TRAINING
Overview |
By day: Sunday, Monday, Tuesday |
By Instructor | All in One File
S1 Implementing LDAP Directories NEW
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.5:00 p.m., Sunrise Room, Meeting House
Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.
System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.
Topics include:
- Replacing NIS domains
- Integrating Samba user accounts
- Authenticating RADIUS clients
- Integrating MTAs such as Sendmail, Qmail, or Postfix
- Creating address books for mail clients
- Managing user access to HTTP and FTP services
- Storing DNS zone information
- Managing printer information
Gerald Carter (S1, M3) has been a member of the SAMBA Team since 1998. He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
S2 Advanced Topics in DNS Administration
Jim Reid, Consultant
9:00 a.m.5:00 p.m., Crescent Room
Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience
of running a name server and be familiar with DNS jargon for resource records,
as well as the syntax of zone files and named.conf.
This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"
Topics include:
- The BIND9 logging subsystem
- Getting the most from the name server's logs
- Managing the name server with rndc
- Configuring split DNS: internal and external versions of a domain
- Using the views mechanism of BIND9 to implement split DNS
- Setting up an internal root server
- Securing the name server
- Running it chroot()
- Using access control lists
- Preventing unwanted access
- Dynamic DNS (DDNS)
- Dynamic updates with nsupdate
- IPv6
- Resolving and answering queries with IPv6
- Setting up A6/DNAME chains and AAAA records to resolve IPv6 addresses
- The Lightweight Resolver Daemon, lwresd
- Secure DNS (DNSSEC)
- Using Transaction Signatures (TSIG)
- How to sign zones with dnssec-keygen and dnssec-signzone
Jim Reid (S2), started using a PDP11/45 running V7 UNIX 21 years ago and has been working with UNIX systems ever since. He worked for three years at Origin on behalf of Philips Electronics, where he wrote a DNS management system and designed, built, and ran the DNS infrastructure for the corporate network, one of the biggest in the world. He has over a decade's experience in writing and teaching training courses ranging from kernel internals, through system administration and network security, to DNS administration. He's a frequent speaker at conferences and workshops in Europe and the U.S.
S3 Seven Habits of the Highly Effective System Administrator
NEW
Mike Ciavarella, University of Melbourne, Australia; Lee Damon, University of Washington
9:00 a.m.5:00 p.m., Hampton Room
Who should attend: Administrators who wish they could finish their work faster, get it right the first time, be granted more hours in their week, or increase their job satisfaction and confidence.
We will focus on enabling the
junior system administrator to "do it right the first time."
We aim to accelerate the experience curve for junior system
administrators by teaching them the time-honored tricks and
effective coping strategies that experienced administrators take
for granted and which are necessary for successful growth of both
the administrator and the site.
Some topics will be UNIX-specific, but much of it will be OS-neutral.
The theories translate, even if the specific tools mentioned don't.
Topics include:
- Tools you should use
- Tools you should avoid
- How to approach security
- Why syncronicity is important
- Root passwords: what not to do
- Rethinking your backup strategy
- Policies: the good, the bad, and the ugly
- Training, mentoring, planning for personal growth
- Ethical issues
- Site planning
- Budgeting
- Statistics
- Books for you/books for your users
Mike Ciavarella (S3, M9, M11) has been producing and editing technical
documentation since he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past four years. Mike has an Honours Degree in
Science from the University of Melbourne and is currently
a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's
Security Practice. In his spare time, Mike is a caffeine addict and
photographer.
Lee Damon (S3) has been a UNIX systems administrator since 1985 and
has been active in SAGE
since its inception. He assisted in developing a mixed AIX/SunOS environment
at IBM Watson Research and has developed mixed environments for Gulfstream
Aerospace and QUALCOMM. He is currently leading the development effort
for the Nikola project at the University of Washington Electrical Engineering
department. He is a member of the SAGE Ethics Working Group and was one of
the commentators on the SAGE Ethics document. He has championed awareness of
Ethics in the systems administration community, including writing it into
policy documents. Lee holds a B.S. in Speech Communication from Oregon State University.
S4 Solaris Internals & Architecture: Performance and Resource Management NEW
Richard McDougall and James Mauro, Sun Microsystems
9:00 a.m.5:00 p.m., Sheffield Room
Who should attend: System administrators, performance analysts, application architects,
database administrators, software developers, and capacity planners.
Anyone interested in the organization and structure of the
Solaris kernel and in how to apply that knowledge to the use of
performance tools and resource controls.
The installed base of Solaris systems for
commercial data processing
and scientific computing applications has grown dramatically over
the last several years, and it continues to grow. The Solaris operating
system has matured significantly, with major changes from the UNIX SVR4 source base on which the
early system was built. An understanding of how the system is
organized is required in order to design and develop applications
that take maximum advantage of the various features of the operating
system, understand the data made available via bundled system
utilities, and optimally configure and tune a Solaris system for
a particular application or load.
Topics include:
- The virtual memory system
- The virtual file system
- The multi-threaded process model
- The kernel dispatcher
- Scheduling classes
- File system implementation
- Resource control
- Management facilities
As each topic is discussed, we cover the performance and observability
aspects, including relevant bundled commands and utilities and the
interpretation of the data they present.
This course is based on Solaris 8 and Solaris 9, but
has applicability to earlier releases. Networking (TCP/IP, STREAMS)
facilities and performance are not covered.
Richard McDougall (S4) is an established engineer in the Performance Application
Engineering group at Sun Microsystems, where he focuses on large systems
performance and architecture. He has over twelve years of performance tuning,
application/kernel development and capacity planning experience on many
different flavours of UNIX. Richard has written a wide range of papers and
tools for measurement, monitoring, tracing, and sizing UNIX systems,
including the memory sizing methodology for Sun, the set of tools known as
"MemTool" to allow fine-grained instrumentation of memory for Solaris, the
recent "Priority Paging" memory algorithms in Solaris, and many of the
unbundled tools for Solaris.
Richard, with Jim Mauro, wrote Solaris Internals: Architecture Tips and
Techniques (Sun Microsystems Press/Prentice Hall) and are currently collaborating on an update of the book for Solaris 8, as well as volume II.
James Mauro (S4) is a Senior Staff Engineer in the Performance and
Availability Engineering group at Sun Microsystems. Jim's
current projects are focused on quantifying and improving
enterprise platform availability, including minimizing recovery
times for data services and Solaris. Jim co-developed a framework
for system availability measurement and benchmarking and is
working on implementing this framework within Sun.
