Gerald Carter (M1, T2), a member of the SAMBA Team since 1998, is employed by Hewlett Packard as a Software Engineer, working on SAMBA-based print appliances. He is writing a guide to LDAP for system administrators, to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and system administrator. He has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself SAMBA in 24 Hours (Sams Publishing).

M2 Hacking and Securing Web-Based Applications NEW
David Rhoades, Maven Security Consulting

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.

With numerous real-world examples, this course is based on fact and experience, not theory. The material applies to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.

Topics include:

• Information-gathering attacks: How hackers read between the lines
• User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
• User sign-off process: Are users really signed off?
• OS & Web server weaknesses: buffer overflows and default material
• Encryption: Finding the weakest link
• Session tracking
  • URL rewriting, basic authentication, and cookie: strengths and weaknesses
  • Session cloning, IP hopping, and other subtle dangers
  • A recipe for strong session IDs
• Authentication: server, session, transactional
• Transaction-level issues
  • Hidden form elements
  • Unexpected user input
  • GET vs. POST
  • JavaScript filters
  • Improper server logic

David Rhoades (M2) is president of Maven Security Consulting Inc. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States, and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).


M3 Perl for System Administration: The Networking Power Hours NEW
David N. Blank-Edelman, Northeastern University CCS

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite).

After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools and methods you need to successfully use your existing Perl skills to tame these areas.

Topics include:

• SNMP: The Simple Network Management Protocol isn't always so simple to use or understand, but it is ubiquitous. We'll learn how to use Perl to query and configure SNMP versions 1*- and 3*-capable devices like switches, routers, and workstations.
• Packet Play: It is not uncommon to have to sniff a network looking for specific packets (or sometimes even produce them yourself). Maybe you're debugging a network service or performing a penetration test. We'll look at both sniffing for specific packets and creating them ourselves from Perl.
• Network Monitoring and Mapping: With SNMP and packet skills under our belt, we can begin to approach the hard topic of continuously monitoring a network and displaying the results. This module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already built to solve this problem.
• LDAP: If you don't already have a directory service running in your environment, chances are you will soon. It is equally likely that this directory service will be built on or be accessible by the Lightweight Directory Access Protocol. We'll see how to use Perl to perform common LDAP operations.
• Mail: Perl is an excellent tool for speaking different mail protocols. We'll learn how to use it to send mail with SMTP and perform different mail operations using POP3 and IMAP. Once we know how to receive mail, we'll look at the process of parsing the mail to help us deal with it.
• Potpourri: There are so many topics in the networking arena that we bend the one-topic-per-hour rule for the last hour. In this module we'll look at how to parse logs efficiently and effectively, roll your own daemons, and use encrypted transports from Perl.

David N. Blank-Edelman (M3) is the Director of Technology at the Northeastern University College of Computer Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.


M4 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system, and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

• Performance tuning strategies
• Server tuning
  • Filesystem and disk tuning
  • Memory consumption and swap space
  • System resource monitoring
  • NFS issues
  • Automounter and other tricks
• Network performance, design, and capacity planning
• Application tuning
  • System resource usage
  • Memory allocation
  • Code profiling
  • Job scheduling and queuing
  • Real-time issues
  • Managing response time

Marc Staveley (M4) works at Soma Networks, where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant, and he has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

M5 Inside the Linux Kernel (updated for version 2.6)
Ted Ts'o, IBM Linux Technology Center

Who should attend: Application programmers and kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the latest release version of the Linux kernel (v. 2.6), it will also address aspects of the development kernel codebase (v. 2.7) where its substance differs from 2.6. It will not contain any detailed examination of the source code but will, rather, offer an overview and roadmap of the kernel's design and functionality.

Topics include:

• How the Linux kernel is organized: scheduler, virtual memory system, filesystem layers, device driver layers, and networking stacks
  • The interface between each module and the rest of the kernel, and the functionality provided by that interface
  • The common kernel support functions and algorithms used by that module
  • How modules provide for multiple implementations of similar functionality (network protocols, filesystem types, device drivers, and architecture-specific machine interfaces)
• Basic ground rules of kernel programming (dealing with issues such as races and deadlock conditions)
• Implementation of the most important kernel algorithms and their general properties (aspects of portability, performance, and functionality)
• The main similarities and differences between Linux and traditional UNIX kernels, with attention to places where Linux implements significantly different algorithms
• Details of the Linux scheduler, its VM system, and the ext2fs file system
• The strict requirements for ensuring that kernel code is portable.

