Monday, June 25, 2001

M1 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation

Who should attend: Network, system, and firewall administrators; security auditors and those who are audited; people involved with responding to intrusions or responsible for network-based applications or systems that might be targets for crackers (determined intruders). Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

Network-based host intrusions, whether they come from the Internet, an extranet, or an intranet, typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the ways crackers perform these activities. You will learn what types of protocols and tools they use, and you will become familiar with a number of current methods and exploits. The course will show how you can generate vulnerability profiles of your systems. Additionally, it will review some important management policies and issues related to these network-based probes.

The course will focus primarily on tools that exploit many of the common TCP/IP—based protocols, such as WWW, SSL, DNS, ICMP, and SNMP, which underlie virtually all Internet applications, including Web technologies, network management, and remote file systems. Some topics will be addressed at a detailed technical level. This course will concentrate on examples drawn from public-domain tools that are widely available and commonly used by crackers.

Topics include:

• Profiles: what can an intruder determine about your site remotely?
• Review of profiling methodologies: different "viewpoints" generate different types of profiling information
• Techniques: scanning, on-line research, TCP/IP protocol "mis"uses, denial of service, cracking clubs
• Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
• Tools: scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, SSLeay/upget
• Defining management policies to minimize intrusion risk

Topics not covered:

• Social engineering
• Buffer overflow exploits
• Browser (frame) exploits
• Shell privilege escalation

Brad Johnson (M1, T10) is vice president of SystemExperts Corporation. He has participated in the Open Software Foundation, X/Open, and the IETF, and has often published about open systems.Brad has served as a security advisor to organizations such as Dateline NBC and CNN. He is a frequent tutorial instructor and conference speaker on network security, penetration analysis, middleware, and distributed systems. He has a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

M2 Building Linux Applications NEW
Michael K. Johnson, Red Hat, Inc.

Who should attend: This class is designed for programmers who are familiar with the C programming language, the standard C library, and some basic ideas of UNIX shells: primarily pipes, I/O redirection, and job control. We will discuss (come prepared to ask questions) the major O/S related components of a Linux application and how they fit together. This course will prepare you to start building Linux applications. Since Linux is very similar to UNIX, you will be fundamentally ready to build UNIX applications as well.

The core of the tutorial will be an introduction to system programming: the process model, file I/O, file name and directory management, and signal processing lead the list. We will more briefly cover (in more or less depth depending on participant interest) ttys and pseudo ttys, time, random numbers, and simple networking.

We will then cover some system library functionality, including globbing and regular expressions, command line parsing, and dynamic loading. If there is sufficient interest and time, we will briefly survey the great variety of application programming libraries.

Michael K. Johnson (M2) has worked with Linux since the first publicly released version. He is the co-author of Linux Application Development (Addison-Wesley, 1998) and is a software developer for Red Hat, Inc. Michael has written kernel, system, and application code for Linux and has been teaching Linux courses and tutorials for six years.


M3 Advanced Topics in Perl Programming
Tom Christiansen, Consultant

Who should attend: Perl programmers interested in honing their skills for quick prototyping, system utilities, software tools, system management tasks, database access, and WWW programming. Participants should have several months' experience in basic Perl scripting.

Topics include:

• Complex data structures
• References
• Memory management and anonymous data structures
• Packages and modules
• Namespaces, scoping, and extent
• Classes and objects
• Object-oriented programming
• Process control and management
• Pipes and signals
• Advanced I/O techniques and file locking
• Assorted tips and tricks to use Perl effectively

Upon completion of this course, students will be able to:

• Develop standard and OO modules
• Understand complex and hierarchical data structures
• Understand Perl's facilities for file locking
• Use Perl for multi-process and daemon programming
• Understand inheritance, closures, and scoping in Perl

Tom Christiansen (M3, T3) has been involved with Perl since day zero of its initial public release in 1987. Lead author of The Perl Cookbook, co-author of the second editions of Programming Perl and Learning Perl, and co-author of Learning Perl on Win32 Systems, Tom is also the major caretaker of Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a master's in computer science. He now lives in Boulder, Colorado.

M4 Topics for System Administrators, 1 NEW
Evi Nemeth, University of Colorado; Ned McClain, XOR Network Engineering; Tor Mohling, University of Colorado

Who should attend: This class will cover a range of timely and interesting UNIX system administration topics. It is intended for system and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of five topics spread throughout the day.

File systems and storage: This section will cover features of modern file systems and how they affect the life of a system administrator. We will survey existing file systems, ending with a brief discussion of trends and probable developments.

What's new in BIND9? BINDv9 includes a long laundry list of features needed for modern architectures, huge zones, machines serving a zillion zones, co-existence with PCs, security, and IPv6--specifically, dynamic update, incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME records.

Machine room design: With the ever-increasing popularity of the Web as well as the general necessity for reliable data-access, more and more sites are requiring 24x7 server availability. We will look at the transition from small machine room to (large) data center, and what you can do to make it easier to manage cables, power, A/C, and so on.

Security tools: A new generation's worth of security management tools are on the loose. We'll help you understand how to use such tools as Nessus, nmap, host firewalling software, CFS, and TCFS.

Host security: Although the specific configuration tips refer to Linux and Solaris, the concepts are generic, applying well to other UNIX operating systems. This section will include technical discussion designed to help administrators identify weak points in their own installations.

	Evi Nemeth (M4, T4), a faculty member in computer science at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.
	Ned McClain (M4, T4) is a lead engineer at XOR Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.
	Tor Mohling (M4) is currently a Unix systems administrator for the University of Colorado at Boulder's Computer Science department. He was bewitched by Evi Nemeth as a young child and forced to run dump(8) on VAX 11/780's running BSD 4.0. After under-graduate work in Comparative Religion and Philosophy, he worked as a brewer. This work drove him into graduate school studying Computer Science. He teaches sys-admin classes for the CS department at CU Boulder.

