|
Sunday, December 3, 2006
|
Full-Day Tutorials
|
S1
|
SOLARIS 10 ADMINISTRATION WORKSHOP |
Peter Baer Galvin, Corporate Technologies, Inc.
9:00 a.m.5:00 p.m.
Who should attend: Solaris system managers and administrators interested in learning the new administration features in Solaris 10 (and features in previous Solaris releases that they may not be using).
This tutorial covers a variety of topics concerning Solaris 10. Solaris 10 includes many new features, and there are new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Each student should have a laptop with wireless access for remote access into a provided Solaris 10 machine.
Note that, except for a few instances, Solaris 10 security is not covered in
this workshop.
Topics include:
- Overview
- Solaris releases (official, Solaris Express, OpenSolaris, others)
- Installing and upgrading to Solaris 10
- Flash archives and live upgrade
- Patching
- Service Management Facility (lab)
- The kernel
- Crash and core dumps
- Cool commands
- ZFS (lab)
- N1 Grid Containers (a.k.a. Zones) (lab)
- Installation
- Management
- Resource management
- Dtrace
- FMA
- Performance
- Networking
- Sysadmin best practices
Peter Baer Galvin (S1, R1) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.
S2
|
TCP/IP WEAPONS SCHOOL (Day 1 of 2)
|
Richard Bejtlich, TaoSecurity
9:00 a.m.5:00 p.m.
Who should attend: Junior and intermediate analysts and
system administrators who detect and respond to security incidents.
TWS is the right way for junior and intermediate security personnel to learn the fundamentals of TCP/IP networking. Students learn how to interpret network traffic by analyzing packets generated by network security tools. Examples of normal, suspicious, and malicious traffic teach analysts how to identify security events on the wire. Students wil analyze traffic using open source tools.
The point of the class is to teach TCP/IP by looking at nontraditional TCP/IP traffic. I will make comparisons to normal TCP/IP traffic for reference purposes. The name of the course is related to the US Air Force Weapons School, which is the "Top Gun" of the Air Force.
Course plan: The
class will concentrate on the protocols and services most likely to be
encountered when performing system administration and security work. Students
will inspect traffic such as would be seen in various malicious security events.
Topics for Day 1 include:
- Hardware and network design: Bridges, hubs, switches, routers, duplex and
domains, layer-x switches, middleboxes, LANs, xANS, VPNs, WLANs, VLANs
- Layer 1: What Layer 1 is; Ethernet; raw Ethernet (Nemesis); UTP and Ethernet
over UTP; fiber optics and Ethernet over fiber optics; Ethernet emulation
over FireWire, IP over FireWire, and IP over wireless
- Layer 1 attack: Rogue access point
- Layer 2: What Layer 2 is; Ethernet revisited;
packet delivery on the LAN; Ethernet interfaces; ARP basics, ARP
request/reply, ARP cache, Arping, Arpdig, and Arpwatch; Dynamic Trunking
Protocol
Want to learn more from Richard Bejtlich? Check out his extra 2-day class after LISA, December 910, 2006. See the PDF flyer for details.
Richard Bejtlich (S2, M2, F1) is founder of TaoSecurity LLC(https://www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He has created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001, Richard defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, he holds degrees from Harvard University and the United States Air Force Academy. Richard wrote the Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and Sys Admin Magazine. Richard holds the CISSP, CIFI, and CCNA certifications. His popular Web log resides at https://taosecurity.blogspot.com.
S3
|
SYSTEM AND NETWORK MONITORING: TOOLS IN DEPTH
|
John Sellens, SYONEX
9:00 a.m.5:00 p.m.
Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks
using the best of the freely available tools. Participants should
have an understanding of the fundamentals of networking, familiarity
with computing and network components, UNIX system administration
experience, and some understanding of UNIX programming and scripting
languages.
This tutorial will provide in-depth instruction in the installation
and configuration of some of the most popular and effective system
and network monitoring tools, including Nagios, Cricket, MRTG, and
Orca.
Participants should expect to leave this tutorial with the information
needed to immediately implement, extend, and manage popular monitoring
tools on their systems and networks.