S5 Architecting a Secure Infrastructure: From Networking Through Applications NEW
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.5:00 p.m., Royal Palm Salon 1/2
Who should attend: Network and system administrators who will be
responsible for creating and implementing security
infrastructure. Participants should have an understanding of the
fundamentals of networking, basic familiarity with computing and network
components, and some familiarity with UNIX and scripting languages.
This tutorial will describe how to create a
baseline for policy and how to build that into a secure
infrastructure. It will include case studies from several different types
of business needs: commercial, government, university, and ISP. The
emphasis will be on understanding what drives businesses, practical
application of Infrastructure components, and case studies.
Participants should expect to leave the tutorial with the information
needed to begin identifying drivers and techniques to create effective
policies. In addition, participants should expect to leave the tutorial
with the information needed to begin creating a secure infrastructure.
Topics include:
- Writing effective policies
- Setting standards
- Implementing procedures
- Security concepts (AAA, encryption)
- Security approaches
- Security technologies
- Drivers of business
- Infrastructure
- Firewalls
- Networks
- Servers
- Operating systems
- Web infrastructure
- Securing applications
- Reviewing new technologies
- XML
- Middleware messaging
- Portals
- VOIP
- Entitlement
- IDS
- Logging
- Privacy
- Approaches to outsourcing/out-tasking
Steve Acheson (S5) is currently a Information Security Architect at Cisco
Systems, where he is a senior member of the Corporate Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Steve managed security for
NASA's Numerical Aerospace Simulations facility at Ames Research
Center. He has worked in the field as a system administrator,
network engineer, and security analyst for over 15 years.
Laura Kuiper (S5) is currently a Computer Security Architect at Cisco
Systems, where she is a senior member of the Computer Information
Security Department, responsible for network and system security,
including designing internal security architecture and external/firewall
access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a
network engineer and security analyst for over 9 years.
S6 Intrusion Detection and Prevention Systems NEW
Marcus Ranum, Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 3/4
Who should attend: Network or security managers responsible for an IDS roll-out, security auditors interested in assessing IDS capabilities, and security managers involved in IDS product selection.
This workshop covers the real-world issues you'll encounter as part
of doing an intrusion detection roll-out or product selection.
There's a lot of hype surrounding Intrusion Detection Systems (IDS)
and Intrusion Prevention Systems (IPS)--what works, and what
doesn't? How do they work? Attendees will learn the advantages and disadvantages of popular approaches to IDS. Deploying
an IDS is only the beginning, many users find, as they have to deal
with false positives and noise. We'll discuss these issues as well
as where to deploy IDSes, how to test them, how to build out-of-band
IDS management networks, and how they interact with switches,
routers, and firewalls.
Topics include:
- Technologies
- IDS and IPS: what they are and how they work
- Burglar alarms and honeypots: low-rent IDS
- Misuse detection and anomaly detection
- False positives, noise, and false alarms
- Does freeware stack up to the commercial products?
- Deployment issues
- Where to place IDS within the network
- Alert tuning: what it is and how it works
- How to estimate the size of an IDS deployment
- How to size and design a logging/management architecture
- Tools and tricks for logging and event correlation
- A typical IDS roll-out
- How to test an IDS for correct function
- IDS benchmarks: bogus and bogusest
- Management issues
- How to justify the expenditures on an IDS to management
- Cyclical maintenance
- Alert management procedures
Marcus J. Ranum (S6, M6) is a world-renowned expert
on security system design and implementation. He is recognized as
the inventor of the proxy firewall and the implementor of the
first commercial firewall product. Since the late 1980s, he has
designed a number of ground-breaking security products, including
the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and
Network Flight Recorder's intrusion detection system. He has
been involved in every level of operations of a security product
business, from developer to founder and CEO of NFR. Marcus has
served as a consultant to many FORTUNE 500 firms and national
governments, as well as serving as a guest lecturer and instructor
at numerous high-tech conferences. He holds both the TISC "Clue" award and the ISSA Hall of Fame award.
S7 Mac OS X System Administration NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 5/6
Who should attend: System administrators who are or will be responsible for
managing Mac OS X systems or are merely curious about it. A
modest background in UNIX system administration is assumed,
including familiarity with basic operating system concepts,
configuring and managing network services, and host and network
security.
Mac OS X is the advanced, BSD-based operating system from
Apple. While many of the technologies are familiar,
some aspects of this new OS make working with it
quite a bit different from other UNIX systems you've managed.
This tutorial presents an overview of the design of Mac OS X
and takes a practical approach to the administrative
aspects of the system. By the end of the course, you'll be
familiar with the fundamentals of the operating system and
have a grab-bag of time-saving tips. These will give you a
quick boost in administering Mac OS X.
Topics include:
- Operating system components
- Management applications
- Boot sequence
- Filesystem issues
- Software installation
- Account management
- Directory and authentication services
- Networking
- File sharing
- Print services
- Web and mail services
- Security issues
- Setup tasks
Leon Towns-von Stauber (S7, M8) started using UNIX systems in 1990 and
has been administering them professionally for the last nine
years in service provider, corporate, and educational
environments. Although he's worked extensively with Solaris,
Linux, HP-UX, AIX, and too many other flavors of UNIX, the
purchase of a NeXT workstation in 1991 introduced him to the
operating system lineage that he would follow from NeXTstep
through to Mac OS X today. Currently he is working on books
for O'Reilly & Associates on Mac OS X security and system
administration.
S8 Using IPsec NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.12:30 p.m., Pacific Salon 1
Who should attend: System and network administrators responsible for network security.
Participants should be familiar with basic networking, including a general
understanding of TCP/IP and experience with network design and system
administration. Work with IPsec is not assumed, nor is expertise in a
particular operating system necessary.
Networks are a traditionally hostile medium, with packet sniffers,
eavesdroppers, man-in-the-middle and replay attacks, and other
ne'er-do-wells working hard to intercept, read, and modify
your traffic. And that's just on your LAN! Enter IPsec. This tutorial
addresses what IPsec is, how it works, and how to use it to
mitigate the afore-mentioned risks, and more. Participants will gain a strong understanding of IPsec's internals, will learn
to recognize when IPsec is the appropriate solution, and will be able to use it
effectively to enhance their network's security.
Topics include:
- How IPsec works: tunnels, transports, encryption and authentication
- Using X.509 certificates and the Internet Keying Exchange (IKE) to automate connection management
- IPsec's strengths and weaknesses
- Debugging connections
- Taking advantage of Linux's opportunistic encryption
- Configuration walkthroughs for Linux, FreeBSD and NetBSD, OpenBSD, Windows 2000, and/or Cisco IOS (depending on audience needs)
Mike DeGraw-Bertsch (S8, M7) has been working with FreeBSD for ten years, and
has been active in security for the last five years. He has written
articles for the O'Reilly Network and SysAdmin Magazine and is writing
UNIX Systems and Network Security for Springer-Verlag. Mike
is a security and networking consultant and spends
his free time as an ice hockey goalie.
