William Arbaugh (W1) has spent over 15 years performing security research and engineering. Arbaugh and his students were among the first to identify security flaws in the IEEE 802.11 standard, as well as several proposed fixes to the standard. He and his students are actively involved in the IEEE and the IETF standards processes, doing their best to ensure that future standards are more robust. He and Jon Edney are the authors of a forthcoming book (Addison-Wesley, Fall 2003) entitled Wi-Fi Protected Access: Wireless Security and 802.11.


W2 Solaris Internals: Architecture, Tips, and Tidbits
James Mauro and Richard McDougall, Sun Microsystems, Inc.

Who should attend: Software engineers, application architects and developers, kernel developers, device driver writers, system administrators, performance analysts, capacity planners, Solaris users who wish to know more about the system they're using and the information available from bundled and unbundled tools, and anyone interested in operating system internals.

The installed base of Solaris systems being used for various commercial data-processing applications across all market segments and scientific computing applications has grown dramatically over the last several years, and it continues to grow. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system works is required in order to design and develop applications that take maximum advantage of the various features of the operating system, to understand the data made available via bundled system utilities, and to optimally configure and tune a Solaris system for a particular application or load.

Topics include: the major subsystems of the Solaris 8 kernel. We review the major features of the release and take a look at how the major subsystems are tied together. We cover in detail the implementation of Solaris services (e.g. system calls) and low-level functions, such as synchronization primitives, clocks and timers, and trap and interrupt handling. We discuss the system's memory architecture; the virtual memory model, process address space and kernel address space, and memory allocation. The Solaris process/thread model is discussed, along with the kernel dispatcher and the various scheduling classes implemented and supported. We cover the Virtual File System (VFS) subsystem, the implementation of the Unix File System (UFS), and file IO-related topics. All topics are covered with an eye to the practical application of the information, such as for performance tuning or software development. Solaris networking (topics related to TCP/IP and STREAMS) is not covered in this course. After completing this course, participants will have a solid understanding of the internals of the major areas of the Solaris kernel that they will be able to apply to systems performance analysis, tuning, load/behavior analysis, and application development.

James Mauro (W2) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. He co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun. Jim co-authored Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/ Prentice Hall, 2000).

Richard McDougall (W2), an Established Engineer in the Performance Application Engineering Group at Sun Microsystems, focuses on large systems performance and architecture. He has over twelve years of experience in UNIX performance tuning, application/kernel development, and capacity planning. Richard is the author of many papers and tools for measuring, monitoring, tracing, and sizing UNIX systems, including the memory-sizing methodology for Sun, the MemTool set for Solaris, the recent Priority Paging memory algorithms in Solaris, and many unbundled tools for Solaris, and is co-author of Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000).


W3 System and Network Monitoring: Tools in Depth NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca. It will build on the background provided by the introductory "System and Network Monitoring" tutorial, so participants should be familiar with the topics covered in that tutorial.

Participants should expect to leave the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.

Topics include: for Nagios, Cricket, MRTG, and Orca:

• Installation
• Configuration, options, how to manage larger and non-trivial configurations
• Reporting and notifications, proactive and reactive
• Special cases: interesting problems
• How to write scripts or programs to extend functionality
• Dealing effectively with network boundaries and remote sites
• Security concerns, access control
• Ongoing operations

John Sellens (T3, W3) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

W4 Building Honey Pots for Intrusion Detection
Marcus Ranum, NFR Security, Inc.

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux. While the materials may be of interest to a Windows/NT administrator, attendees will benefit most if they have at least basic UNIX system administration skills.

This class provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar- alarming networks. Students completing this class will come away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

• Introduction
  • IDSes
  • Fundamentals of burglar alarms
  • Fundamentals of honey pots
  • Fundamentals of log-data analysis
  • Spoofing servers
• Overview of our honey pot's design
  • System initialization
  • Services
  • Spoofing server implementation walkthrough
  • Multiway address/traffic manipulation
  • Logging architecture: syslogs, XML logs, statistical processing
  • Simple tricks for information visualization
• Crunchy implementation details
  • How to write spoofing rules
  • How to write log filtering rules
• Management
  • Getting help in analyzing attacks
  • Keeping up to date

Auxiliary materials: Attendees will receive a bootable CD-ROM containing a mini UNIX kernel and preconfigured software, and will also have source-code access to the honey-pot building toolkit. Attendees may also wish to review The Honeynet Project, eds., Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (Addison-Wesley, 2001).

