S1 Windows NT and UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts Corporation;
Gerald Carter, Auburn University

Who should attend: System administrators who are responsible for heterogeneous Windows NT— and UNIX—based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it's recommended they have systems administration experience in at least one of these OSes.

Today's organizations choose computing solutions from a variety of vendors. Often, integrating the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This course covers specific problem areas in administering a mixture of UNIX and Windows NT systems. The focus will be on practical solutions that can be applied today to real-world administration problems.

Topics include:

• Overview of NT and UNIX
  • Basic homogeneous setups
  • Services: what's offered, and how
  • Similarities
  • Differences
  • Potential sticking points
• Areas of interest
  • Electronic mail
  • Web servers
  • User authentication
  • File serving
  • Printing
  • Faxes and modems
  • Host-to-host connectivity
  • Remote administration
  • Backup and restore

For each of the areas of interest we will cover:

• Current uses in homogeneous environments
• Available answers--where integration can happen
• Integration solutions, how to choose one, some useful tools
• Security considerations

Phil Cox (S1, M1) is a consultant for SystemExperts Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login:, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S.
in computer science from the College of Charleston, South Carolina.



Gerald Carter (S1, M2) has been a member of the Samba Team since 1998 and has been maintaining Samba servers for the past four years. As a network manager at Auburn University, Gerald maintains approximately 700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach Yourself Samba in 24 Hours (Sams Publishing) and has worked as an instructor or technical reviewer for major publishers.




S2 Hacking Exposed: LIVE!
George Kurtz and Eric Schultze, Rampart Security Group

Who should attend: Network and system administrators, security administrators, and technical auditors who want to secure their UNIX/NT—based networks.

Is your UNIX/NT—based network infrastructure up to meeting the challenge of malicious marauders? In this tutorial we'll present the methodologies used by today's hackers to gain access to your networks and critical data. We'll demonstrate a typical attack exploiting both well-known and little-known NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX vulnerabilities to circumvent traditional security mechanisms. And we'll identify opportunities to better secure the host and networks against more esoteric attacks. All examples will be demonstrated on a live network of machines.

Topics include:

• Footprinting your site
  • Port scanning
  • Banner grabbing
• Exploiting common configuration and design weaknesses in NT networks
  • Enumerating user and system information from NT 4 and Windows 2000 hosts
  • Exploiting Web services
  • Logging on to NT using only the password hash
  • Routing through IPX and NetBEUI networks
  • Grabbing remote shells on NT
  • Hijacking the GUI
  • Hidden trojans: executing streamed files
• Bypassing routers and firewall filtering
  • Using source ports
  • Leveraging port redirection
  • 101 uses for Netcat
• Linking NT and UNIX vulnerabilities for maximum exploitation
• Securing NT systems to prevent attacks

George Kurtz (S6, M4) has performed hundreds of firewall, net work, and e-commerce—related security assessments throughout his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associated Press. He is the co-author of the widely acclaimed Hacking Exposed: Network Security Secrets and Solutions.



Eric Schultze (S6, M4) specializes in assessing and securing Microsoft products. He is a contributing author to Hacking Exposed: Network Security Secrets and Solutions and is a frequent speaker at security conferences, including Black Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education resource center, presenting workshops on NT4 and Windows 2000 security.




S3 Windows NT Performance Monitoring, Benchmarking and Tuning
Mark T. Edmead, Windows NT Consultant

Who should attend: Users and administrators who want detailed information on how to get the best performance out of their Windows NT workstations and servers.

Topics include:

• Overview of the NT system from an internals point of view
  • Differences between the Workstation and the Server product
  • Performance
  • The computer's resource components and their interrelationships
• Performance monitoring and data gathering tools, with emphasis on using the Windows NT Performance Monitor to automatically gather system resource data for further analysis
• System components and how to solve specific performance problems
  • Why they occur
  • How to fix them
• Specific system settings for optimal Workstation or Server performance
• Registry settings
• Performance tradeoffs

We will cover each of the system resources in detail--CPU, memory, disk, and network--and will show how to analyze their performance and how to break up bottlenecks.