S9 Enterprise Log Analysis: Tips, Tricks, and Techniques
NEW
Sweth Chandramouli, Idiopathic Systems Consulting
9:00 a.m.12:30 p.m., Pacific Salon 2
Who should attend: Intermediate to advanced systems, network, and
security administrators with responsibility for analysis of large
or complex amounts of log data. Familiarity with either or both
of UNIX syslog and Windows EventLog is assumed.
This tutorial will provide an overview of advanced
log analysis techniques, with a focus on learning how to recognize
the types of data for which different techniques are appropriate,
rather than on application-specific implementations of those
techniques.
Topics include:
- Positive and negative filtering
- Graphical and algorithmic outlier analysis
- Historical analysis
- Procedural correlation
- Object classification analysis
- Event distillation/reduction
Sweth Chandramouli (S9) is the Founder and President of
Idiopathic Systems Consulting, providing information security, UNIX and
network systems design and implementation, and data analysis services
for a client base ranging from sole proprietorships to Fortune 100
companies to the US government. He has previously served as CTO for
Homeland Security (Justice Programs) at Lockheed Martin Information
Technology, and as Director of Systems Architecture for ServerVault,
Inc.
Sweth has an extensive background in the field of Log Analysis,
including the development of log analysis tools for companies such as
Counterpane Internet Security and agencies such as the US DHS Bureau of
Immigration and Customs Enforcement. He is also an active contributor
to the loganalysis mailing list, and has written about the topic
extensively.
S10 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.12:30 p.m., Pacific Salon 3
Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs. Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems. The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did. In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i." Topics include: - Inside the regex engine
- Regular expressions are programs
- Backtracking
- NFA vs. DFA
- POSIX and Perl
- Quantifiers
- Greed and anti-greed
- Anchors and assertions
- Backreferences
- Disasters and optimizations
- Where machines come from
- Disaster examples
- Tokenizing
- New optimizations
- Matching strings with balanced parentheses
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
S11 Veritas Volume Manager:
Beyond the GUI NEW
Douglas Hughes, Global Crossing
1:30 p.m.5:30 p.m., Pacific Salon 1
Who should attend: Those who wish to learn how to effectively
make use of the copious command line capabilities of Veritas Volume
Managerm and how VxVM integrates with system startup
scripts. Some familiarity with how VxVM works at a high level is helpful.
Intermediate to advanced users may find the mid to end parts of the course
most interesting. Beginners will receive a short introduction to volume
manager terminology. There should be something for everybody.
Topics include:
- Fundamentals of terminology and volume components (volume, plex, subdisk)
(a short comparison with disksuite and LVM)
- Creating volumes
- Workhorse tools (vxassist, vxresize, vxsd, vxedit, vxmake)
- Performance tuning (vxstat, vxtrace)
- How it works at bootup
- Recovery and maintenance
- What the daemons do
- Disk and volume management (to encapsulate or not, capacity planning, naming)
- Dynamic multi-pathing
Not covered:
- Specifics of integration with hardware vendors
Doug Hughes (S11) is a founding member of and frequent contributor to the veritas-vx
and ssa-managers mailing lists. He has been using Veritas Volume Manager
since the mid 1990s. He is also the keeper of one of the tips and
tricks Web pages for Veritas and related storage technologies
(https://www.will.to/vxstuff). Doug has a B.E. in Computer Engineering
from Pennsylvania State University and currently works for a large
multinational telecommunications company.
S12 Combating Spam Using SpamAssasin, MIMEDefang, and Perl NEW
David Skoll, Roaring Penguin Software
1:30 p.m.5:30 p.m., Pacific Salon 2
Who should attend: System administrators, network administrators, and
email administrators tackling the problem of spam in the enterprise.
Participants should have a basic familiarity with SMTP and Perl.
The course will feature a high-speed introduction to SpamAssassin on
UNIX/Linux and MIMEDefang and will describe concrete steps
administrators can take to reduce spam. It will then zero in on
MIMEDefang (created by David Skoll) and Sendmail. Participants will
have ample opportunity to ask about the application of MIMEDefang and
Perl modules in their particular environment.
Topics include:
- Introduction to mail filtering
- Why filter?
- What are we filtering?
- Where to filter: on server, or on client?
- Introduction to Sendmail's Milter API
- Introduction to MIMEDefang
- Writing MIMEDefang filters
- Advanced filter writing
- Information to use: HELO, relay address, envelope addresses, message content
- Receive-only addresses and bounces
- To bounce, or not to bounce?
- Attachment stripping
- Common spam techniques and how to fight them
- SpamAssassin integration
- Advanced topics
- Tuning MIMEDefang to handle huge loads
- Preserving relay information across a chain of MX hosts
- Recipient-verification on the final MX host before accepting mail
David Skoll (S12) is founder and president of Roaring Penguin Software,
Inc., a consulting firm focused on deploying intelligent computing
infrastructures for businesses of all sizes and incorporating Linux
into heterogeneous environments. Skoll is the developer of MIMEDefang,
the acclaimed open-source email inspection software, and creator of
RP-PPPoE, deployed across Linux servers and clients worldwide. He is
author of Caldera's OpenLinux Unleashed and frequently writes and
presents for the Linux and open source communities. More information
can be found at https://www.roaringpenguin.com.
S13 Perl Programming: Tricks of the Wizards UPDATED
Mark-Jason Dominus, Consultant and Author
1:30 p.m.5:30 p.m., Pacific Salon 3
Who should attend: Anyone who has a basic familiarity with Perl's
packages, references, modules, and objects, and wants to become a wizard.
This class will explore Perl's most unusual features. We'll look at
some of the standard modules written by famous wizards such as Tom
Christiansen, Damian Conway, and Larry Wall, and learn what they're
for and how they work.
Topics include:
- Perl's remarkable "glob" feature
- An assortment of uses of globs
- The much-used and mysterious Exporter module
- How to do globby magic with Perl 6, which won't have globs
- Unusual uses of the "tie" function, including:
- Hashes with case-insensitive keys
- Arrays that mirror the contents of a file
- Filehandles that suppress annoying output
- "AUTOLOAD," the Function of Last Resort
- The new "source filter" feature, which allows you to program in any language and translate to Perl at the last moment
- How to add a switch statement to Perl
- How to make Perl 5 emulate the variable syntax of Perl 6
- Last but not least: Nine useful enchantments that take only 30 seconds each
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
M1 LVS: Load Balancing and High Availability for Free NEW
Dustin Puryear, Windows, UNIX, and IT Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 1/2/3
Who should attend: Network administrators who need to ensure high performance and
availability of services such as Apache, MySQL, DB2, and even Windows
Terminal Services and who want to be able to tweak and tune a solution that is
open source, stable, and flexible. Participants should be familiar with
Linux and TCP/IP. Participants will leave this tutorial with a general understanding of load-balancing and high availability
services and how to implement those services using the open source Linux
Virtual Server (LVS).