M5 Sendmail Configuration and Operation (Updated for Sendmail 8.12)
Eric Allman, Sendmail, Inc.

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This will be an intense, fast-paced, full-day tutorial for people who have already been exposed to sendmail. This tutorial describes the latest release of sendmail from Berkeley, version 8.12.

We begin by introducing a bit of the philosophy and history underlying sendmail.

Topics include:

• The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
• Configuring sendmail using the M4 macro package
• Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command-line flags, tuning, and security
• How sendmail interacts with the Domain Name System

Eric Allman (M5) is the original author of sendmail. He is the author of syslog, tset, the -me troff macros, and trek. He was the chief programmer on the INGRES database management project, designed database user and application interfaces at Britton Lee,and contributed to the Ring Array Processor project at the International Computer Science Institute. He is a former member of the USENIX Board of Directors.

Who should attend: Beginning and intermediate UNIX system and network administrators, and UNIX developers concerned with building applications that can be deployed and managed in a highly resilient manner. A basic understanding of UNIX system programming, UNIX shell programming, and network environments is required.

This course will explore procedures and techniques for designing, building, and managing predictable, resilient UNIX-based systems in a distributed environment. Hardware redundancy, system redundancy, monitoring and verification techniques, network implications, and system and application programming issues will all be addressed. We will discuss the trade-offs among cost, reliability, and complexity.

Topics include:

• What is high availability? Who needs it?
• Defining uptime and cost; "big rules" of system design
• Disk and data redundancy; RAID and SCSI arrays
• Host redundancy in HA configurations
• Network dependencies
• Application system programming concerns
• Anatomy of failovers: applications, systems, management tools
• Planning disaster recovery sites and data updates
• Security implications
• Upgrade and patch strategies
• Backup systems: off-site storage, redundancy, and disaster recovery
• Managing the system: managers, processes, verification

Evan Marcus (M6) , who has 14 years of experience in UNIX systems administration, is now VERITAS Software Corporation's Data Availability Maven. At Fusion Systems and OpenVision Software, Evan worked to bring the first high availability software application for SunOS and Solaris to market. He is the author of several articles and talks on the design of high availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).

Who should attend: Administrators and programmers interested in the potential of the Lightweight Directory Access Protocol (LDAP) and in exploring issues related to deploying an LDAP infrastructure. This tutorial is not designed to be a how-to for a specific LDAP server, nor is it an LDAP developers' course. Rather, it is an evaluation of the potential of LDAP to allow the consolidation of existing deployed directories. No familiarity with LDAP or other Directory Access Protocols will be assumed.

System administrators today run many directory services, though they may be called by such names as DNS and NIS. LDAP, the up-and-coming successor to the X500 directory, promises to allow administrators to consolidate multiple existing directories into one. Vendors across operating-system platforms are lending support.

Topics include:

• The basics of LDAP
• Current technologies employing LDAP services
• Replacing NIS using LDAP
• Integrating authentication mechanisms for other services (e.g., Apache, Sendmail, Samba) with LDAP
• LDAP interoperability with other proprietary Directory Services, such as Novell's NDS and Microsoft's Active Directory
• Programming tools and languages available for implementing LDAP support in applications

Gerald Carter (M7, W7), a member of the Samba Team since 1998, is employed by VA Linux Systems. He is working with O'Reilly Publishing on a guide to LDAP for system administrators. He holds an M.S. in computer science from Auburn University, where he also served as a network and systems administrator. Gerald has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He is the lead author of Teach Yourself Samba in 24 Hours (Sams Publishing).

M8 Large Heterogeneous Networks: Planning, Building, and Maintaining Them While Staying Sane NEW
Lee Damon, University of Washington

Who should attend: Anyone who is designing, implementing or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This tutorial won't propose one "perfect solution." Instead, it will try to raise all the questions you should ask in order to design the right solution for your needs.

Topics include:

• Administrative domains: Who is responsible for what? What can users do for themselves?
• Desktop services vs. farming: Do you do serious computation on the desktop, or do you build a compute farm?
• Disk layout: How should you plan for an upgrade? Where do things go?
• Free vs. purchased solutions: Do you write your own, or do you outsource?
• Homogeneous vs. heterogeneous: Homogeneous is easier, but will it do what your users need?
• Master database: What do you need to track, and how?
• Policies to make your life easier
• Push vs. pull: Do you force data to each host, or wait for a client request?
• Quick replacement techniques: How to get the user back up in 5 minutes
• Remote install/upgrade/patching: How can you implement lights-out operation? Handle remote user sites? Keep up with vendor patches?
• Scaling and sizing: How do you plan?
• Security vs. sharing: Users want access to everything. So do crackers. Where and how do you draw the line?
• Single sign-on: Can one-password access to multiple services be secure?
• Single system images: Can you find the Holy Grail? Should each user see everything the same way, no matter what environment they're working in, or should each user's access to each service be consistent with his/her own environment?
• Tools: What's free? What should you buy? What can you can write yourself?

The class will concentrate on UNIX.

Lee Damon (M8) holds a B.S. in speech communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He has developed several large-scale mixed environments. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document.

M9 Communicating in Difficult Situations NEW
Stephen C. Johnson, Transmeta Corp.; Dusty L. White, Consultant

Who should attend: Anyone whose job involves important communication, be it with customers, management, or co-workers. This class should be especially useful to managers.

Do you work with difficult people? They may be clients, employees, peers, or managers. Or do you have to communicate or even manage people who are remote, communicating mostly through email? This tutorial discusses why some people and situations are difficult, and how to develop your own abilities and become more flexible in dealing with these difficulties. The focus is on giving you specific techniques you can try in the class and then take home to use immediately.