Mark T. Edmead (S3) has over 20 years' experience in soft ware product development, system design, and project management. He was awarded the Entrepreneur of the Year 1988 finalist award sponsored by Arthur Young and Venture Magazine. Previously he taught advanced Windows 3.1 and Windows NT programming at UC San Diego. He is currently a senior Windows NT instructor for Learning Tree International and a consultant for IBM Global Services, assisting clients with Windows BackOffice solutions and e-commerce security. He is the co-author of Windows NT: Performance, Monitoring and Tuning (Macmillan Publishing).


S4 Windows NT/2000 Internals
Jamie Hanrahan, Azius Developer Training

Who should attend: This tutorial is aimed at operating system developers, applications programmers, and system administrators who need to understand the internal behavior and architecture of Windows NT and Windows 2000. (Note: The information presented is valid for both NT Version 4 and Windows 2000.)

Windows NT/2000 is built on a new operating system code base, similar in many ways to well-established OSes such as UNIX and VMS, and very different from Microsoft's DOS/Win16/Windows 9x platforms. This tutorial will describe the behavior of Windows NT/2000 from a "system architecture" point of view. Using a variety of tools, we will explore internal interfaces and the behavior of the system, show how the OS implements fundamental operating-system functions such as scheduling and memory management, and show how the architecture affects some of its functionality.

Topics include:

• General system architecture
• Internal changes from Windows NT to Windows 2000
• Providing operating system functions to user mode
• Thread scheduling
• Memory management internals
• Using and interpreting performance measurement tools

Jamie Hanrahan (S5) is an independent consultant specializing in system software development and training. He has shipped over two dozen Windows NT and Windows 2000 drivers to clients, and has presented his Windows NT/2000 Device Driver and Internals seminars to literally thousands of students from most of the major Windows hardware vendors. He is writing a book on Windows NT/2000 device drivers, to be published by O'Reilly and Associates. His Windows 2000 device driver and internals seminars are offered through Azius Developer Training.




M1 Windows 2000 Security
Phil Cox, SystemExperts; Paul Hill, MIT

Who should attend: System and network administrators who will need to implement or maintain Windows 2000—based systems and networks, and site managers charged with selecting and setting site security requirements.

The security implications of a large Windows 2000 (Win2K) deployment are not yet well understood. The instructors of this tutorial present the problems and solutions surrounding Win2K and the security of the networks it runs on. They'll cover the design of Win2K from a security standpoint and outline what Win2K has "out of the box" for security. In addition, they'll discuss Win2K-related risks and appropriate countermeasures. They will conclude with specific recommendations on firewalling Win2K, as well as pointers on how to "harden" the system.

Topics include:

• Overview of Win2K
  • Domains/Active Directory
  • Authentication: Kerberos, NTLM, smart cards, certificates, PKI
  • Authorization: Group policies
  • Auditing: Event auditing, WEBM, WMI, SNMP
  • Network services
• Security threats
  • What are the threats?
  • Who are the hackers?
  • Methods of attacks
  • Win2K—specific threats to watch for
• What Win2K provides as countermeasures
  • Defining security
  • Authentication
  • Authorization
  • Auditing
  • Protective measures
  • Detecting and dealing with attacks
  • User and group security management
  • File system security and resource sharing
• Firewalling Win2K
  • Defensive strategies
  • What you need to filter
• Steps to hardening Win2K

Phil Cox (S1, M1) is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login:, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.



Paul B. Hill (M1), a programmer/analyst at the Massachusetts Institute of Technology, has been involved with the development of MIT's Kerberos implementation since 1991 and has been working with Microsoft operating systems since 1982. Paul is the senior programmer on MIT's Project Pismire, a project to provide an academic computing environment on Windows 2000 that is integrated into MIT's existing Athena computing environment. Paul also consults on system security.