Topics include:
- An overview of load-balancing and high availability
- How to configure LVS for different scenarios and goals
- Installing LVS on your Linux server; tweaking the Linux kernel for LVS
- Examples and considerations of LVS configuration for popular services
such as Apache (HTTP) and SSL, MySQL, and Windows Terminal Services.
- Configuring fail-over of LVS!
- Security considerations
- Troubleshooting
Dustin Puryear (M1) is a
consultant providing expertise in managing and integrating UNIX and Windows
systems and services, with a strong focus on open source, and is author of
Integrate Linux Solutions into Your Windows Network. As a consultant,
Dustin has worked on projects ranging from tuning and managing Linux and
FreeBSD high-availability web farms to developing custom management
software for qmail-based mail systems.
M2 System and Network Monitoring
John Sellens, Certainty Solutions
9:00 a.m.5:00 p.m., Windsor Room
Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.
Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.
Topics include:
- Monitoring: goals, techniques,
reporting
- SNMP: the protocol, reference
materials, relevant RFCs
- Introduction to SNMP MIBs (Management Information Bases)
- SNMP tools and libraries
- Other non-SNMP tools
- Security concerns when using SNMP and other tools on the network
- Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
- Special situations: remote locations, firewalls, etc.
- Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting
John Sellens (M2, T2) has been involved in system and network
administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
M3 Managing Samba 2.2 & 3.0 NEW
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.5:00 p.m., Hampton Room
Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.
Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see
"configuring/managing Samba servers" listed as a desired skill on many job descriptions for network administrators.
Topics include:
- Providing basic file and print services
- Upgrading Samba servers from version 2.2 to 3.0
- Integrating with Windows NT 4.0 and Active Directory authentication services
- Centrally managing printer drivers for Windows clients
- Managing NetBIOS network browsing
- Implementing a Samba primary domain controller along with Samba backup domain controllers
- Migrating from a Windows NT 4.0 domain to a Samba domain
- Utilizing account storage alternatives to smbpasswd (such as LDAP)
- Making use of Samba VFS modules for features such as virus scanning and a network recycle bin
Gerald Carter (S1, M3), has been a member of the SAMBA Team since 1998. He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
M4 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.5:00 p.m., Pacific Salon 2
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.
We'll examine the virtual memory system, the I/O system, and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.
Topics include:
- Performance tuning strategies
- Server tuning
- Filesystem and disk tuning
- Memory consumption and swap space
- System resource monitoring
- NFS issues
- Automounter and other tricks
- Network performance, design, and capacity planning
- Application tuning
- System resource usage
- Memory allocation
- Code profiling
- Job scheduling and queuing
- Real-time issues
- Managing response time
Marc Staveley (M4) works with Soma Networks, where he is applying his many
years of experience with UNIX development and administration in
leading their IT group. Previously Marc has been an independent
consultant and has also held positions at Sun Microsystems, NCR,
Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development,
multi-threaded programming, system administration, and performance
tuning.
M5 Hacking and Securing Web-Based Applications
David Rhoades, Maven Security Consulting
9:00 a.m.5:00 p.m., Royal Palm Salon 5/6
Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.
Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.
With numerous real-world examples, this course is based on fact and experience, not theory. The material applies to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.
Topics include:
- Information-gathering attacks: How hackers read between the lines
- User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
- User sign-off process: Are users really signed off?
- OS & Web server weaknesses: buffer overflows and default
material
- Encryption: Finding the weakest link
- Session tracking
- URL rewriting, basic authentication, and cookie: strengths and weaknesses
- Session cloning, IP hopping, and other subtle dangers
- A recipe for strong session IDs
- Authentication: server, session,
transactional
- Transaction-level issues
- Hidden form elements
- Unexpected user input
- GET vs. POST
- JavaScript filters
- Improper server logic
David Rhoades (M5, T6) is a principal consultant with Maven Security Consulting. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).
M6 Building Honey Pots for Intrusion Detection
Marcus Ranum, Consultant
9:00 a.m.5:00 p.m., Crescent Room
Who should attend: System and network managers with administrative
skills and a security background. The tutorial examples will be based on
UNIX/Linux and, while the materials may be of interest to a Windows/NT
administrator, attendees will benefit if they have at least basic UNIX
system administration skills.
This tutorial provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar-alarming networks. Students
completing this class will go away armed with the knowledge that will enable
them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.
Topics include:
- Introduction
- IDSes
- Fundamentals of burglar alarms
- Fundamentals of honey pots
- Fundamentals of log-data analysis
- Spoofing servers
- Overview of honey pot design
- Tools and techniques
- Services
- Port listeners
- Arpd and arp spoofing
- Honeyd: populating the world with fake systems
- LaBrea tarpit and tarpitting
- Spoofing server implementation walkthrough
- Multiway address/traffic manipulation
- Logging architecture: syslogs, XML logs, statistical processing
- Simple tricks for information visualization
- Management
- How to get help in analyzing attacks
- Keeping up to date
- Legal issues
- Entrapment
- Privacy
- Liability
Marcus J. Ranum (S6, M6) is a world-renowned expert
on security system design and implementation. He is recognized as
the inventor of the proxy firewall and the implementor of the
first commercial firewall product. Since the late 1980s, he has
designed a number of ground-breaking security products, including
the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and
Network Flight Recorder's intrusion detection system. He has
been involved in every level of operations of a security product
business, from developer to founder and CEO of NFR. Marcus has
served as a consultant to many FORTUNE 500 firms and national
governments, as well as serving as a guest lecturer and instructor
at numerous high-tech conferences. He holds both the TISC "Clue" award and the ISSA Hall of Fame award.
M7 Using FreeBSD's Advanced Security Features
NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.5:00 p.m., Royal Palm Salon 4
Who should attend: System administrators and managers responsible for securing IT assets whose
requirements have outgrown their existing infrastructure. Participants should
be familiar with basic system security, but expertise is not required. UNIX
administration experience is expected, but work with FreeBSD is not assumed. Participants will gain a general understanding of risk evaluation and threat
mitigation techniques and will learn how FreeBSD's security features work,
what they add and what they cost, and how to apply them.