Technical people communicate a lot of information. Typically, this information seems quite clear to us, yet others frequently misinterpret it. The misinterpretation may distort facts, but often it distorts intention as well, leading to further problems. Most of us find that some people we work with seem almost to read our mind, while others seem unable to understand anything we say.

We focus on examples and simple exercises that demonstrate that there are many different ways to communicate, and that most people use only a small fraction of the available ways. The more communication techniques you master, the more people you can communicate with easily. The key to overcoming difficulties in communication is not just to keep trying, but to keep trying different things until you find something that works.

Topics include:

• Reaching agreement with negative people
• Saying "no" so that it will be understood and stick
• Negotiating compromises
• Building trust
• Giving feedback constructively
• Communicating with people who don't like to communicate
• Fitting loners into a group
• Knowing when to disengage from difficult people

Stephen Johnson (M9, T9) has been a technical manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs and has been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk at LISA three years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at USENIX conferences, as well as at Transmeta.

Dusty White (M9, T9) was an early employee of Adobe, where she served in various managerial positions. She now works in Silicon Valley as a trainer, coach, and troubleshooter for technical companies. She has presented tutorials at LISA and the USENIX Annual Technical Conference.

M10 Wireless Networking Fundamentals: WANs, LANs, and PANs NEW
Chris Murphy, MIT; Jon Rochlis, The Rochlis Group, Inc.

Who should attend: Anyone involved with network design, implementation, and support, and content providers who need familiarity with wireless technologies and how those technologies can affect their service offerings. A basic understanding of wired network architecture over local and/or wide areas is required.

For years people have dreamed of "unwired" access--anywhere, anytime--to networks and the data they contain. Recently, the advent of standards for wireless LANs, the development of powerful handheld devices, and widespread deployment of services such as digital cellular systems have made the promise of wireless networking more realizable than ever before.

Topics include:

• Wide-area networks
  • CDPD
  • Cellular modem
  • PCS
  • GSM
  • pager
  • satellite
• Local-area networks
  • 802.11
• Personal-area networks
  • Bluetooth
  • IrDA
• Home vs. office use
• Standards and interoperability
• Integration with wired networks and services
• Cost: Budget salvation, or sinkhole?
• Support: Will you need new skills?
• Security
• Product survey
• Future trends and possibilities

Chris Murphy (M10) is a network engineer in the Network Operations Group at MIT. He and his colleagues manage the design, implementation, and operation of a TCP/IP and Appletalk network with over 25,000 hosts and 18,000 users. He was responsible for the design and implementation of MIT's dial-up PPP service, Tether. Mr. Murphy is also a co-manager of MIT's Desktop Products team.

Jon Rochlis (M10) provides advice on networking, network security, distributed systems design and management, and electronic commerce to both large and small businesses. He has been a senior consultant with SystemExperts Corp., an engineering manager with BBN Planet, Director of the Cambridge Technology Center of OpenVision Technologies, and a technical supervisor for the Development Group of MIT's Distributed Computing and Network Services, the follow-on to Project Athena. Jon has also served on the NEARnet Technical Committee. He holds a B.S. in computer science and engineering from MIT.

Tuesday, June 26, 2001

T1 Internet Security for UNIX & Linux System Administrators
Ed DeHart, Prism Servers, Inc.

Who should attend: UNIX and Linux system and network administrators and operations/support staff. After completing the tutorial, you should be able to establish and maintain a site that allows the benefits of Internet connectivity while protecting your organization's information.

You will learn strategies to reduce the threat of Internet intrusions and to improve the security of your UNIX and Linux systems connected to the Internet, as well as how to set up and manage Internet services appropriate to your site's mission.

Topics include:

• Latest news on security problems
• UNIX and Linux system security
• TCP/IP network security
• Site security policies

Ed DeHart (T1) is a former member of Carnegie Mellon University's CERT Coordination Center, which he helped found in 1988. Ed has also owned an ISP, Pittsburgh OnLine Inc., which operated several UNIX servers. Currently, Ed is President of Prism Servers, Inc., a manufacturer of Internet firewalls and UNIX-based Internet servers.

T2 Perl for System Administration—The Power and the Praxis NEW
David N. Blank-Edelman, Northeastern University CCS

Who should attend: People with system administration duties, advanced-beginner to intermediate Perl experience, and a desire to make their jobs easier and less stressful in times of sysadmin crises.

Perl was originally created to help with system administration, so it is a wonder that there isn't more instructional material devoted to helping people use Perl for this purpose. This tutorial hopes to begin to remedy this situation by giving you six solid hours of instruction geared towards putting your existing Perl knowledge to practice in the system administration realm.

The morning section will concentrate on the power of Perl in this context. Based on the instructor's O'Reilly book, we'll take a multi-platform look at using Perl in cutting-edge and old-standby system administration domains. This jam-packed survey will include:

• Secure Perl scripting
• Dealing with files and file systems (including source control, XML, databases, and log files)
• Dealing with SQL databases via DBI and ODBC
• Email as a system administration tool (including spam analysis)
• Network directory services (including NIS, DNS, LDAP, and ADSI)
• Network management (including SNMP and WBEM)

In the afternoon, we will look at putting our Perl knowledge to work for us to solve time-critical system administration problems using short Perl programs. Centered around a set of "battle stories" and the Perl source code used to deal with them, we'll discuss different approaches to dealing with crises using Perl.

At the end of the day, you'll walk away from this class with Perl approaches and techniques that can help you solve your daily system administration problems. You'll have new ideas in hand for writing small Perl programs to get you out of big sysadmin pinches. And on top of all this, you are also likely to deepen your Perl knowledge.

David N. Blank-Edelman (T2) is the Director of Technology at the Northeastern University College of Computer Science and the author of Perl for System Administration (O'Reilly). He has spent the last 15 years as a system/network administrator in large multi-platform environments and has served as Senior Technical Editor for the Perl Journal. He has also written many magazine articles on world music.

