T1 Network Security Assessments Workshop—Hands-On (Day 1 of 2) 
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.
How do you test a network for security vulnerabilities? Just plug
some IP addresses into a network-scanning tool and click SCAN,
right? If only it were that easy. Numerous commercial and freeware tools assist
in locating network-level security vulnerabilities. However, these
tools are fraught with dangers: accidental denial-of-service,
false positives, false negatives, and long-winded reporting, to name but
a few. Performing a security assessment (a.k.a. vulnerability assessment
or penetration test) against a network environment requires
preparation, the right tools, methodology, knowledge, and more.
This hands-on workshop will cover the essential topics for performing
an effective and safe network assessment.
Class exercises will require that students have an x86-based laptop
computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet
network card. Please download a copy of KNOPPIX-STD
(https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system
on a network offering DHCP. Be sure your network card is recognized by
Knoppix-STD, otherwise you will not be able to participate in most classroom
exercises. Wireless access will not be supported during class.
Topics include:
- Preparation: What you need before you even begin
- Safety measures: This often-overlooked topic will cover important
practical steps to minimize or eliminate adverse effects on critical networks
- Architecture considerations: Where you scan from affects how you perform the assessment
- Inventory: Taking an accurate inventory of active systems and protocols
on the target network
- Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
- Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
- Research and development: What to do when existing tools don't suffice
- Documentation and audit trail: How to keep accurate records easily
- How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.
Day 1
- Lab setup and preparation
- Security assessment overview
- Types of assessments
- Choosing an assessment approach
- Assessment preparation
- Defining the purpose
- Rules of engagement
- Assessment logistics
- Open vs. closed testing
- Passive vs. active testing; depth of testing
- Denial of service (DoS)
- Enumeration of target information
- Permission
- Assessment safety
- Verification of tool authenticity
- Vetting tools
- Safety concepts
- The dangers of automated scanners
- Automated tool safety summary
- Documentation and audit trail
- Assessment phase 1: network inventory
- Ping scanning
- Discrete port scanning (host inventory only)
- DNS queries
- Traceroute
- ARP scanning
Day 2
- Assessment phase 2: target analysis
- TCP port scanning
- UDP port scanning
- SNMP
- Assessment phase 3: exploitation and confirmation
- Automated vulnerability scanning tools
- (Online) brute-force attacks
- (Offline) password cracking
- Manual testing
- Special consideration testing
- Firewalls and routers
- Auditing email servers
- Web servers
- Stealth technique summary
- Vulnerability scanning tools
- Automated scanning tools
- Commercial scanners
- Nessus
- Nessus Clients
- Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security
Consulting, Inc.  Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the US
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
T2 Implementing LDAP Directories
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.
Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.
System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.
Topics include:
- Replacing NIS domains
- Integrating Samba user accounts
- Authenticating RADIUS clients
- Integrating MTAs such as Sendmail, Qmail, or Postfix
- Creating address books for mail clients
- Managing user access to HTTP and FTP services
- Storing DNS zone information
- Managing printer information
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998.  He has published articles in various
Web-based magazines and gives instructional courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration (O'Reilly & Associates).
T3 Administering Linux in Production Environments
Æleen Frisch, Exponential Consulting
9:00 a.m.–5:00 p.m.
Who should attend: Both current Linux system administrators and
administrators from sites considering converting to Linux or adding
Linux systems to their current computing resources. We will be focusing on the
administrative issues that arise when Linux systems are deployed
to address a variety of real-world tasks and problems arising from
both commercial and research and development contexts.