With complex new threats, shrinking budgets, and smaller staffs, just keeping
up on today's security threats sometimes seems impossible. Enter FreeBSD,
a widely distributed, secure, and free derivative of BSD UNIX with powerful
new functionality from the TrustedBSD project, including filesystem firewalls
and Access Control Lists.
This tutorial addresses the risks companies face, discusses how to
evaluate and lessen those risks, and shows how to use FreeBSD's new--and
sometimes not so new--features to create cost-effective, secure computing
environments. It also delves into FreeBSD's new functionality, looking at
the security that's been added and the associated performance and ease-of-use costs.
Topics include:
- Assessing risks
- How TrustedBSD addresses the common criteria for IT security evaluation
- Using FreeBSD's ports system to easily keep up with patches and security releases
- Jails and virtual machines
- Filesystem and IP firewalls
- Mandatory access controls and discretionary access controls
- Pluggable Authentication Modules (PAM) and One-Time Passwords In Everything (OPIE)
- Configuration walkthroughs for a secure:
- Firewall
- Log host
- Combination mail server, file server, and Kerberos server
- Client
Mike DeGraw-Bertsch (S8, M7) has been working with FreeBSD for ten years, and
has been active in security for the last five years. He has written
articles for the O'Reilly Network and SysAdmin Magazine and is writing
UNIX Systems and Network Security for Springer-Verlag. Mike
is a security and networking consultant and spends
his free time as an ice hockey goalie.
M8 Mac OS X Security NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.12:30 p.m., Pacific Salon 1
Who should attend: Security and system administrators who are or will be
responsible for managing Mac OS X systems. A modest background
in TCP/IP networking and UNIX system administration is assumed.
Although Mac OS X is largely based on BSD UNIX, the elements that
make it unique lead to a host of new security considerations
and opportunities. This tutorial examines Mac OS X security
from a practical perspective. By the end of the course, you'll
be familiar with the technologies available to help you secure
your systems and will be well on your way to taking full advantage
of them.
Topics include:
- Security out of the box
- Directory and authentication services
- Privileged access
- The Security Framework
- Network security
- Setup tasks
Leon Towns-von Stauber (S7, M8) started using UNIX systems in 1990 and
has been administering them professionally for the last nine
years in service provider, corporate, and educational
environments. Although he's worked extensively with Solaris,
Linux, HP-UX, AIX, and too many other flavors of UNIX, the
purchase of a NeXT workstation in 1991 introduced him to the
operating system lineage that he would follow from NeXTstep
through to Mac OS X today. Currently he is working on books
for O'Reilly & Associates on Mac OS X security and system
administration.
M9 Advanced Shell Programming
Mike Ciavarella, Cybersource Pty Ltd
9:00 a.m.12:30 p.m., Sheffield Room
Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).
The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.
Topics include:
- Common mistakes and unsafe practices
- Modular shell script programming
- Building blocks: awk, sed, etc.
- Writing secure shell scripts
- Performance tuning
- Choosing the right utilities for the job
- Addressing portability at the design stage<
LI>When not to use shell scripts
Mike Ciavarella (S3, M9, M11) has been producing and editing technical
documentation since he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past four years. Mike has an Honours Degree in
Science from the University of Melbourne and is currently
a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's
Security Practice. In his spare time, Mike is a caffeine addict and
photographer.
M10 Perl Program Repair Shop and Red Flags
Mark-Jason Dominus, Consultant and Author
9:00 a.m.12:30 p.m., Pacific Salon 3
Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months'
experience programming in Perl.
You've probably been working too hard when you program,
writing twenty lines of code when you only needed ten. But there is a
better way, and I will show it to you. You'll learn how to improve
your own code and the code of others, making it cleaner, more
readable, more reusable, and more efficient, while at the same time
making it 30-50% smaller. Smaller code contains fewer bugs and takes
less time to maintain.
We will examine several real code examples in detail and see how to
improve them. We'll focus on red flags--warning
signs in your code that are plainly visible once you know what to look
for--and on techniques that require little complex thought or
ingenuity. All the bad code in this class is guaranteed 100% genuine
and typical.
Participants are encouraged to submit their own code for anonymous
review in the class. (Send it to
mjd-lisa-2003+@plover.com.) Class
content varies depending on submissions, but is sure to include some
of the topics listed below.
Topics include:
- Families of variables
- Making relationships explicit
- Refactoring
- Programming by convention
- The Flesh Blanket
- Conciseness
- Why you should avoid the "." operator
- Elimination of global variables
- Superstition
- The "use strict" zombies
- Repressed subconscious urges
- The cardinal rule of computer programming
- The psychology of repeated code
- Techniques for eliminating repeated code
- What can go wrong with "if" and "else"
- The Condition That Ate Michigan
- Resisting "Holy Doctrine"
- Trying it both ways
- Structural vs. functional code
- Elimination of structure
- Boolean values
- Programs that take two steps forward and one step back
- Programs that are 10% backslashes
- 'print print print print print '
- C-style "for" loops
- Loop counter variables
- Array length variables
- Unnecessary shell calls
- How (and why) to let "undef" be the special value
- Confusion of internal and external representations of data
- Tool use
- Elimination of repeated code with higher-order functions
- Learning to use a hammer
- The "swswsw" problem
- Avoiding special cases
- Using uniform data representations
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
M11 Documentation Techniques for SysAdmins
Mike Ciavarella, Cybersource Pty Ltd
1:30 p.m.5:30 p.m., Pacific Salon 1
Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Topics include:
- Why system administrators need to document
- The document life cycle
- Targeting your audience
- An adaptable document framework
- Common mistakes
- Tools to assist the documentation process
Mike Ciavarella (S3, M9, M11) has been producing and editing technical
documentation since he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past four years. Mike has an Honours Degree in
Science from the University of Melbourne and is currently
a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's
Security Practice. In his spare time, Mike is a caffeine addict and
photographer.
M12 Introduction to Host Configuration and Maintenance with Cfengine NEW
Mark Burgess, Oslo University College
1:30 p.m.5:30 p.m., Sheffield Room
Who should attend: System administrators with a minimal
knowledge of a scripting language who wish to start using cfengine to
automate the maintenance and security of their systems. UNIX
administrators will be most at home in this tutorial, but cfengine can
also be used on Windows 2000 and above.
Cfengine is a tool for setting up and maintaining a configuration
across a network of hosts. It is sometimes called a tool for "Computer
Immunology"--your computer's own immune system. You can think of
cfengine as a very high level language, much higher-level than Perl
or shell, together with a smart agent. The idea behind cfengine is to
create a single "policy" or set of configuration files that describes
the setup of every host on your network, without sacrificing their
autonomy.