T3 Advanced CGI Techniques Using Perl
Tom Christiansen, Consultant

Who should attend: Experienced Perl programmers and Webmasters interested in learning more about CGI techniques than would be learned in a class on how to write

a CGI program in Perl. Attendees are assumed to know the fundamentals of HTML and CGI programming, as well as using (but not writing) Perl modules.

CGI programming is fundamentally an easy thing. The Common Gateway Interface merely defines that a CGI program be able to read stdin and environment variables, and to write stderr. But writing efficient CGI programs of any degree of complexity is a difficult process.

Topics include:

• Multi-stage forms
  • Sequential "shopping cart" systems
  • Undirected "jump page" systems
  • Techniques for recording selections across pages
• Cookies
  • For authentication and authorization
  • For user tracking
  • For data validation
  • For data hiding and indirection
  • Data exchange and efficiency
  • File uploading
  • Redirection and temporary aliasing
• CGI Security
  • Taint checking
  • Denial-of-Service attacks
  • Data security
• Daemonization of processes
  • Fast CGI and mod_perl
  • Front-end/back-end solutions
  • Backgrounding
• Invocation and response techniques
  • Statelessness and statefulness
  • PATH_INFO vs. cookies vs. CGI parameters
  • Static vs. dynamic vs. locally cached responses
• Web automation from CGI scripts
  • Fetching remote pages
  • Parsing HTML and extracting data
  • Determining and setting image sizes

In all examples, we will show which Perl modules make these tasks easier. Numerous code examples will be provided, as well as pointers to Web pages containing fully functioning examples for later examination.

Tom Christiansen (M3, T3) has been involved with Perl since day zero of its initial public release in 1987. Lead author of The Perl Cookbook, co-author of the second editions of Programming Perl and Learning Perl, and co-author of Learning Perl on Win32 Systems, Tom is also the major caretaker of Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a master's in computer science. He now lives in Boulder, Colorado.

T4 UNIX Network Programming Topics NEW
Evi Nemeth, University of Colorado; Ned McClain, XOR Network Engineering; Andy Rudoff, Sun Microsystems; Bill Fenner, AT&T Labs—Research

Who should attend: Programmers who are rusty in network programming or newcomers to network programming. We assume that you know programming in C and a bit of Perl and Java, so we concentrate on the interfaces to the network libraries. We look at both the socket level and higher-level interfaces such as RPC and RMI.

This tutorial attempts to follow in the footsteps of Richard Stevens' wonderful USENIX tutorials of the past. We begin with an introduction to the client-server paradigm and the various levels of network programming interfaces. We include the C socket interfaces and data structures, Perl networking interfaces, and of course Java. For the C interfaces we look in detail at the IPv4 and IPv6 constructs available and also at the ioctl magic necessary to make a socket connection behave properly.

We briefly cover multicast programming, which is used for applications typically involving audio or video data that needs to go from one source to many destinations efficiently. Finally, we discuss debugging network programs.

	Evi Nemeth (M4, T4), a faculty member in computer science at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.
	Ned McClain (M4, T4) is a lead engineer at XOR Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.
	Andy Rudoff (T4) works for Sun Microsystems in Boulder, Colorado, where he is a software architect focusing on reliability, availability, and serviceability. His background is in operating systems, networking, and fle systems. He has taught various courses over the years, including network programming and part of Evi Nemeth's first USENIX tutorial.
	Bill Fenner (T4) is a Principal Technical Staff Member at AT&T Labs—Research in Menlo Park, California, where he primarily works on IP multicasting and IP network management and measurement. Bill is an active participant in the IETF, chairing two working groups and contributing to several more. He also occasionally acts as a developer for the FreeBSD project, concentrating on networking issues.

T5 Cryptography Decrypted NEW
H.X. Mel and Doris Baker, Consultants

Who should attend: Anyone working with computer security--security professionals, network administrators, IT managers, CEOs, and CIOs--will want to have a comfortable understanding of the cryptographic concepts covered in this seminar.

The tutorial is based on the book, Cryptography Decrypted, a pictorial introduction to cryptography recently published by Addison-Wesley, which describes the component parts of secret key and public key cryptography with easy-to-understand analogies, visuals, and historical anecdotes.

The tutorial covers four broad categories:

• Secret keys and secret-key methods such as DES and the new Advanced Encryption Standard Rijndael
• Public and private keys and public key methods like RSA
• How keys are distributed through digital certificates
• Three real-world systems. Common cryptographic terminology is clarified and made concrete with numerous graphics.

This presentation is designed to be understandable by those with little previous knowledge of cryptography but systematic and comprehensive enough to solidify the knowledge for those with some understanding of the subject. Cryptographic terms (e.g. confidentiality, authentication, integrity, etc) are clarified and made concrete with images. As we examine the pieces (e.g. digital signatures, hash, and digital certificates), we'll look at cryptographic capabilities like detecting imposters and stopping eavesdropping. We'll also examine some possible attacks such as man-in-the-middle and birthday attacks.

Cryptographic systems such as secure email (S-MIME and PGP mail), secure socket layers (SSL), and internet protocol security (IPsec) are outlined using the component parts described. Both X-509 and PGP public key distribution and authentication systems are described and contrasted.

A security professional who authored Cryptography Decrypted's Foreword wrote: "Even after 10 years working in the field of information protection for a major electronics manufacturing company, I learned a lot from this book. I think you will too."

H.X. Mel (T5) has taught custom-designed technology courses for employees of Lucent, Xerox, MIT, the US Treasury/GAO, Motorola, Goldman Sachs, and Price Waterhouse Coopers. Over the last seven years, Mel has taught a variety of subjects, including Java, C++, and Visual Basic, and in the past two years he managed the development of a secure file-transport program using cryptographic technologies and wrote Cryptography Decrypted.

