- Content-addressable storage
- Backup systems
- SAN-enabled backup systems
- Disk-to-disk backup
- Virtual tape libraries
- Continuous backup
- Data replication
- Integrating snapshots into the backup strategy
- The lastest tape technologies (LTO-2, SDLT-600, SAIT, AIT-4)
- Backup system reporting and diagnostics
- Secondary storage SANs
Jacob Farmer (S2) is the CTO of Cambridge Computer Services, a specialized integrator of backup systems and storage networks. He has over 15
years' experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking.
S3 Linux Network Service Administration
Who should attend: This tutorial is directed at system administrators who are implementing
network services and are looking for a background in the configuration
of those services, as well as basics of the protocols. Attendees should
have some network client/server experience and have a basic knowledge of
UNIX administration, but do not need to be experienced network
administrators. Both new and intermediate network administrators will
leave the tutorial having learned something.
|Joshua Jensen, IBM
9:00 a.m.5:00 p.m.
From a stand-alone client attached to the Internet to a distributed
network of Web servers, systems administrators are being tasked with
bringing their office environments online. The network services that need
to be configured in order to do this can be daunting to administrators who
aren't familiar with the required applications. Configuration examples
as well as overviews of the underlying protocols will give attendees
the tools to implement services on their own systems. The following areas will be
covered (with a special emphasis on security):
At the completion of the course, attendees should feel confident in their
ability to set up and maintain secure network services. The tutorial will
be conducted in an open manner that encourages question-and-answer
- Network services
- SSHSecure Shell with OpenSSH
- FTPExplore vsftpd
- HTTPApache and Tux and Squid
- SMTPPostfix MTA
- NFSNetwork File Systems
- LDAPGlobal authentication with OpenLDAP
- DHCPDHCPD and PXE
- DNSISC's BIND
- NTPNetwork Time
- LPDPrinting with cups
- Host-based security with TCP wrappers and Xinetd
- Linux packet filtering
- Network monitoring and logging
- Network utilities you should be using
Joshua Jensen (S3, M3) has worked for IBM and Cisco Systems and was Red Hat's first instructor, examiner, and RHCE. He worked with Red Hat for 4 1/2
years, during which time he wrote and maintained large parts of the Red Hat
curriculum: Networking Services and Security, System Administration,
Apache and Secure Web Server Administration, and the Red Hat Certified
Engineer course and exam. Having been working with Linux since
1996, Joshua now finds himself having gone full circle, being now employed by IBM while
working with Red Hat Linux onsite at Cisco Systems. In his spare time
he dabbles in cats, fish, boats, and frequent flyer miles.
S4 Network Security Protocols: Theory and Current Standards
Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required.
Radia Perlman, Sun Microsystems
9:00 a.m.5:00 p.m.
First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built.
We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols.
Armed with this conceptual knowledge of the toolkit of tricks, we describe and
critique current standards.
- What problems are we trying to solve?
- Key distribution
- Trust hierarchies
- Public key (PKI) vs. secret key solutions
- Handshake issues
- Man-in-middle defense
- Perfect forward secrecy
- Reflection attacks
- PKI standards
- Real-time protocols
- IPsec (including AH, ESP, and IKE)
- Secure email
- Web security
Radia Perlman (S4) is a Distinguished Engineer at Sun Microsystems. She is known
for her contributions to bridging (spanning tree algorithm) and routing (link
state routing), as well as security (sabotage-proof networks). She is the
author of Interconnections: Bridges, Routers, Switches, and Internetworking
Protocols and co-author of Network Security: Private Communication in a
Public World, two of the top ten networking reference books, according to
Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.
S5 Advanced Solaris System Administration Topics
Who should attend: UNIX administrators who need more knowledge of Solaris administration.
Peter Baer Galvin, Corporate Technologies, Inc.
9:00 a.m.5:00 p.m.
We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. This tutorial has been updated to include Solaris 9 features and functions.
- Installing and upgrading
- Architecting your facility
- Choosing appropriate hardware
- Planning your installation, filesystem layout, post-installation steps
- Installing (and removing) patches and packages
- Avoiding single points of failure
- Advanced features of Solaris 2
- Filesystems and their uses
- The /proc filesystem and commands
- Useful tips and techniques
- Networking and the kernel
- Virtual IP: configuration and uses
- Kernel and performance tuning: new features, adding devices, tuning, debugging commands
- Devices: naming conventions, drivers, gotchas
- Enhancing Solaris
- High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
- Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
- Tools: useful free tools, tool use strategies
- Security: locking down Solaris, system modifications, tools, SunScreen
- Resources and references
Peter Baer Galvin (S5) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
S6 How to Protect Your Intellectual Property: Current Developments, Issues, and Controversies
Who should attend: Computer programmers,
system administrators, and executives who
create, maintain, or commercially exploit software code or other
innovations constituting intellectual property. No previous
knowledge of intellectual property law is required. Protection
options and issues vary depending on the kind of intellectual
property, the innovations that incorporate them, and the goals of
the companies or individuals who own them. We will address these
variations as they become relevant during the tutorial.
Dan Appelman, HellerEhrman
9:00 a.m.5:00 p.m.
This tutorial presents an overview of intellectual property protection,
followed by a discussion of current issues and some practical advice
about developing an intellectual property strategy. The format is
a presentation by the instructor with plenty of time to ask questions.
The goal is to provide attendees with a better
understanding of how the law views intellectual property, of the
sensitive legal issues and potential liabilities that developers
face, and of the concrete steps they can take to maximize their
protection while minimizing the cost of doing so.
- Overview of U.S. intellectual property law
- How to identify, protect, and enforce your intellectual property rights
- Employer vs. employee issues
- Cost vs. benefit with various intellectual property options
- Reconciling open source development with intellectual property rights
- Derivative works: Who owns them? Leveraging off someone else's inventions
- Combining your work with work done by others: What happens to IP rights?
- SCO and intellectual property: Fact vs. fiction
- Intellectual property rights in cyberspace
- Rights in data
- Submarine patents and copyrights: Strategy, or recipe for disaster?
- Acacia Media Technologies: Prior art and the power of a patentthe streaming media case
- How U.S. intellectual property law differs from IP law of other countries
- Enforcing your IP rights abroad: Should you bother?
- How to develop an intellectual property strategy
Dan Appelman (S6) is a lawyer in the Silicon Valley office of a major
international law firm. He has been practicing in the areas of
cyberspace and software law for many years. He was the lawyer for
Berkeley Software Design in the BSDI/UNIX System Laboratories (AT&T)
case. Dan is the attorney for the USENIX Association and for many
tech companies. He is also founding chair of his firm's Information
Technology practice group, is the current chair of the California
Bar's Standing Committee on Cyberspace Law, and is a member of the
American Bar Association Cyberspace Committee.