Cfengine runs on every host and makes sure that it is in a
policy-conformant state; if necessary, any deviations from policy
rules are fixed automatically. Unlike tools such as rdist, cfengine does
not require hosts to open themselves to any central authority, nor to
subscribe to a fixed image of files. It is a modern tool, supporting
state-of-the-art encryption and IPv6 transport, that can handle
distribution and customization of system resources in huge networks
(tens of thousands of hosts). Cfengine runs on hundreds of thousands
of computers all over the world.
Topics include:
- The components of cfengine and how they are used
- How to get the system running
- How to develop a suitable policy, step by step
- Security
- Examples
- How to customize cfengine for special tasks
Mark Burgess (M12) is a professor at Oslo University College and is the
author of cfengine. He has been researching the principles of network
and system administration for over ten years and is the author
of Principles of Network and System Administration (John Wiley & Sons).
He is frequently invited to speak at conferences.
M13 Perl Programming: Making Programs Faster (Benchmarking, Profiling, and Performance Tuning) NEW
Mark-Jason Dominus, Consultant and Author
1:30 p.m.5:30 p.m., Pacific Salon 3
Who should attend: Students should have at least six months' experience programming in Perl.
Almost every application must be made to run faster; some sooner, some
later. Performance tuning of applications has long been a dark art,
understood by few and riddled with terrible pitfalls. Stories abound
of optimization projects that took weeks but yielded a pathetic 2%
decrease in total run time. Don't let this happen to you.
Throughout, the class will emphasize both high- and low-level
approaches to performance tuning: when to tune and when to try
something different; if tuning is necessary, how to focus your efforts
where they will do the most good. We'll learn how to rationally
evaluate programming situations and when to try alternative
approaches.
Topics include:
- The basic concepts of performance tuning
- Modules for benchmarking and profiling
- Common blunders even experts commit
- Especially important optimizations
Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.
Tuesday, October 28, 2003
|
T1 Advanced Topics in System Administration and Security
Trent Hein and Ned McClain, Applied Trust
9:00 a.m.5:00 p.m., Windsor Room
Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner.
This tutorial covers six topics of critical importance to all system administrators and power users.
Topics include:
- Digital forensics tools and techniques: Investigating computer security incidents has become a necessary skill for all system administrators. We'll discuss the secrets of digital forensics, including how to find out what happened without destroying possible evidence. This section will highlight several incident investigation tools and give examples of their use in real-life scenarios.
- Linux kernel tuning: As Linux's popularity in production environments increases, the need for knowledge on tuning a Linux kernel becomes ever so important. Whether it's performance, security, or functionality you're looking to cajole your system into, we'll give you the what to's and the how to's, and even the what you can'ts of this rare art.
- Handling digital forensic evidence: Information collected from a digital crime scene must be handled according to a strict set of rules. We'll talk about what you should do with log files, filesystems, and other digital evidence that might be used in court. This section will get you comfortable with all aspects
of evidence handling, from secure evidence collection to the chain of custody.
- Stateful firewalls: Keeping up with the latest security technology can be a challenge, but it is essential to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering using iptables.
- Network intrusion detection systems: New NIDS products are appearing every day. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. Leave this section with the information you need to select and implement a NIDS solution that's right for you.
- Performance crisis case studies #3: Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you might someday face. This is a great way
to gain practical knowledge in the performance arena.
Trent Hein (T1) is co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.
Ned McClain (T1), co-founder and CTO of Applied Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author
to both the UNIX System Administration Handbook and the Linux Administration Handbook.
T2 System and Network Monitoring: Tools in Depth NEW
John Sellens, Certainty Solutions
9:00 a.m.5:00 p.m., Pacific Salon 2
Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.
This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular
and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca. It will build on the background provided by the introductory "System and Network Monitoring" tutorial, so participants should be familiar with the topics covered in that tutorial.
Participants should expect to leave
the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.
Topics include for Nagios, Cricket, MRTG, and Orca:
- Installation
- Configuration, options, how to manage larger and non-trivial configurations
- Reporting and notifications, proactive and reactive
- Special cases: interesting problems
- How to write scripts or programs to extend functionality
- Dealing effectively with network boundaries and remote sites
- Security concerns, access control
- Ongoing operations
John Sellens (M2, T2) has been involved in system and network
administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
T3 WiFi Security: The Trials and Tribulations of Designing, Deploying, and Using WiFi Networks Securely NEW
William A. Arbaugh, University of Maryland, College Park
9:00 a.m.5:00 p.m., Royal Palm Salon 1/2/3
Who should attend: Designers, administrators, and power users of WiFi networks who need to design, deploy, and/or operate a WiFi network. Previous experience with or knowledge of wireless networking is helpful but not required.
This tutorial will present the security problems with current and legacy WiFi equipment, and then explain the more recent and proposed standard changes designed to mitigate and in some cases eliminate those problems, e.g., WiFi Protected Access (WPA) and Robust Security Network (RSN). Following the explanations, a detailed design example will be presented and the participants will be shown how to design, deploy, and test wireless architectures using legacy, WPA, and RSN equipment.
Finally, participants will be shown how to build and test an architecture using open source software.
Topics include:
- Known attacks against legacy WiFi equipment and the open source tools used for the attacks
- WiFi Protected Access and RSN: what are the changes, and what do they mean?
- Designing a secure WiFi network
- Deploying a secure WiFi network using open source tools
- Testing your WiFi network using open source tools
William Arbaugh (T3) has spent over 15 years performing security research and engineering. Arbaugh and his students were among the first to identify security flaws in the IEEE 802.11 standard, as well as several proposed fixes to the standard. He and his students are actively involved in the IEEE and the IETF standards processes, doing their best to ensure that future standards are more robust. He and Jon Edney are the authors of a forthcoming book (Addison-Wesley, Fall 2003) entitled Wi-Fi Protected Access: Wireless Security and 802.11.
T4 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies
9:00 a.m.5:00 p.m., Pacific Salon 1
Who should attend: UNIX administrators who need more knowledge of Solaris administration.
This course covers a variety of topics that are of importance to
Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 9 features and functions.