Doris Baker (T5), as a freelance writer and technical editor, has collaborated with H. X. Mel on many projects. Over the past twenty years, she's worn the hats of magazine editor, public relations manager, and computer-training government contractor.


T6 Network Design for High Availability NEW
Vincent C Jones, Networking Unlimited, Inc.

Who should attend: System and network designers and administrators who want to improve the availabiity of their network infrastructure and Internet access, and anyone looking for a survey of how IP networks can fail and techniques for keeping critical network services available despite failures. Attendees should already be familiar with basic network terminology and concepts, TCP/IP protocols, and the role of routers and switches. (This tutorial is designed to complement Tutorial M6, "Designing Resilient Distributed Systems--High Availability.")

No matter how the price is measured, downtime impacts the bottom line. As organizations grow ever more dependent upon computers and their support networks, hardware and software failures that interfere with business operations are increasingly seen to be unacceptable. Availability has become a key network performance metric, commensurate with throughput and delay.

We will discuss how to select and configure appropriate redundancy for common production network needs. The emphasis will be on how to take advantage of standard capabilities to make the network more reliable and to minimize the need for emergency manual intervention. Proven solutions based on open standards and protocols will be provided for a wide range of application requirements.

Topics include:

• Providing bullet-proof network access to servers
• Forcing dial backup calls on soft as well as hard link failures
• Tuning popular routing protocols to speed up failure recovery
• Building very large hub and spokes networks with small spoke routers
• Routing around firewall failures without sacrificing security
• Making Internet connectivity immune to the loss of a router, link, or ISP
• Continuing to provide services despite loss of an entire facility

Vincent C. Jones (T6) is the founder and principal consultant of Networking Unlimited, Inc., a network design consulting firm specializing in network performance and reliability enhancement. Vince has been applying the theory of networking to the solution of real-world problems for almost three decades and is the author of High Availability Network Design, to be published later this year by Addison-Wesley.

T7 Advanced Solaris Systems Administration Topics
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 8 and several other new topics.

Topics include:

• Installing and upgrading
  • Architecting your facility
  • Choosing appropriate hardware
  • Planning your installation, filesystem layout, post-installation
  • Installing (and removing) patches and packages
• Advanced features of Solaris 2
  • File systems and their uses
  • The /proc file system and commands
  • Useful tips and techniques
• Networking and the kernel
  • Virtual IP: configuration and uses
  • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
  • Devices: naming conventions, drivers, gotchas
• Enhancing Solaris
  • High-availability essentials: disk failures and recovery, RAID levels, uses and performance, H-A technology and implementation
  • Performance: how to track down and break up bottlenecks
  • Tools: useful free tools, tool use strategies
  • Security: locking down Solaris, system modifications, tools
  • Resources and references

Peter Baer Galvin (T7) is the chief technologist for Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a columnist for SunWorld, and is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and systems administration and has given talks at many conferences.

T8 Forensic Computer Investigations: Principles and Procedures NEW
Steve Romig, Ohio State University

Who should attend: People who investigate computer crimes and are familiar with systems or network administration and the Internet.

This tutorial will explain where evidence can be found, how it can be retrieved securely, how to build a picture of the "crime scene," and what can be done beforehand to make investigations easier and more successful. Examples are drawn from UNIX, Windows NT, and telecommunications hardware.

Topics include:

• Basic forensic science
  • What evidence is
  • How evidence is used in an investigation
  • The investigation game plan
  • How to collect and process evidence
• Where the evidence is
  • How computers and networks work
  • Examples of incidents and location of evidence
• Host-based investigations
  • Memory and swap space
  • Processes
  • Network activity
  • Files and file systems
• Network-based investigations
  • Host-based network service logs
  • Network activity logs
  • Authentication logs
  • Telco logs, including pen registers, phone traces, caller ID
• Tying it all together

Steve Romig (T8, W8) is in charge of the Ohio State University Incident Response Team and is working with a group of Central Ohio businesses to improve Internet security practices. Steve has also worked as lead UNIX system administrator at one site with 40,000 users and 12 hosts and another with 3,000 users and over 500 hosts. Steve received his B.S. in mathematics (computer science track) from Carnegie Mellon University.

T9 Basic Management Techniques NEW
Stephen C. Johnson, Transmeta Corp.; Dusty L. White, Consultant

Who should attend: Newly promoted technical managers and those who expect promotion in the near future, and people who want to understand management issues better.

So you have done well at your technical job and have been asked to take on some management responsibility. You understand the technical side of the jobs your group is doing. What else do you need to do to succeed as a manager? This class will orient you, show you techniques you can apply immediately to become more effective, and suggest ways you can guide your own growth as a manager.

One issue each new manager must deal with is power. Many managers report that although their job seemed powerful before they took it, it does not feel that way any longer. We show how power is typically

associated more with the person than with the job, and we offer practical ways you can empower yourself and others. True empowerment comes from within and can be developed even in a hostile environment.

Topics include:

• How to find out what your job really is
• How to develop a new definition of job satisfaction and success
• How to help your people grow
• How to handle performance reviews
• Why being right is not enough
• How to avoid common mistakes technical managers make
• A theory of power and empowerment
• How to experience how empowered you already are
• Empowerment and trust
• How to gain and keep agreement
• How to make goals, plans, and budgets work for you

Stephen Johnson (M9, T9) has been a technical manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs and has been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk at LISA three years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at USENIX conferences, as well as at Transmeta.

Dusty White (M9, T9) was an early employee of Adobe, where she served in various managerial positions. She now works in Silicon Valley as a trainer, coach, and troubleshooter for technical companies. She has presented tutorials at LISA and the USENIX Annual Technical Conference.