Theodore Ts'o (M5) has been a Linux kernel developer since almost the very beginnings of Linux—he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is a Senior Technical Staff Member of IBM's Linux Technology Center.



M6 Network Security Protocols: Theory and Current Standards NEW
Radia Perlman, Sun Microsystems

Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required.

First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built.

We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols.

Armed with this conceptual knowledge of the toolkit of tricks, we describe and critique current standards.

Topics include:

• What problems are we trying to solve?
• Cryptography
• Key distribution
  • Trust hierarchies
  • Public key (PKI) vs. secret key solutions
• Handshake issues
  • Diffie-Hellman
  • Man-in-middle defense
  • Perfect forward secrecy
  • Reflection attacks
• PKI standards
  • X.509
  • PKIX
• Real-time protocols
  • SSL/TLS
  • IPsec (including AH, ESP, and IKE)
• Secure email
• Web security
  • URLs
  • HTTP, HTTPS
  • Cookies

Radia Perlman (M6, T6) is a Distinguished Engineer at Sun Microsystems. She is known for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage-proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and co-author of Network Security: Private Communication in a Public World, two of the top 10 networking reference books, according to Network Magazine. She is one of the 25 people whose work has most influenced the networking industry, according to Data Communications Magazine. She holds about 50 issued patents, an S.B. and S.M in mathematics and a Ph.D. in computer science from MIT and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.



M7 Advanced Topics in System Administration and Security NEW
Trent Hein and Ned McClain, Applied Trust

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner.

This tutorial covers six topics of critical importance to all system administrators and power users.

• Digital forensics tools and techniques: Investigating computer security incidents has become a necessary skill for all system administrators. We'll discuss the secrets of digital forensics, including how to find out what happened without destroying possible evidence. This section will highlight several incident investigation tools and give examples of their use in real-life scenarios.
• Linux kernel tuning: As Linux's popularity in production environments increases, the need for knowledge on tuning a Linux kernel becomes ever so important. Whether it's performance, security, or functionality you're looking to cajole your system into, we'll give you the what to's and the how to's, and even the what you can'ts of this rare art.
• Handling digital forensic evidence: Information collected from a digital crime scene must be handled according to a strict set of rules. We'll talk about what you should do with log files, filesystems, and other digital evidence that might be used in court. This section will get you comfortable with all aspects of evidence handling, from secure evidence collection to the chain of custody.
• Stateful firewalls: Keeping up with the latest security technology can be a challenge, but it is essential to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering using iptables.
• Network intrusion detection systems: New NIDS products are appearing every day. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. Leave this section with the information you need to select and implement a NIDS solution that's right for you.
• Performance crisis case studies #3: Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you might someday face. This is a great way to gain practical knowledge in the performance arena.

Trent Hein (M7) is co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.


Ned McClain (M7), co-founder and CTO of Applied Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author to both the UNIX System Administration Handbook and the Linux Administration Handbook.


M8 Logging & Security: Building an Enterprise Logging Infrastructure
Tina Bird, Stanford University

Who should attend: System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Participants should be familiar with the UNIX and Windows operating systems and basic network security, although some review is provided.

The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems.

Every device on your network—routers, servers, firewalls, application software—spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.

Topics include:

• The extent of the audit problem: how much data are you generating every day, and how useful is it?
• Logfile content: improving the quality of the data in your logs
• Logfile generation: syslog and its relatives, including building a central loghost, and integrating Microsoft Windows systems into your UNIX log system
• Log management: centralizing, parsing, and storing all that data
• Legal issues: what you can do to be sure you can use your logfiles for human resources issues and for legal prosecution

This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.

Tina Bird (M8), as a Computer Security Officer for Stanford University, works on the design and implementation of security infrastructure; providing security alerts for the 40,000-host network; healthcare information security; and extending Stanford's logging infrastructure. Tina moderates the Log Analysis and VPN mailing lists; with Marcus Ranum, she runs www.loganalysis.org. Tina has a B.S. in physics from the University of Notre Dame and a master's degree and Ph.D. in astrophysics from the University of Minnesota.

Tuesday, June 10, 2003

T1 Advanced Solaris System Administration Topics UPDATED
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 9 features and functions.