Topics include, for each of Nagios, Cricket, MRTG, and Orca:
- Installation: Basic steps, prerequisites, common problems and
solutions
- Configuration, setup options, and how to manage larger and
nontrivial configurations
- Reporting and notifications, both proactive and reactive
- Special cases: How to deal with interesting problems
- Extending the tools: How to write scripts or programs to extend
the functionality of the basic package
- Dealing effectively with network boundaries and remote sites
- Security concerns and access control
- Ongoing operations
John Sellens (S3, M12 ) has been involved in system and network administration since 1986 and is the author
of several related USENIX papers, a number of ;login: articles, and the SAGE Short Topics in System Administration booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
S4
|
ADMINISTERING LINUX IN PRODUCTION ENVIRONMENTS
|
Æleen Frisch, Exponential Consulting
9:00 a.m.5:00 p.m.
Who should attend: Current Linux system administrators looking to learn about the latest developments and problem-solving techniques, as well as
administrators from sites considering converting to Linux or adding
Linux systems to their current computing resources.
This course will cover configuring and managing Linux computer systems in production environments. We will be focusing on the
administrative issues that arise when Linux systems are deployed
to address a variety of real-world tasks and problems arising from
both commercial and research-and-development contexts.
Topics include:
- Recent kernel developments
- High-performance I/O
- Advanced filesystems and logical volumes
- Disk striping
- Optimizing I/O performance
- Advanced compute-server environments
- Beowulf
- Clustering
- Parallelization environments/facilities
- CPU performance optimization
- High availability Linux: fault-tolerance options
- Enterprise-wide authentication and other security features
- Automating installations and other mass operations
- Linux performance tuning
Æleen Frisch (S4, M8) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).
S5
|
LINUX SERVER SECURITY HANDS-ON
|
Rik Farrow, Security Consultant
9:00 a.m.5:00 p.m.
Who should attend: Both Linux and UNIX system
administrators. Some experience with command-line UNIX tools is
required to get the most out of this class. Security analysts and
managers can also take this class and learn what must be done to
create secure Linux systems.
Learn how to secure Linux servers in this hands-on class. The good
news is that recent Linux distros come with good default security.
The bad news is that security of Linux servers can be reduced by
mistakes in configuration, poor use of server features, enabling
more services than are required, and use of insecure services. The
security of all but the most hardened Linux servers can be increased
through the application of the techniques you will learn in this
course.
You will work with a Linux server running within a VMware product
for Linux or Windows (Mac users: see https://www.vmware.com/macos to
sign up to try a beta version for Macs). During the class, you can
participate in hands-on exercises that will drive home the key points.
Topics include:
- Checking for low-hanging fruit that can aid an attacker, such as bad file permissions,
dangerous SUID files, and backdoors
- Defending servers against network-based attacks via proper
service configuration
- Using local firewalls to both block potential attacks and blunt
successful attacks
- Running servers within a chrooted environment
- Using secure remote administration
- Running Apache securely through proper configuration and through
checking CGI scripts or programs for exploitable features
- Keeping your servers properly updated and vulnerability-free
- Setting up effective logging
Rik Farrow (S5, T9) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many U.S. and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow is the editor of ;login:. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.
S6
|
ADVANCED PERL PROGRAMMING
|
Tom Christiansen, Consultant
9:00 a.m.5:00 p.m.
Who should attend: Perl programmers with at least a journeyman-level working knowledge of Perl programming and a desire to hone their skills.
This class will cover a wide variety of advanced topics in Perl, including
many insights and tricks for using these features effectively. After
completing this class, attendees will have a much richer understanding of
Perl and will be better able to make it part of their daily routine.