T10 Practical Wireless IP Security and Connectivity: How to Use It Safely NEW
Phil Cox and Brad C. Johnson, SystemExperts Corporation

Who should attend: Users, administrators, managers, and anyone who is interested in learning about some of the fundamental security and usage issues that we all must come to grips with in purchasing, setting up, and using wireless IP services. This course assumes some knowledge of TCP/IP networking and client/server computing, the ability or willingness to use administrative GUIs to setup a device, and a general knowledge of common laptop environments. It does not assume that the attendee is intimately familiar with the physics of signals, the various wireless protocols, or the details of various emerging wireless standards (e.g., WML, Bluetooth, 802.11, CDPD, WTLS).

The primary focus is on wireless IP services for laptops, although we'll glance at some popular mobile devices such as handheld systems and cell-phones with Internet access.

Whether you like it or not, wireless services are popping up everywhere. As time goes on, more of your personal and corporate data communications will be done over various types of wireless devices. We're faced with a proliferation of business and technical choices concerning security, hardware, software, protocols, and administration.

The good news is that generally somebody else will handle these complicated issues for users (of course, that "someone else" may be you!). However, since for most wireless services you're carrying the device everywhere you go, you and your organization will still be responsible for understanding and managing them. Since the purpose of wireless is to share data when you aren't directly attached to a wired resource, you need to understand the fundamental security and usage options.

In this course we will cover a number of topics that affect you in managing and using wireless services. Some of the topics will be demonstrated live using popular wireless devices.

Topics include:

• Wireless practicals
  • Transmission networks: packet and cellular
  • Who's using what?
  • What really matters?
• Popular access points
  • Cisco Aironet
  • Apple Airport
  • Lucent ORiNOCO
  • 3Com Airconnect
• Configuration issues
  • Setting up an access point
  • Using an access point
  • Setting up your laptop
• Threats
  • Eavesdropping
  • Transitive trust
  • Denial of service
• Practical uses
  • At home
  • At a conference
  • At work
  • At a university
• Miscellaneous wireless topics

Phil Cox (T10) is a consultant for SystemExperts Corporation. Phil frequently writes and lectures on issues of UNIX and Windows NT integration and on information security. He is the lead author of Windows 2000 Security Handbook, 2nd Edition, and a featured columnist in ;login: The Magazine of USENIX & SAGE. He has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.

Brad Johnson (M1, T10) is vice president of SystemExperts Corporation. He has participated in the Open Software Foundation, X/Open, and the IETF, and has often published about open systems.Brad has served as a security advisor to organizations such as Dateline NBC and CNN. He is a frequent tutorial instructor and conference speaker on network security, penetration analysis, middleware, and distributed systems. He has a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

Wednesday, June 27, 2001

W1 Running Web Servers Securely NEW
Rik Farrow, Consultant

Who should attend: Web server administrators, managers, and security consultants who manage or audit Web servers. We will examine every aspect of Web server security, from configuration and file permissions to scripting. At the end of this class, you will have learned how to harden a UNIX system for use as a Web server, configure Apache correctly for tightest security, write and audit Perl scripts for common weaknesses, and use the safest techniques for remote administration of Web servers.

Among the favorite targets for hackers are Web servers, because they need to be exposed in order to be useful, and, once broached, they often provide access to internal servers. While misconfiguration of the Web server can provide a way in, CGI programming has been used so often that there are even tools designed specifically to look for weaknesses in CGI.

You will learn about securing Web servers through the examples of others who were not so careful. The class begins with an in-depth description of a famous hack of a Linux server running Apache. We will look at tools for scanning Web servers, such as Whisker, that look for common mistakes, and we'll take a look at other legendary mistakes in CGI scripts. You will learn the role of Perl's taint mechanism in uncovering flaws in script design. We will explore Java's servlet mechanism and see how Java's security mechanisms can provide an additional layer of security.

Topics include:

• HTTP protocol
• The difference between GET and POST
• Hidden and browser variables
• How attackers fake requests
• Hardening the base operating system
• Use of firewalls to control access
• Secure configuration of Apache
• Safe use of modules
• Auditing Perl CGI scripts
• Use of Java servlets
• Scanning tools
• Monitoring logs for security
• Remote administration technique

Rik Farrow (W1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for U.S. and European user groups. He is the author of UNIX System Security (Addison-Wesley) and System Administrator's Guide to System V (Prentice Hall). He writes columns for ;login: and for Network.

W2 Hacking Exposed: LIVE!
George Kurtz and Stuart Mcclure, Foundstone, Inc.

Who should attend: Network and system administrators, security administrators, and technical auditors who want to secure their UNIX/NT—based networks.

Is your UNIX/NT—based network infrastructure up to meeting the challenge of malicious marauders? In this tutorial we'll present the methodologies used by today's hackers to gain access to your networks and critical data. We'll demonstrate a typical attack exploiting both well-known and little-known NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX vulnerabilities to circumvent traditional security mechanisms. And we'll identify opportunities to better secure the host and networks against more esoteric attacks. All examples will be demonstrated on a live network of machines.

Topics include:

• Footprinting your e-commerce site
  • Port scanning
  • Banner grabbing
• Exploiting common configuration and design weaknesses in NT networks
  • Enumerating user and system information from NT 4 and Windows 2000 hosts
  • Exploiting Web services
  • Logging on to NT using only the password hash
  • Routing through IPX and NetBEUI networks
  • Grabbing remote shells on NT
  • Hijacking the GUI
  • Hidden trojans: executing streamed files
• Bypassing routers and firewall filtering
  • Using source ports
  • Leveraging port redirection
  • 101 uses for Netcat
• Linking NT and UNIX vulnerabilities for maximum exploitation
• Securing NT systems to prevent attacks

George Kurtz (W2) has performed hundreds of firewall, network, and e-commerce—related security assessments throughout his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associated Press and is a co-author of the widely acclaimed Hacking Exposed: Network Security Secrets & Solutions.