Topics include:
- Installing and upgrading
- Architecting your facility
- Choosing appropriate hardware
- Planning your installation, filesystem layout, post-installation steps
- Installing (and removing) patches and packages
- Advanced features of Solaris 2
- Filesystems and their uses
- The /proc filesystem and commands
- Useful tips and techniques
- Networking and the kernel
- Virtual IP: configuration and uses
- Kernel and performance tuning: new features, adding devices, tuning, debugging commands
- Devices: naming conventions, drivers, gotchas
- Enhancing Solaris
- High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
- Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
- Tools: useful free tools, tool use strategies
- Security: locking down Solaris, system modifications, tools, SunScreen
- Resources and references
Peter Baer Galvin (T4) is the Chief Technologist for Corporate Technologies and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a contributing editor for SysAdmin Magazine, and is coauthor of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
T5 Deploying and Debugging DHCP NEW
George Neville-Neil, Nominum
9:00 a.m.5:00 p.m., Royal Palm Salon 4
Who should attend: System administrators and other IT professionals involved in
deploying the DHCP protocol. Participants should already have
experience working with and managing TCP/IP networks. After completing this tutorial, participants will be well versed in
the language and internals of DHCP and will be able to deploy and debug the
protocol in a variety of environments, from SOHO to large institutions.
This tutorial covers deploying DHCP and debugging common problems observed in day-to-day operation. Packet traces, drawn from a
production network, are used throughout the course to illustrate
particular points.
Topics include:
- Deployment
- Debugging tools and strategies
- Protocol internals
- Working with DNS
- Relay agents
- Providing for legacy (BOOTP) clients
- Working with failover
George Neville-Neil (T5) is a Senior Software Engineer on the Nominum DCS
product, a high-performance DHCP server targeted at the enterprise
market. He has taught courses on DHCP, as well as other networking
subjects, for USENIX, APRICOT, and others. He is a member of the
ACM Queue editorial advisory board and is the author of
several articles. He has a B.Sc. in Computer Science from Northeastern
University in Boston. His computing interests include network
protocols, operating systems, and embedded systems.
T6 Network Security Assessments Workshop NEW
David Rhoades, Maven Security
9:00 a.m.5:00 p.m., Crescent Room
Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.
How do you test a network for security vulnerabilities? Just plug some IP
addresses into a network-scanning tool and click SCAN, right? Not quite.
Numerous commercial and freeware tools assist in locating network-level
security vulnerabilities. However, these tools are fraught with dangers:
accidental denial-of-service, false positives, false negatives, and
long-winded reporting, to name but a few. Performing a security assessment (a.k.a.
vulnerability assessment or penetration test) against a network environment
requires preparation, the right tools, methodology, knowledge, and more.
Topics include:
- Preparation: What you need before you even begin
- Safety measures
- Architecture considerations: Where you scan from affects how you perform the assessment
- Inventory
- Tools of the trade
- Common pitfalls
- Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
- Research and development: What to do when existing tools don't suffice
- Documentation and audit trail
- How to compile useful reports
David Rhoades (M5, T6) is a principal consultant with Maven Security Consulting. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).
T7 Disaster Planning and Recovery: How to Keep Your Company (and Your Job) Alive
NEW
Evan Marcus, Veritas Software
9:00 a.m.5:00 p.m., Royal Palm Salon 5/6
Who should attend: Anyone responsible for their organization's data. Disaster planning is like insurance: nobody wants to talk about it, and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you did personal disaster planning.
After 9/11, the companies that survived were those that had disaster plans in place. This tutorial will show you
what you need to think about, what you need to plan for (and what you can safely avoid), and how you can put a plan into effect if (God forbid!) you ever need to use it.
We will explore the key aspects of developing a disaster recovery plan, including the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing cost and benefit. We will also take a close look at one organization that recovered completely very quickly after 9/11.
Topics include:
- What a DR plan should contain
- The costs of developing a DR plan
- Do you need a DR plan at all?
- The legal and civil liabilities of not having a plan
- Downtime and data loss as two sides of the same coin
- Four different methods for testing your DR plan
- DR as a subset of high availability
- Methods and technologies for protecting data through a disaster
- How disasters might affect the people who are responsible for recovery
- Building and staffing DR teams
- The role of senior management in DR
- Convincing management that a DR plan is necessary
- A real-life case study of a company that survived the 9/11 disaster
Evan Marcus (T7) is a Principal Engineer
and Data Availability Maven with VERITAS Software Corporation. Evan has more than 15 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of the new second edition of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2003). Evan also co-edited and contributed to The Resilient Enterprise, VERITAS Publishing's disaster recovery book.
T8 Next Generation Backup Systems
NEW
Jacob Farmer, Cambridge Computer Services
9:00 a.m.12:30 p.m., Sheffield Room
Who should attend: System administrators involved in the design and management of
backup systems and policymakers responsible for protecting their
organization's data. A general familiarity with server and storage
hardware is assumed. The class focuses on architectures and core
technologies and is relevant regardless of what backup hardware
and software you currently use. Students will leave this lecture with immediate ideas for effective,
inexpensive improvements to their backup systems. They will also
walk away with a model for defining their requirements and identifying
vulnerabilities.
Backup and restore is still the greatest point of pain in the data
center. After years of relatively little technology innovation,
a flurry of new technologies have arrrived on the scene. Many of these technologies are affordable
add-ons to existing backup systems. Others are point solutions that
work independently. This tutorial will set the new technologies into context and provide a framework for formulating
and fulfilling data protection policies.
Topics include:
- A model for defining backup/restore requirements
- Switching the focus from backup to restore
- Applying inexpensive SAN technology to existing backup systems
- Hybrid SAN/LAN backup systems
- Interfacing with third-party snapshots
- Real-time replication
- Block-level incremental backups
- Using disk in the backup system
- Disk-to-disk backup architectures
- Staging tape backups to disk
- Virtual tape systems
- Backing up email systems
- Bare metal restore
- Managing backup and restore for remote sites
- The latest tape drive hardware: LTO-2, S-AIT
Jacob Farmer (T8, T11) is the CTO of
Cambridge Computer Services, a specialized
integrator of backup systems and storage networks. He has over 15
years' experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking which is scheduled to be completed toward
the end of 2003.
T9 Time Management for System Administrators: Getting It All Done and Not Going (More) Crazy! NEW
Tom Limoncelli, Lumeta
9:00 a.m.12:30 p.m., Hampton Room
Who should attend: Sysadmins who want to improve their
time-management skills, who want to have more control over their time
and better follow-through on assignments. If you feel overloaded, miss
appointments, and forget deadlines and tasks, this class is for you.
Do any of these statements sound like you?
- I don't have enough time to get all my work done.
- I don't have control over my schedule
- I'm spending all my time mopping the floor; I don't have
time to fix the leaking pipe.
- My boss says I don't work hard enough, but I'm always working
my off!