Topics include:

• Installing and upgrading
  • Architecting your facility
  • Choosing appropriate hardware
  • Planning your installation, filesystem layout, post-installation steps
  • Installing (and removing) patches and packages
• Advanced features of Solaris 2
  • Filesystems and their uses
  • The /proc filesystem and commands
  • Useful tips and techniques
• Networking and the kernel
  • Virtual IP: configuration and uses
  • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
  • Devices: naming conventions, drivers, gotchas
• Enhancing Solaris
  • High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
  • Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
  • Tools: useful free tools, tool use strategies
  • Security: locking down Solaris, system modifications, tools, SunScreen
  • Resources and references

Peter Baer Galvin (T1) is the Chief Technologist for Corporate Technologies, and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a columnist for SunWorld, and is coauthor of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions.


T2 Managing Samba 2.2 & 3.0 NEW
Gerald Carter, Samba Team/Hewlett-Packard

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring/managing Samba servers" listed as a desired skill on many job descriptions for network administrators.

Topics include:

• Providing basic file and print services
• Upgrading Samba servers from version 2.2 to 3.0
• Integrating with Windows NT 4.0 and Active Directory authentication services
• Centrally managing printer drivers for Windows clients
• Managing NetBIOS network browsing
• Implementing a Samba primary domain controller along with Samba backup domain controllers
• Migrating from a Windows NT 4.0 domain to a Samba domain
• Utilizing account storage alternatives to smbpasswd (such as LDAP)
• Making use of Samba VFS modules for features such as virus scanning and a network recycle bin

Gerald Carter (M1, T2), a member of the SAMBA Team since 1998, is employed by Hewlett Packard as a Software Engineer, working on SAMBA-based print appliances. He is writing a guide to LDAP for system administrators, to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and system administrator. He has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself SAMBA in 24 Hours (Sams Publishing).



T3 System and Network Monitoring
John Sellens, Certainty Solutions

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.

Topics include:

• Monitoring: goals, techniques, reporting
• SNMP: the protocol, reference materials, relevant RFCs
• Introduction to SNMP MIBs (Management Information Bases)
• SNMP tools and libraries
• Other non-SNMP tools
• Security concerns when using SNMP and other tools on the network
• Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
• Special situations: remote locations, firewalls, etc.
• Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting

Who should attend: Intermediate to senior software developers and project managers involved in the building and management of modern software systems.

This tutorial provides practical advice on how to design, build, deploy, and manage Internet-facing systems. We examine the core attributes of Internet systems (scalability, reliability, manageability, maintainability, and security), how to architect and build Internet systems, common mistakes and failures in Internet systems, how to deploy Internet systems, and how to manage Internet systems across their life.

Topics include:

• Building Internet-facing applications
  • Defining attributes of Internet-facing systems
  • System architecture: building to cope with change
  • Operations management: building systems to run
  • Common failures (and how to avoid them) of design, development, process, integration, and deployment
• Deploying Internet applications
  • Thinking about deployment: availability considerations, backend system integration, failure mode analysis, security exposures analysis, production support preparation
  • Business continuity planning
  • Managing Internet applications
  • System availability planning
    • What does the business need?
    • What are the resource implications?
  • Command and control of Internet applications: trust, configuration management, change management, data management
  • The critical elements of managing 24x7 operations
    • Network management (how do we know when something went wrong?)
    • Problem diagnosis (what went wrong?)
    • Disaster recovery procedures (how do we resume service?)
    • Change management (how do we minimize the risk of service disruption?)

Geoff Halprin (T4) has over 25 years of experience in building software systems, from system management tools to network monitoring software and embedded mission-critical billing systems for Internet Service Providers. He has spent more years troubleshooting other peoples programs than he cares to remember. Geoff is also president of SAGE: The System Administrators Guild.



T5 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques NEW
Aeleen Frisch, Exponential Consulting

Who should attend: System administrators who want to explore new ways of automating administrative tasks. Shell scripts are appropriate for many jobs, but more complex operations will often benefit from sophisticated tools.

• Automating installations
  • Vendor-supplied tools
  • Alternative approaches
  • State-of-the-art package control
  • Heterogeneous environments
• Mark Burgess's cfengine package
  • Basic and advanced configurations
  • Uses—installations & beyond; "self-healing" system configurations; data collection; and more
  • When not to use cfengine
• Other tools
  • Expect—automating interactive processes, what to Expect; using it with other tools; security issues
  • Amanda for enterprise backup—prerequisites; configuration; optimizing
  • STEM, a new package for automating network operations—the context and tool capabilities; suggested uses; performance and security issues
  • Nagios to monitor network and device performance—how it works; sample configurations; extending Nagios
  • RRDTool for examining retrospective system data—basic operation; advanced graphing; options for data collection

Aeleen Frisch (T5, W6) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).