Stuart McClure (W2) specializes in security assessments, firewall reviews, e-commerce application testing, hosts reviews, PKI technologies, intrusion detection, and incident response. For the past two years Stuart has co-authored a weekly column on security for InfoWorld magazine. For the past four years, he has worked both with Big 5 security consulting and the InfoWorld Test Center. Before InfoWorld, Mr. McClure has managed and secured a wide variety of corporate, academic, and government networks and systems.

W3 Inside the Linux Kernel
Ted Ts'o, VA Linux Systems

Who should attend: Application programmers and kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the release version of the Linux kernel, it will also address aspects of the development kernel codebase where its substance differs. It will not contain any detailed examination of the source code but will rather offer an overview and roadmap of the kernel's design and functionality.

Topics include:

• How the Linux kernel is organized: scheduler, virtual memory system, filesystem layers, device driver layers, and networking stacks
  • The interface between each module and the rest of the kernel, and the functionality provided by that interface
  • The common kernel support functions and algorithms used by that module
  • How modules provide for multiple implementations of similar functionality (network protocols, filesystem types, device drivers, and architecture-specific machine interfaces)
• Basic ground rules of kernel programming (dealing with issues such as races and deadlock conditions)
• Implementation of the most important kernel algorithms and their general properties (aspects of portability, performance, and functionality)
• The main similarities and differences between Linux and traditional UNIX kernels, with attention to places where Linux implements significantly different algorithms
• Details of the Linux scheduler, its VM system, and the ext2fs file system.
• The strict requirements for ensuring that kernel code is portable

Theodore Ts'o (W3) has been a Linux kernel developer since almost the very beginnings of Linux--he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is currently employed by VA Linux Systems.

W4 Network Programming with Perl NEW
Lincoln Stein, Perl hacker

Who should attend: Novice to intermediate Perl programmers who understand the basics of input and output, loops, regular expression matches, and the array and hash data types. A working familiarity with Perl5's object-oriented syntax is also recommended. You should understand the basics of networking, including the concepts of IP addresses, DNS names, and servers.

This tutorial will show you how to write robust client/server applications in Perl. We will begin with simple TCP-based clients that you can use to talk such standard services as ftp, http, mail, and news. We will then turn to writing client/server applications from scratch, using as our examples applications that range from toys (a TCP-based psychotherapist server) to full-scale applications (an Internet chat system based on multicasting).

Topics include:

• Perl's low-level socket interface.
• The high-level IO::Socket, IO::Select and IO::Poll modules.
• Forward and reverse name resolution.
• The Net::FTP, Net::Telnet, Net::SMTP, LWP and MIME modules
• Choosing between TCP and UDP services.
• Choosing the right server architecture:
  • Fork-and-select
  • Multiplexed
  • Multithreaded
  • Preforked
• Advanced networking topics
  • Broadcasting
  • Multicasting
  • Non-blocking I/O

Lincoln Stein (W4) is a researcher at Cold Spring Harbor Laboratory, where he works on information architecture related to the Human Genome Project. He is the author of How to Set Up and Maintain a Web Site, Web Security: A Step-by-Step Reference Guide, The Official Guide to Programming with CGI.pm, and, most recently, Network Programming with Perl.

W5 Cryptographic Algorithms Revealed
Greg Rose, Qualcomm

Who should attend: Anyone interested in a fairly detailed overview of what makes cryptographic algorithms work, and, when they don't work, how they are broken. Some of the Advanced Encryption Standard finalists are covered to provide lessons in block ciphers, with the winner, Rijndael, treated in depth.

Some mathematical background is required--at the very least, familiarity with common mathematical notation and polynomials, and some elementary statistical knowledge. You've been warned.

Topics include (unless time runs out):

• Brief history
  • substitution and transposition
  • development of DES
  • public-key cryptography
• Symmetric block ciphers
  • Feistel ciphers in general
  • DES
  • Other AES candidates (Twofish, RC6, Serpent)
  • Rijndael (AES) in depth
  • Block-cipher modes of operation
• Symmetric stream ciphers
  • Linear feedback shift registers
  • A5, SOBER, and other LFSR-based constructions
• Cryptanalysis
  • Differential & linear cryptanalysis
  • Attack assumptions and threat models
  • Attacks on stream ciphers
• Public-key systems
  • Group and finite field theory
  • Discrete log systems (El Gamal, Diffie-Hellman, DSS)
  • RSA
  • Elliptic curves
• Other stuff
  • Hash functions, SHA-1, SHA-256

Greg Rose (W5) is a Principal Engineer for QUALCOMM International, based in Australia, where he works on cryptographic security and authentication for third-generation mobile phones and other technologies. He holds a number of patents for cryptographic methods and has successfully cryptanalyzed widely deployed ciphers.

W6 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore techniques for tuning systems, networks, and application code. Starting from a single-system view, we'll examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll move on to Network File System tuning and performance strategies. Detailed treatment of network performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and controlling response time will be covered. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

• Performance tuning strategies
  • Practical goals
  • Monitoring intervals
  • Useful statistics
  • Tools, tools, tools
• Server tuning
  • Filesystem and disk tuning
  • Memory consumption and swap space
  • System resource monitoring
• NFS performance tuning
  • NFS server constraints
  • NFS client improvements
  • NFS over WANs
  • Automounter and other tricks
• Network performance, design, and capacity planning
  • Locating bottlenecks
  • Demand management
  • Media choices and protocols
  • Network topologies: bridges, switches, routers
  • Throughput and latency
  • Modeling resource usage
• Application tuning
  • System resource usage
  • Memory allocation
  • Code profiling
  • Job scheduling and queuing
  • Real-time issues
  • Managing response time

Marc Staveley (W6) recently took a position with Soma Networks, where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc was an independent consultant and has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, systems administration, and performance tuning.