Marcus Ranum (W4) is founder and CTO of NFR Security, Inc. He has been working in the computer/network security field for over 14 years and is credited with designing and implementing the first commercial Internet firewall product. Marcus also designed and implemented other significant security technologies, including the TIS firewall toolkit and the TIS Gauntlet firewall. As a researcher for ARPA, Marcus set up and managed the Whitehouse.gov email server. Widely known as a teacher and industry visionary, he has been the recipient of both the TISC Clue award and the ISSA lifetime achievement award. Marcus lives in Maryland with his wife, Katrina, and a small herd of cats.



W5 Advanced Topics in DNS Administration
Jim Reid, Nominum

Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf.

This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?" Topics include:

• The BIND9 logging subsystem
  • Getting the most from the name server's logs
• Managing the name server with rndc
• Configuring split DNS: internal and external versions of a domain
  • Using the views mechanism of BIND9 to implement split DNS
• Setting up an internal root server
• Securing the name server
  • Running it chroot()
  • Using access control lists
  • Preventing unwanted access
• Dynamic DNS (DDNS)
  • Dynamic updates with nsupdate
• IPv6
  • Resolving and answering queries with IPv6
  • Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
• The Lightweight Resolver Daemon, lwresd
• Secure DNS (DNSSEC)
  • Using Transaction Signatures (TSIG)
  • How to sign zones with dnssec-keygen and dnssec-signzone

Who should attend: UNIX system administrators who want or need to administer Macintosh systems running Mac OS X and/or Mac OS X Server. Familiarity with standard UNIX system administration concepts and tasks is assumed. No previous Macintosh experience is necessary.

Experienced Macintosh users who want to learn about system administration tasks in the Mac OS X environment will also benefit from this course.

People very familiar with Max OS X or with the NeXTSTEP environment will find much of this material to be a review. Note that comparisons with NeXTSTEP will not be made. We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment. Topics include:

• What is this beast and what's Darwin (and why should I care)?
  • System architecture
• Basic tasks
  • Installation hints and pitfalls
  • Software packages
  • Startup and shutdown
• Files and filesystems
  • Filesystem layout
  • File types: resource forks, applications, etc.
• User management
  • Users and groups
  • Mac OS X shared domains
  • Managed preferences
• Networking
  • Client configuration
  • Managing standard TCP/IP daemons: DNS, DHCP, NTP, and so on
  • The Mac OS X multiprotocol environment
  • Rendezvous and its implications
• Process management and performance
• Managing funky Mac peripherals and user expectations
• Mac OS X security architecture and implementation

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This intense, fast-paced tutorial is aimed at people who have already been exposed to sendmail. It describes the latest release of sendmail from Berkeley, version 8.12. Topics include:

• The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
• Configuring sendmail using the M4 macro package
• Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command line flags, tuning, and security
• How sendmail interacts with DNSes

Who should attend: Anyone responsible for their organization's data. Disaster planning is like insurance: nobody wants to talk about it, and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you did personal disaster planning.

After 9/11, the companies that survived were those that had disaster plans in place. This tutorial will show you what you need to think about, what you need to plan for (and what you can safely avoid), and how you can put a plan into effect if (God forbid!) you ever need to use it.

We will explore the key aspects of developing a disaster recovery plan, including the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing cost and benefit. We will also take a close look at one organization that recovered completely very quickly after 9/11.

Topics include:

• What a DR plan should contain
• The costs of developing a DR plan
• Do you need a DR plan at all?
• The legal and civil liabilities of not having a plan
• Downtime and data loss as two sides of the same coin
• Four different methods for testing your DR plan
• DR as a subset of high availability
• Methods and technologies for protecting data through a disaster
• How disasters might affect the people who are responsible for recovery
• Building and staffing DR teams
• The role of senior management in DR
• Convincing management that a DR plan is necessary
• A real-life case study of a company that survived the 9/11 disaster

Evan Marcus (W8) is a Senior Systems Engineer and High Availability Specialist with VERITAS Software Corporation. Evan has more than 14 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).