T6 Bridges, Routers, Switches, and Internetworking Protocols NEW
Radia Perlman, Sun Microsystems

Who should attend: Anyone who might need to design a protocol, implement a protocol, write network-based applications, or plan or manage a network, or anyone who is just curious about what is really going on under the covers in a network, and how things got the way they are. Anyone with the courage to see things from different angles, and not just parrot orthodoxy. Paradoxically, this tutorial is good as an introduction to people who are incredibly confused by all the terms and don't know where to start, as well as people who have been using this stuff for years, assumed they understood it, and want to see how all the pieces fit.

The concepts of IP addresses, masks, MAC addresses, routing algorithms, domains, switches, bridges, are pervasive when dealing with networks. We all use these terms and configure these things, but what is really going on? What are the implications of choosing a switch vs. a router? What kinds of things can go wrong in a protocol that is misdesigned, misimplemented, or mismanaged? This tutorial describes the major protocols involved in the network infrastructure. It describes conceptually what goes on in the packet switches (both layer 2/bridges and layer 3/routers), as well as the implications on endnodes. It contrasts connection-oriented approaches such as ATM and MPLS with connectionless approaches such as IPv4 and IPv6. It covers the endnode-visible pieces of layer 3, such as neighbor-discovery and address autoconfiguration. It covers intradomain routing algorithms (distance vector such as RIP and link state such as OSPF or IS-IS) and interdomain (BGP). It describes the spanning tree algorithm used by bridges and switches.

Topics include:

• Layer 2 (MAC) addresses
  • Why 6 bytes?
  • Relation to layer 3 addresses (IP)
• Bridges
  • Basic idea
  • Why it's more powerful than a repeater
  • Station address learning and forwarding
  • Spanning tree
• What are switches? "switched Ethernet"
• Connection-oriented networks: ATM, MPLS
• Connectionless protocols: IPv4, IPv6, and comparison with others
• Neighbor discovery (ARP, DHCP)
• Routing (distance vector vs. link state, interdomain vs. intradomain)
• IP Multicast
• NAT

Who should attend: Network, system, and firewall administrators; security auditors and those audited; those responding to intrusions or responsible for applications or systems that might be targets for crackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

This tutorial will review the ways crackers work, what protocols and tools they use, and a number of current methods and exploits. You'll learn how to generate vulnerability profiles of your systems. Additionally, we'll review some important management policies and issues.

• Profiles: what can an intruder determine about your site remotely?
• Review of profiling methodologies: different "viewpoints" generate different types of profiling information
• Techniques: scanning, online research, TCP/IP protocol "mis"uses, denial of service, cracking clubs
• Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
• Tools: scotty, strobe, netcat, ISS, SATAN, SAINT, mscan, sscan, queso, curl, Nmap, SSLeay/upget
• Defining management policies to minimize intrusion risk

Who should attend: Network and security administrators who are charged with implementing network security and looking for Linux-related solutions. Attendees should have a basic understanding of TCP/IP and some experience in configuring network services.

This tutorial will offer extensive configuration examples for Linux-based packet firewalls, common scenarios, and overviews of useful tools that will provide valuable solutions. At the completion of the course, attendees should feel confident in their ability to set up and maintain secure networks with flexible access control. The instructor encourages questions during the presentation.

• Networking overview
• Linux kernel firewall capabilities
• /proc kernel tuning
• Linux 2.4 and Netfilter
  • Table and structure
  • Firewall rules and targets
  • User chains
  • Simple stateful approaches
  • IPChains compatibility
  • Advanced connection tracking
• Performance tuning
• Network address translation
  • Port forwarding
  • Round-robin load balancing
  • SNAT and masquerading
• Sniffers you should fear (and use)
• Traffic monitoring
• Practical solutions to common problems

Joshua Jensen (T8) was the first Red Hat instructor and examiner, and has been with Red Hat for 4 years. In that time he has written and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Joshua has worked with Linux for 7 years, and has been teaching Cisco Internetworking and Linux courses since 1998.

Wednesday, June 11, 2003

W1 WiFi Security: The Trials and Tribulations of Designing, Deploying, and Using WiFi Networks Securely NEW
William A. Arbaugh, University of Maryland, College Park

Who should attend: Designers, administrators, and power users of WiFi networks who need to design, deploy, and/or operate a WiFi network. Previous experience with or knowledge of wireless networking is helpful but not required.