Topics include:
- Recent kernel developments
- High-performance I/O
- Advanced filesystems and logical volumes
- Disk striping
- Optimizing I/O performance
- Advanced compute-server environments
- Beowulf
- Clustering
- Parallelization environments/facilities
- CPU performance optimization
- High availability Linux: fault tolerance options
- Enterprise-wide authentication
- Fixing the security problems you didn't know you had (or, what's good
enough for the researcher/hobbyist won't do for you)
- Automating installations and other mass operations
- Linux in the office environment
Æleen Frisch (, M12, T3) has been a system administrator for over 20 years.  She currently
looks after a pathologically heterogeneous network of UNIX and Windows
systems. She is the author of several books, including Essential
System Administration (now in its 3rd edition).
T4 Advanced Technology in Sendmail
Eric Allman, Sendmail, Inc.
9:00 a.m.–5:00 p.m.
Who should attend: System administrators who want to learn more about the
Sendmail program, particularly details of configuration and operational
issues. This tutorial assumes that you are already familiar with Sendmail,
including installation, configuration, and operation.
In the past few years the face of email has changed dramatically. No
longer is it sufficient to use the default configurations, even in
single-user systems. Spam, regulation, high loads, and increased concerns
about privacy and authentication have caused major changes in sendmail and
in the options available to you.
After a very brief review of Sendmail functionality and terminology, we will
explore some of the newer important features.
Topics include:
- SMTP authentication
- TLS encryption
- The Milter (mail filter interface)
- Many of the newer policy control interfaces
This will be an intense, fast-paced tutorial. It is strongly recommended that
you have read or are familiar with the materials in the Sendmail book
published by O'Reilly and Associates, preferably the 3rd edition (but at least
the 2nd edition).
Eric Allman (T4) is the original author of Sendmail, co-founder and CTO of
Sendmail, Inc., and co-author of Sendmail, published by O'Reilly. At
U.C. Berkeley, he was the chief programmer on the INGRES database
management project, leader of the Mammoth project, and an early
contributer to BSD, authoring syslog, tset, the -me troff macros, and
trek. Eric designed database user and application interfaces at
Britton Lee (later Sharebase) and contributed to the Ring Array
Processor project for neural-network-based speech recognition at the
International Computer Science Institute. Eric is on the Editorial
Review Board of ACM Queue magazine and is a former member of the Board
of Directors of the USENIX Association.
T5 VoIP Principles and Implementation with Asterisk
Heison Chak, SOMA Networks
9:00 a.m.–5:00 p.m.
Who should attend: Managers and system administrators involved in the evaluation, design,
implementation, and deployment of VoIP infrastructures. Participants do
not need prior exposure to VoIP but should understand the principles of networking.
Attendees will come away from this tutorial with strategies for cost -saving improvements to their existing infrastructures and practical
information on deploying VoIP in a variety of environments.
This tutorial will cover VoIP principles, VoIP networks, and their
interaction and interface with the traditional PSTN (Public Switched
Telephone Network) and IP networks. The tutorial will compare a number of
widely used codecs (voice encoders) and VoIP
protocols. As well, The Asterisk open source PBX will be presented to demonstrate
VoIP principles and applications.
Topics include:
- PSTN overview
- VoIP basics
- Codecs (G.711, G.729, etc.)
- Protocols (SIP, IAX, etc.)
- Performance metrics (jitter, latency, etc.)
- VoIP networks (FWD, IAXtel, etc.)
- Implementation examples with Asterisk
- Hardware
- IVR (interactive voice response)
- Dialplan
- TTS (text to speech) applications
Heison Chak (T5) works for SOMA Networks as a network engineer, focusing on network
management and performance analysis as
well as the implementation of data and voice networks. He has
undertaken to design a VoIP platform and to migrate SOMA Networks to it
from an existing legacy PBX system. Chak is an active member of
the Asterisk community.
T6 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m.
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.
We'll examine the virtual memory system, the I/O system and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.