Topics include:
- Symbol tables and typeglobs
- Symbolic references
- Useful typeglob tricks (aliasing)
- Modules
- Autoloading
- Overriding built-ins
- Mechanics of exporting
- Function prototypes
- References
- Implications of reference counting
- Using weak references for self-referential data structures
- Autovivification
- Data structure management, including serialization and persistence
- Closures
- Fancy object-oriented programming
- Using closures and other peculiar referents as objects
- Overloading of operators, literals, and more
- Tied objects
- Managing exceptions and warnings
- When die and eval are too primitive for your taste
- The use warnings pragma
- Creating your own warnings classes for modules and objects
- Regular expressions
- Debugging regexes
- qr// operator
- Backtracking avoidance
- Interpolation subtleties
- Embedding code in regexes
- Programming with multiple processes or threads
- The thread model
- The fork model
- Shared memory controls
- Unicode and I/O layers
- Named Unicode characters
- Accessing Unicode properties
- Unicode combined characters
- I/O layers for encoding translation
- Upgrading legacy text files to Unicode
- Unicode display tips
Tom Christiansen (S6) has been involved with Perl since day zero of its initial public release in 1987. Author of several books on Perl,
including The Perl Cookbook and Programming Perl from O'Reilly, Tom is
also a major contributor to Perl's online documentation. He holds
undergraduate degrees in computer science and Spanish and a Master's in
computer science. He now lives in Boulder, Colorado.
|
Sunday Morning Half-Day Tutorials
|
|
S7
|
INTRODUCTION TO DOMAIN NAME SYSTEM ADMINISTRATION
|
William LeFebvre, Consultant
9:00 a.m.12:30 p.m.
Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.
DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.
This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."
Topics include:
- DNS and BIND
- The DNS name hierarchy
- The four components of the DNS protocol
- Iterative vs. recursive querying
- Essential resource records: SOA, A, PTR, CNAME, NS
- Zone transfers and secondaries
- Vendor-specific differences
William LeFebvre (S7, S10) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He wrote a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently an independent consultant. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.
S8
|
BZR, HG, AND GIT, OH MY! DISTRIBUTED SOURCE CODE MANAGEMENT SYSTEMS |
Theodore Ts'o, IBM Linux Technology Center
9:00 a.m.12:30 p.m.
Who should attend: Developers, project leaders, and system administrators
dealing with source code management systems who want to take advantage of
the newest distributed development tools.
Are you still using CVS or SVN? Find out what you've been missing!
This tutorial will describe the basic concepts of distributed
SCMs and provide gentle instructions on how these systems work and
how to use them. It will also compare and contrast the strengths
and weaknesses of these systems and will provide guidance and suggestions so
that project leaders can choose the distributed SCM that is most appropriate
for their project.
Bzr, hg, and git are new source code management systems which, unlike
CVS and SVN, do not require a single centralized server. Instead, they
are peer-to-peer systems, where no one repository has any more privilege
than another, other than that obtained by usage and custom. These systems have many advantages. They are perfect for people who wish to
commit changes while disconnected from the network (for example, while in an airplane). In addition, there is no need for "commit
rights" before a new developer can become a first-class user of the
SCM system. Instead, the developer simply clones a copy of the
repository on his local machine, makes changes, and commits them to
the repository. These changes are then pushed to the maintainer, who
reviews them before merging them into his local repository. In larger
projects, a hierarchical system can be used, where a changeset may be
approved by a subsystem maintainer, who must then forward the changeset to
a higher-level maintainer for approval for the changeset to enter the project
master repository.
These attributes make distributed SCMs an ideal match for open source
software projects. Indeed, hg and git were created specifically for
the Linux kernel developers. Today, projects such as Solaris, Xen,
moinmoin, Alsa, and e2fsprogs use Mercurial; Linux, Cairo, Wine,
X.org, and XMMS2 use git; and Ubuntu and Drupal use bzr.
Theodore Ts'o (S8) has been a Linux kernel developer since almost the very
beginnings of Linux: he implemented POSIX job control in the
0.10 Linux kernel. He is the maintainer and author of the Linux COM
serial port driver and the Comtrol Rocketport driver, and he architected
and implemented Linux's tty layer. Outside of the kernel, he is
the maintainer of the e2fsck filesystem consistency checker. Ted
is currently employed by IBM Linux Technology Center.
S9
|
SO YOU HAVE ACTIVE DIRECTORY: NOW WHAT? (A GUIDE TO AD INTEGRATION FOR UNIX SYSADMINS)
|
Gerald Carter, Centeris
9:00 a.m.12:30 p.m.