M2 Configuring and Administering Samba Servers
Gerald Carter, Auburn University

Who should attend: System and network administrators who wish to integrate Samba running on a UNIX-based machine with Microsoft Windows clients. No familiarity with Windows networking concepts will be assumed.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring Samba servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

• Installing Samba from the ground up
• The basic Microsoft networking
  protocols and concepts, such as NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
• Configuring a UNIX box to provide remote access to local files and printers from Microsoft Windows clients
• Utilizing client tools to access files on Windows servers from a UNIX host
• Configuring Samba as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
• Using Samba as a domain controller
• Configuring Samba to participate in network browsing
• Automating the daily tasks of managing Samba

Gerald Carter (S1, M2) has been a member of the Samba Team since 1998 and has been maintaining Samba servers for the past four years. As a network manager at Auburn University, Gerald maintains approximately 700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach Yourself Samba in 24 Hours (Sams Publishing) and has worked as an instructor or technical reviewer for major publishers.




M3 Topics in Windows NT/2K System Administration: Hot & Cool
Aeleen Frisch, Exponential Consulting

Who should attend: System administrators responsible for Windows NT and Windows 2000 servers.

Topics include:

• What's new in Windows 2000: An overview of the new features from a system administrator's point of view.
• Effective group policies: The new group policies in Windows 2000 have the potential to be a powerful management and security tool. We will look at them in detail, focusing on how to use them to achieve the results you want/need.
• Disk management and optimizing I/O performance: We will consider a variety of items in this general area, including:
  • NTFS version 4 vs. 5;
  • Fault tolerance and volume management features;
  • Monitoring/tuning I/O performance.
• Automating administrative tasks: Every administrator wants to minimize the amount of time spent performing routine tasks. We will consider several levels at which such jobs can be automated, ranging from unattended OS installations, to the automation facilities included with the operating system, to creating your own scripts and services.
• Securing a system and monitoring it afterwards: Windows 2000's initial release included a security vulnerability during installation. We'll look at what's needed to secure a Windows NT/2000 system and ways of monitoring its status in order to keep it secure.

Aeleen Frisch (M3) has been a system administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration. Aeleen Frisch (M3) has been a system administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.



M4 Secure Migration to Windows 2000
George Kurtz and Eric Schultze, Rampart Security Group

Who should attend: Network and system administrators who have been charged with upgrading NT4 networks, security administrators who are responsible for making sure that the Windows 2000 environment will be in compliance with corporate policies, and system auditors who will be assessing the migration from NT4 to Windows 2000.

Windows 2000 offers a wealth of new security options. In order to take advantage of these features, great care must be taken when planning the migration strategy from NT4 to Windows 2000. During this session, we'll develop a multi-phase approach for successfully migrating from NT4 and securing the Windows 2000 environment.

Topics include:

• Preparing the NT4 environment for upgrade (cleansing and collapsing the domains)
• Determining appropriate naming structures
• Selecting Forest, Trust, Domain, and Organizational Unit (OU) designs
• Implementing advanced security features to support the organization's policies:
  • Group policies
  • Delegated administration
  • Proper use of Trusts
  • Management and design of OUs
  • Per-host and per-user authentication options

We will also demonstrate vulnerabilities inherent in default installation modes and mixed NT4—Windows 2000 environments. Countermeasures and recommended security settings will be presented for each potential weakness.

George Kurtz (S2, M4) has performed hundreds of firewall, net work, and e-commerce—related security assessments throughout his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associated Press. He is the co-author of the widely acclaimed Hacking Exposed: Network Security Secrets and Solutions.



Eric Schultze (S2, M4) specializes in assessing and securing Microsoft products. He is a contributing author to Hacking Exposed: Network Security Secrets and Solutions and is a frequent speaker at security conferences, including Black Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education resource center, presenting workshops on NT4 and Windows 2000 security.