Topics include:
- Performance tuning strategies
- Server tuning
- Filesystem and disk tuning
- Memory consumption and swap space
- System resource monitoring
- NFS issues
- Automounter and other tricks
- Network performance, design, and capacity planning
- Application tuning
- System resource usage
- Memory allocation
- Code profiling
- Job scheduling and queuing
- Real-time issues
- Managing response time
Marc Staveley (T6) works with Soma Networks, where he is applying his many  years of experience with UNIX development and administration in
leading their IT group. Previously Marc had been an independent
consultant and also held positions at Sun Microsystems, NCR,
Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development,
multi-threaded programming, system administration, and performance
tuning.
T7 Advanced Shell Programming
Mike Ciavarella, University of Melbourne
9:00 a.m.–12:30 p.m.
Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).
The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.
Topics include:
- Common mistakes and unsafe practices
- Modular shell script programming
- Building blocks: awk, sed, etc.
- Writing secure shell scripts
- Performance tuning
- Choosing the right utilities for the job
- Addressing portability at the design stage
- When not to use shell scripts
Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching software
engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
T8 Eliminating Backup System Bottlenecks Using Disk-to-Disk and Other Methods
Jacob Farmer, Cambridge Computer Corp.
9:00 a.m.–12:30 p.m.
Who should attend: System administrators involved in the design
and management of backup systems and policymakers responsible for
protecting their organization's data. A general familiarity with
server and storage hardware is assumed. The class focuses on
architectures and core technologies and is relevant regardless of
what backup hardware and software you currently use. Students will
leave this lecture with immediate ideas for effective, inexpensive
improvements to their backup systems.
The end may finally be in sight for the pains of backup and restore.
The cost of disk storage has crossed the line: it has finally become
practical to use disk to enhance or replace tape-based backup
systems. In turn, software applications have come to market to
facilitate the use of disk in backup systems. Now the problem is
sorting out all of the options and fitting them into your existing
infrastructure. This lecture identifies the major bottlenecks in
conventional backup systems and explains how to address them. The
emphasis is placed on the various roles inexpensive disk can play in
your data protection strategy; however, attention is given to
SAN-enabled backup, the current state and future of tape drives,
iSCSI, and virtual tape.
Topics include:
- Identifying and eliminating backup system bottlenecks
- Conventional disk staging
- Virtual tape libraries
- Incremental forever and synthetic full backup strategies
- Information life cycle management and nearline archiving
- Data replication
- Continuous backup
- Snapshots
- The current and future tape drives
- Zero duplication file systems
- iSCSCI
Jacob Farmer (T8) is the CTO of Cambridge Computer Services, a specialized
integrator of  backup systems and storage networks. He has over 15
years of experience with storage technologies and writes an expert
advice column for InfoStor magazine. He is currently writing a book
on storage networking.
T9 Combating Spam Using Sendmail, MIMEDefang, and Perl
David Skoll, Roaring Penguin Software
9:00 a.m.–12:30 p.m.
Who should attend: System administrators, network administrators, and
email administrators tackling the problem of spam in the enterprise.
Participants should be familiar with Sendmail and Perl. Use of or
familiarity with MIMEDefang will be helpful but not necessary to
get the most out of this practical session.
This tutorial will suggest concrete steps administrators can
take to reduce spam using open-source tools for UNIX and Linux.
Topics include:
- Introduction to mail filtering
- Introduction to Milter
- MIMEDefang architecture
- Writing MIMEDefang filters
- SpamAssassin integration
- Virus scanner integration
- Checking address existence at the periphery
- Streaming mail for different recipients
- Greylisting
- Sendmail's SOCKETMAP feature and MIMEDefang
- Performance tuning
- Gathering statistics
- MIMEDefang's notification facility
The spam problem will be outlined briefly, with a focus on main
techniques used by spammers. Attendees will then be shown how to use
MIMEDefang Perl code to detect and combat some of those
techniques. Attendees will also have the opportunity to discuss the
use of MIMEDefang and Perl to achieve their specific goals.
After completing this tutorial, participants will be aware not only
of top spamming techniques, but of concrete methods for combating the
problem using open-source tools.