Tom Limoncelli used to be a time-management disaster. He reformed
himself and offers his insights in this tutorial. Tom currently
has two job functions at an understaffed startup, chairs conferences,
writes books, maintains 4 personal Web sites, serves on the boards of
two nonprofits, and has a very full social life. Yet he keeps it
all together and has time for himself. If you think you don't have time to take this tutorial, you really
need to take this tutorial!
Topics include:
- Why typical "time management" books don't work for sysadmins
- How to delegate tasks effectively
- How to use RT and other request tracking tools
- A way to keep from ever forgetting a user's request
- Why "to do" lists fail and how to make them work
- Managing your boss
- Managing email more effectively with procmail
- Prioritizing tasks so that users think you're a genius
- Getting more out of your Palm Pilot
- Having more time for fun (for people with a social life)
- Tips on automating sysadmin processes
- Efficient phone calls: how to avoid major time wasters
- How to leave the office every day with a smile on your face
Tom Limoncelli (T9, T12) co-author of
The Practice of System and Network
Administration (Addison-Wesley), is Director of Network Operations
at Lumeta Corporation, where he is responsible for building and
scaling the network. A sysadmin and network wonk since 1987, he
has worked at Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
T10 Perl for System Administration: The Networking Power Hours, Part 1
David N. Blank-Edelman, Northeastern University CCS
9:00 a.m.12:30 p.m., Pacific Salon 3
Who should attend: System and
network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite).
After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.
Topics include:
- SNMP: The Simple Network Management Protocol isn't always so simple to use or understand, but it is ubiquitous. We'll learn how to use Perl to query and configure SNMP versions 1- and 3-capable devices such as switches, routers, and workstations.
- Packet play: It is not uncommon to have to sniff a network looking for specific packets (or sometimes even produce them yourself). Maybe you're debugging a network service or performing a penetration test. We'll look at both sniffing for specific packets and creating them
ourselves from Perl.
- Network monitoring and mapping: With SNMP and packet skills under our belt, we can begin to approach the hard topic of continuously monitoring a network and displaying the results. This module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already built to solve this problem.
David N. Blank-Edelman (T10, T13) is the Director of Technology at the
Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.
T11 iSCSI and IP Storage Networking
NEW
Jacob Farmer, Cambridge Computer Services
1:30 p.m.5:30 p.m., Sheffield Room
Who should attend: System administrators involved in the design and management of
storage and backup systems. A general familiarity with SCSI, storage
devices, and Ethernet switching is assumed. Experience with
storage area networks is helpful but not required. After completing this tutorial, students will know enough about the
various technologies to make purchasing decisions and to design
and configure IP and hybrid storage networks.
Storage area networks (SANs) have traditionally been built on fibre
channel, a relatively expensive and inflexible interface. In the
past two years, products have come to market that allow storage area
networks to leverage Ethernet for less expensive host
connections, for bridging remote SANs, and even for core switching.
In early 2003, the IETF ratified the iSCSI specification, ushering
in a new class of affordable SAN products that leverage your existing
Ethernet and IP infrastructure. This tutorial explains how to design
and configure storage area networks using various Ethernet and
IP-based technologies. In addition, it covers next-generation
file systems that can leverage an Ethernet SAN.
Topics include:
- A crash course on storage area networks
- The shortcomings of SCSI and the advent of fibre channel
- The shortcomings of fibre channel and the need for IP SANs
- iSCSI host connections: configuration options
- iSCSI targets: configuration and alternative architectures
- Three ways to mix iSCSI, fibre channel, and parallel SCSI
- Storage routers
- Storage virtualization
- Multi-protocol switches
- Bridging SANs with IP (FC-IP)
- Core switching with IP (iFCP and mFCP)
- High-performance, SAN-enabled file systems
Jacob Farmer (T8, T11) is the CTO of
Cambridge Computer Services, a specialized
integrator of backup systems and storage networks. He has over 15
years' experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking which is scheduled to be completed toward
the end of 2003.
T12 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Lumeta
1:30 p.m.5:30 p.m., Hampton Room
Who should attend: Sysadmins from environments where upgrading a
single large server, or hundreds of individual hosts, is common.
Although the focus will be on UNIX and IP networks, all sysadmins will benefit
from this tutorial. Examples include situations found both in
small and in large sites.
Imagine a project that involves renumbering the IP addresses on
thousands of hosts, none of which sees more than one interruption.
Imagine upgrading a large server that provides dozens of critical
services with confidence that it will be done on time and with all
services working. Imagine performing one or more changes on 1,000
individual hosts without fear that you've installed the same typo
on each. Imagine a tutorial that teaches the disciplines involved
in making those things happen.
This tutorial will include a mix of theory and case studies
of real events. Case studies will include success stories as well
as disastersthere's much to be learned from both.
Topics include:
- A sample "change management" policy you can start using right away
- The network life cycle: birth, certification, decommission
- Case study: network change management (avoiding outages, managing risk)
- The project everyone hates: moving your data center
- Surviving weekend-long maintenance windows with no major problems
- The secret to successful server upgrades
- Case study: upgrading a major application server
- Case study: upgrading a multi-purpose server
- Service conversions (it's more than just upgrading the software)
- Building and staffing DR teams
- Case study: IP renumbering and reorganization
Tom Limoncelli (T9, T12) co-author of
The Practice of System and Network
Administration (Addison-Wesley), is Director of Network Operations
at Lumeta Corporation, where he is responsible for building and
scaling the network. A sysadmin and network wonk since 1987, he
has worked at Bell Labs/Lucent, Mentor Graphics, and Drew
University. He is a frequent presenter at LISA conferences.
T13 Perl for System Administration: The Networking Power Hours, Part 2
David N. Blank-Edelman, Northeastern University CCS
1:30 p.m.5:30 p.m., Pacific Salon 3
Who should attend: System and
network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite). Part 1 (T10) is not a prerequisite for this class.
After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.
Topics include:
- LDAP: If you don't already have a directory service running in your environment, chances are you will soon. It is equally likely that this directory service will be built on or be accessible by the Lightweight Directory Access Protocol. We'll
see how to use Perl to perform common LDAP operations.
- Mail: Perl is an excellent tool for speaking different mail protocols. We'll learn how to use it to send mail with SMTP and perform
different mail operations using POP3 and IMAP. Once we know how to receive mail, we'll look at the process of parsing the mail to help us deal with it.
- Potpourri: There are so many topics in the networking arena that we bend the one-topic-per-hour rule for the last hour. In this module we'll look at how to parse logs
efficiently and effectively, roll your own daemons, and use encrypted transports from Perl.
David N. Blank-Edelman (T10, T13) is the Director of Technology at the
Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.
|