This tutorial will present the security problems with current and legacy WiFi equipment, and then explain the more recent and proposed standard changes designed to mitigate and in some cases eliminate those problems, e.g., WiFi Protected Access (WPA) and Robust Security Network (RSN). Following the explanations, a detailed design example will be presented and the participants will be shown how to design, deploy, and test wireless architectures using legacy, WPA, and RSN equipment.

Finally, participants will be shown how to build and test an architecture using open source software.

Topics include:

• Known attacks against legacy WiFi equipment and the open source tools used for the attacks
• WiFi Protected Access and RSN: what are the changes, and what do they mean?
• Designing a secure WiFi network
• Deploying a secure WiFi network using open source tools
• Testing your WiFi network using open source tools

William Arbaugh (W1) has spent over 15 years performing security research and engineering. Arbaugh and his students were among the first to identify security flaws in the IEEE 802.11 standard, as well as several proposed fixes to the standard. He and his students are actively involved in the IEEE and the IETF standards processes, doing their best to ensure that future standards are more robust. He and Jon Edney are the authors of a forthcoming book (Addison-Wesley, Fall 2003) entitled Wi-Fi Protected Access: Wireless Security and 802.11.


W2 Solaris Internals: Architecture, Tips, and Tidbits
James Mauro and Richard McDougall, Sun Microsystems, Inc.

Who should attend: Software engineers, application architects and developers, kernel developers, device driver writers, system administrators, performance analysts, capacity planners, Solaris users who wish to know more about the system they're using and the information available from bundled and unbundled tools, and anyone interested in operating system internals.

The installed base of Solaris systems being used for various commercial data-processing applications across all market segments and scientific computing applications has grown dramatically over the last several years, and it continues to grow. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system works is required in order to design and develop applications that take maximum advantage of the various features of the operating system, to understand the data made available via bundled system utilities, and to optimally configure and tune a Solaris system for a particular application or load.

Topics include: the major subsystems of the Solaris 8 kernel. We review the major features of the release and take a look at how the major subsystems are tied together. We cover in detail the implementation of Solaris services (e.g. system calls) and low-level functions, such as synchronization primitives, clocks and timers, and trap and interrupt handling. We discuss the system's memory architecture; the virtual memory model, process address space and kernel address space, and memory allocation. The Solaris process/thread model is discussed, along with the kernel dispatcher and the various scheduling classes implemented and supported. We cover the Virtual File System (VFS) subsystem, the implementation of the Unix File System (UFS), and file IO-related topics. All topics are covered with an eye to the practical application of the information, such as for performance tuning or software development. Solaris networking (topics related to TCP/IP and STREAMS) is not covered in this course. After completing this course, participants will have a solid understanding of the internals of the major areas of the Solaris kernel that they will be able to apply to systems performance analysis, tuning, load/behavior analysis, and application development.

James Mauro (W2) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. He co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun. Jim co-authored Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/ Prentice Hall, 2000).

Richard McDougall (W2), an Established Engineer in the Performance Application Engineering Group at Sun Microsystems, focuses on large systems performance and architecture. He has over twelve years of experience in UNIX performance tuning, application/kernel development, and capacity planning. Richard is the author of many papers and tools for measuring, monitoring, tracing, and sizing UNIX systems, including the memory-sizing methodology for Sun, the MemTool set for Solaris, the recent Priority Paging memory algorithms in Solaris, and many unbundled tools for Solaris, and is co-author of Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000).


W3 System and Network Monitoring: Tools in Depth NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca. It will build on the background provided by the introductory "System and Network Monitoring" tutorial, so participants should be familiar with the topics covered in that tutorial.

Participants should expect to leave the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.

Topics include: for Nagios, Cricket, MRTG, and Orca:

• Installation
• Configuration, options, how to manage larger and non-trivial configurations
• Reporting and notifications, proactive and reactive
• Special cases: interesting problems
• How to write scripts or programs to extend functionality
• Dealing effectively with network boundaries and remote sites
• Security concerns, access control
• Ongoing operations

John Sellens (T3, W3) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

W4 Building Honey Pots for Intrusion Detection
Marcus Ranum, NFR Security, Inc.

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux. While the materials may be of interest to a Windows/NT administrator, attendees will benefit most if they have at least basic UNIX system administration skills.