W7 Configuring and Administering Samba Servers
Gerald Carter, VA Linux Systems

Who should attend: System and network administrators who wish to integrate Samba running on a UNIX-based machine with Microsoft Windows clients. No familiarity with Windows networking concepts will be assumed.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring Samba servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

• Installing Samba from the ground up
• The basic Microsoft networkingprotocols and concepts, such as NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
• Configuring a UNIX box to provide remote access to local files and printers from Microsoft Windows clients
• Utilizing client tools to access files on Windows servers from a UNIX host
• Configuring Samba as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
• Using Samba as a domain controller
• Configuring Samba to participate in network browsing
• Automating daily management tasks

Gerald Carter (M7, W7), a member of the Samba Team since 1998, is employed by VA Linux Systems. He is working with O'Reilly Publishing on a guide to LDAP for system administrators. He holds an M.S. in computer science from Auburn University, where he also served as a network and systems administrator. Gerald has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He is the lead author of Teach Yourself Samba in 24 Hours (Sams Publishing).

W8 Computer Crime: Investigating Computer-Based Evidence NEW
Steve Romig, Ohio State University

Who should attend: People who investigate computer crimes who have some familiarity with systems or network administration and a basic understanding of what the Internet is and what people commonly use it for. This tutorial picks up where Tutorial T8, "Forensic Computer Investigations: Principles and Procedures," leaves off.

We will see where to find evidence in a wide variety of sources, including various flavors of UNIX, Windows, NT, and such network devices as routers and switches. Specific and detailed case studies will show how to safely recover and preserve this evidence. Real-life examples will be used to illustrate the application of the principles and suggested procedures from the introductory tutorial.

Finally, we will demonstrate how to correlate evidence from different sources to build a coherent and robust reconstruction of events that comprises the "crime scene."

Topics include:

• Review of basic issues, procedures
• Big picture: where the evidence is
• Host-based investigations
  • Memory, swap
  • Processes
  • Network activity
  • Files and file systems
• UNIX- and NT-specific examples
• Network-based investigations
  • Host-based network service logs
  • Network activity logs
  • Authentication logs
  • Telco logs, including pen registers, phone traces, and caller ID
• Specific examples from a variety of network devices
• Tool demonstrations (may be interleaved with previous material)
• Tying it all together

Steve Romig (T8, W8) is in charge of the Ohio State University Incident Response Team and is working with a group of Central Ohio businesses to improve Internet security practices. Steve has also worked as lead UNIX system administrator at one site with 40,000 users and 12 hosts and another with 3,000 users and over 500 hosts. Steve received his B.S. in mathematics (computer science track) from Carnegie Mellon University.

W9 Solaris Internals: Architecture, Tips, and Tidbits
Richard McDougall and James Mauro, Sun Microsystems, Inc.

Who should attend: Software engineers, application architects and developers, kernel developers, device driver writers, system administrators, performance analysts, capacity planners, Solaris users who wish to know more about the system they're using and the information available from bundled and unbundled tools, and anyone interested in operating system internals.

The installed base of Solaris systems being used for various commercial data-processing applications across all market segments and scientific computing applications has grown dramatically over the last several years, and it continues to grow. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system works is required in order to design and develop applications that take maximum advantage of the various features of the operating system, to understand the data made available via bundled system utilities, and to optimally configure and tune a Solaris system for a particular application or load.

Topics include the major components of the Solaris 8 kernel. We discuss significant differences between Solaris 8 and the previous volume release (Solaris 2.6). We discuss in detail the kernel system services facilities, such as system calls, traps and interrupts, system clocks and synchronization primitives. We discuss the 64-bit kernel, loadable kernel modules, and the runtime linker. We examine the multi-threaded process model, the threads implementation, and thread scheduling at the library and kernel level. Interprocess communication, including Solaris Doors, is also covered. The kernel's virtual memory implementation, file system, and file support are also covered. Along the way, we use examples from bundled Solaris utilities (mpstat, vmstat, cpustat, etc.) and the kernel debugger (mdb) to illustrate points and provide examples.

After completing this course, participants will have a solid understanding of the internals of the major areas of the Solaris kernel that they will be able to apply to systems performance analysis, tuning, load/behavior analysis, and application development.

Richard McDougall (W9), an Established Engineer in the Performance Application Engineering Group at Sun Microsystems, focuses on large systems performance and architecture. He has over twelve years of experience in UNIX performance tuning, application/kernel development, and capacity planning. Richard is the author of many papers and tools for measurement, monitoring, tracing and sizing UNIX systems, including the memory-sizing methodology for Sun, the MemTool set for Solaris, the recent Priority Paging memory algorithms in Solaris, and many unbundled tools for Solaris, and is co-author of Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000).

James Mauro (W9) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. His current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim, co-author ed Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000) and writes the monthly "Inside Solaris" column for UNIX Insider.

W10 Panning for Gold: What System Logs Tell You About Your Network Security NEW
Tina Bird, Counterpane Internet Security

Who should attend: System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Participants should be familiar with the UNIX operating system and basic network security, although some review is provided.

The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems.

Every device on your network--routers, servers, firewalls, application software--spits out millions of lines of audit information a day. Hidden within the data that indicates normal day-to-day operation (and known problems) are the first clues that an attacker is starting to probe and penetrate your network. If you can sift through the audit data and find those clues, you can learn a lot about your present state of security and maybe even catch attackers in the act.

Topics include:

• The extent of the audit problem: how much data are you generating every day, and how useful is it?
• Logfile content
• Logfile generation: syslog and its relatives
• Log management: centralization, parsing, and storage
• Log analysis: methods for reconstruction of an attack

This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.

Tina Bird (W10) is a network security architect at Counterpane Internet Security. She has implemented and managed a variety of wide-area-network security technologies and has developed, implemented, and enforced corporate IS security policies. She is the moderator of the VPN mailing list and the owner of "VPN Resources on the World Wide Web." Tina has a B.S. in physics from Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.