David Skoll (T9) is founder and president of Roaring Penguin Software, Inc., a firm specializing in email filtering. Skoll is the developer of MIMEDefang,
the acclaimed open-source email inspection software, and the primary developer of CanIt and CanIt-PRO, commercial anti-spam
systems based on MIMEDefang. He is
author of Caldera's OpenLinux Unleashed and frequently writes and
presents for the Linux and open source communities. More information
can be found at https://www.roaringpenguin.com.
T10 Documentation Techniques for SysAdmins
Mike Ciavarella, University
of Melbourne
1:30 p.m.–5:00 p.m.
Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Topics include:
- Why system administrators need to document
- The document life cycle
- Targeting your audience
- An adaptable document framework
- Common mistakes
- Tools to assist the documentation process
Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching software
engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
T11 Solaris 10 Security Features
Peter Baer Galvin, Corporate Technologies
1:30 p.m.–5:00 p.m.
Who should attend: Solaris systems managers and administrators interested in
the new security features in Solaris 10 (and features in previous Solaris
releases that they may not be using).
This course covers a variety of topics surrounding Solaris 10 and security.
Solaris 10 includes many new features, and there are new issues to consider
when deploying, implementing, and managing Solaris 10.
Topics include:
- Solaris cryptographic framework
- NFS V4
- Solaris privileges
- Solaris Flash archives and live upgrade
- Moving from NIS to LDAP
- Dtrace
- WBEM
- Smartcard interfaces and APIs
- Kerberos enhancements
- FTP client and server enhancements
- PAM enhancements
- Auditing enhancements
- Password history checking
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR,  and was the Systems Manager for Brown University's Computer Science Department. He has written articles
for Byte and other magazines. He wrote the "Pete's Wicked World" and
"Pete's Super Systems" columns at SunWorld. He is currently
contributing editor for Sys Admin, where he manages the Solaris
Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web
services, performance tuning, and high availability.
T12 Administering NetBackup
W. Curtis Preston, Glasshouse
Technologies
1:30 p.m.–5:00 p.m.
Who should attend: Administrators and operators of medium to large
NetBackup systems.
Although NetBackup can be administered relatively easily, it can
also be misconfigured relatively easily. Misconfigurations can
cause failed, slow, unnecessary, and unreliable backups. In addition,
they can result in some filesystems or databases accidentally being
excluded from the backup. This tutorial will explain in detail
best practices designed to give you optimum efficiency with minimal
risk, including the recent trend of using disk in your backup system.
NetBackup comes with a dizzying number of options costing from
hundreds to tens of thousands of dollars each. Making sense of
these options can be a difficult and expensive task.
This tutorial will explain the major new features and options in
NetBackup releases 4.5 and 5.x. More important, it will cover
which of these features and options give you the most bang for the
buck.
Topics include:
- NetBackup architecture
- Understanding multistreaming & multiplexing
- Relationship between the Media Manager and NetBackup
- Command line interface
- Important commands to know, including some undocumented commands and options
- bpgetconfig & bpsetconfig, my two new favorite commands
- bpgp: the beauty and the danger
- bppl*: configure all your policies and schedules on the command line
- bpimagelist & bpimmedia: find those backups
- vmquery: find those tapes
- vmchange: move those tapes around
- Designing a NetBackup system
- Sizing the server
- System architecture: what kind of servers and how many of them
- Integrating disk into the mix
W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse
Technologies, the global leader in  independent storage services. Curtis has ten years' experience designing storage systems for
many environments, both large and small. As a recognized expert in the
field, Curtis has advised the major product vendors regarding product
features and implementation methods. Curtis is the administrator of the
NetBackup and NetWorker FAQs and answers the "Ask The Experts" backup
forum on SearchStorage.com. He is also the author of O'Reilly's UNIX
Backup & Recovery and Using SANs & NAS, as well as a monthly column in
Storage Magazine.
|
Need help? Use our Contacts page.