This class provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar- alarming networks. Students completing this class will come away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

• Introduction
  • IDSes
  • Fundamentals of burglar alarms
  • Fundamentals of honey pots
  • Fundamentals of log-data analysis
  • Spoofing servers
• Overview of our honey pot's design
  • System initialization
  • Services
  • Spoofing server implementation walkthrough
  • Multiway address/traffic manipulation
  • Logging architecture: syslogs, XML logs, statistical processing
  • Simple tricks for information visualization
• Crunchy implementation details
  • How to write spoofing rules
  • How to write log filtering rules
• Management
  • Getting help in analyzing attacks
  • Keeping up to date

Auxiliary materials: Attendees will receive a bootable CD-ROM containing a mini UNIX kernel and preconfigured software, and will also have source-code access to the honey-pot building toolkit. Attendees may also wish to review The Honeynet Project, eds., Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (Addison-Wesley, 2001).

Marcus Ranum (W4) is founder and CTO of NFR Security, Inc. He has been working in the computer/network security field for over 14 years and is credited with designing and implementing the first commercial Internet firewall product. Marcus also designed and implemented other significant security technologies, including the TIS firewall toolkit and the TIS Gauntlet firewall. As a researcher for ARPA, Marcus set up and managed the Whitehouse.gov email server. Widely known as a teacher and industry visionary, he has been the recipient of both the TISC Clue award and the ISSA lifetime achievement award. Marcus lives in Maryland with his wife, Katrina, and a small herd of cats.



W5 Advanced Topics in DNS Administration
Jim Reid, Nominum

Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf.

This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?" Topics include:

• The BIND9 logging subsystem
  • Getting the most from the name server's logs
• Managing the name server with rndc
• Configuring split DNS: internal and external versions of a domain
  • Using the views mechanism of BIND9 to implement split DNS
• Setting up an internal root server
• Securing the name server
  • Running it chroot()
  • Using access control lists
  • Preventing unwanted access
• Dynamic DNS (DDNS)
  • Dynamic updates with nsupdate
• IPv6
  • Resolving and answering queries with IPv6
  • Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
• The Lightweight Resolver Daemon, lwresd
• Secure DNS (DNSSEC)
  • Using Transaction Signatures (TSIG)
  • How to sign zones with dnssec-keygen and dnssec-signzone

Who should attend: UNIX system administrators who want or need to administer Macintosh systems running Mac OS X and/or Mac OS X Server. Familiarity with standard UNIX system administration concepts and tasks is assumed. No previous Macintosh experience is necessary.

Experienced Macintosh users who want to learn about system administration tasks in the Mac OS X environment will also benefit from this course.

People very familiar with Max OS X or with the NeXTSTEP environment will find much of this material to be a review. Note that comparisons with NeXTSTEP will not be made. We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment. Topics include:

• What is this beast and what's Darwin (and why should I care)?
  • System architecture
• Basic tasks
  • Installation hints and pitfalls
  • Software packages
  • Startup and shutdown
• Files and filesystems
  • Filesystem layout
  • File types: resource forks, applications, etc.
• User management
  • Users and groups
  • Mac OS X shared domains
  • Managed preferences
• Networking
  • Client configuration
  • Managing standard TCP/IP daemons: DNS, DHCP, NTP, and so on
  • The Mac OS X multiprotocol environment
  • Rendezvous and its implications
• Process management and performance
• Managing funky Mac peripherals and user expectations
• Mac OS X security architecture and implementation

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This intense, fast-paced tutorial is aimed at people who have already been exposed to sendmail. It describes the latest release of sendmail from Berkeley, version 8.12. Topics include:

• The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
• Configuring sendmail using the M4 macro package
• Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command line flags, tuning, and security
• How sendmail interacts with DNSes

Who should attend: Anyone responsible for their organization's data. Disaster planning is like insurance: nobody wants to talk about it, and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you did personal disaster planning.

After 9/11, the companies that survived were those that had disaster plans in place. This tutorial will show you what you need to think about, what you need to plan for (and what you can safely avoid), and how you can put a plan into effect if (God forbid!) you ever need to use it.

We will explore the key aspects of developing a disaster recovery plan, including the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing cost and benefit. We will also take a close look at one organization that recovered completely very quickly after 9/11.

Topics include:

• What a DR plan should contain
• The costs of developing a DR plan
• Do you need a DR plan at all?
• The legal and civil liabilities of not having a plan
• Downtime and data loss as two sides of the same coin
• Four different methods for testing your DR plan
• DR as a subset of high availability
• Methods and technologies for protecting data through a disaster
• How disasters might affect the people who are responsible for recovery
• Building and staffing DR teams
• The role of senior management in DR
• Convincing management that a DR plan is necessary
• A real-life case study of a company that survived the 9/11 disaster

Evan Marcus (W8) is a Senior Systems Engineer and High Availability Specialist with VERITAS Software Corporation. Evan has more than 14 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).