Who should attend: System administrators who are tasked with integrating
authentication, Web, and file/print services provided by
UNIX hosts into an Active Directory domain.
Frequently, AD deployments are handled outside the UNIX
infrastructure teams. This can leave UNIX/Linux sysadmins
scratching their collective heads about how to make use
of the new directory service and increase the amount of work duplicated by the UNIX server teams and the AD administrators. This tutorial will help reduce that workload for you.
Topics include:
- AD domain membership using Samba
- NTLM and Kerberos authentication for Apache
- Using PAM for NTLM and Kerberos authentication
- Searching Active Directory using LDAP clients
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team
since 1998. He has been developing, writing about, and
teaching on open source since the late 1990s. Currently
employed by Centeris as a Samba and open source developer,
Gerald has written books for SAMS Publishing and for
O'Reilly Publishing.
|
Sunday Afternoon Half-Day Tutorials
|
|
S10
|
INTERMEDIATE TOPICS IN DOMAIN NAME SYSTEM ADMINISTRATION
|
William LeFebvre, Consultant
1:30 p.m.5:00 p.m.
Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.
Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.
Topics include:
- Subdomains and delegation
- Resource records: NS, RP, MX, TXT, AAAA
- BIND views
- DNS management tools
- DNS design
- DNS and firewalls
William LeFebvre (S7, S10) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He wrote a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently an independent consultant. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.
S12
|
KERBEROS 5: REVENGE OF THE THREE-HEADED DOG |
Gerald Carter, Centeris
1:30 p.m.5:00 p.m.
Who should attend: Administrators who want to understand Kerberos 5 implementations
on both UNIX/Linux and Windows clients and servers.
For many organizations, Kerberos is an an old technology that has been driven to the forefront by deployments of Microsoft Active Directory domains. The introduction of a standard authentication protocol into Windows domains has caused many network administrators to reexamine ways to integrate UNIX/Linux and Windows clients in a single authentication model.
Topics include:
- Key concepts of the Kerberos 5 protocol
- Related authentication interfaces such as SASL and GSSAPI
- The specifics of implementing Krb5 realms
- Implementations of Krb5 cross-realm trusts
- Integration of Windows and UNIX/Linux clients into Krb5 realms
- Possible pitfalls of using popular Krb5 implementations such
as those of MIT and Windows 200x
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has been developing, writing about, and teaching on open source since the late 1990s. Currently employed by Centeris as a Samba and open source developer, Gerald has written books for SAMS Publishing and for O'Reilly Publishing.
|
Monday, December 4, 2006
|
Full-Day Tutorials
|
M1
|
SYSTEM AND NETWORK PERFORMANCE TUNING |
Marc Staveley, Soma Networks
9:00 a.m.5:00 p.m.
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.
We will explore procedures and techniques for tuning systems, networks, and
application code. Starting from the single system view, we will examine how the
virtual memory system, the I/O system, and the filesystem can be measured and
optimized. We'll extend the single host view to include Network File System
tuning and performance strategies. Detailed treatment of networking performance
problems, including network design and media choices, will lead to examples of
network capacity planning. Application issues, such as system call
optimization, memory usage and monitoring, code profiling, real-time
programming, and techniques for controlling response time will be addressed.
Many examples will be given, along with guidelines for capacity planning and
customized monitoring based on your workloads and traffic patterns. Question
and analysis period for particular situations will be provided.
Topics include:
- Performance tuning strategies
- Practical goals
- Monitoring intervals
- Useful statistics
- Tools, tools, tools
- Server tuning
- Filesystem and disk tuning
- Memory consumption and swap space
- System resource monitoring
- NFS performance tuning
- NFS server constraints
- NFS client improvements
- NFS over WANs
- Automounter and other tricks
- Network performance, design, and capacity planning
- Locating bottlenecks
- Demand management
- Media choices and protocols
- Network topologies: bridges, switches, and routers
- Throughput and latency considerations
- Modeling resource usage
- Application tuning
- System resource usage
- Memory allocation
- Code profiling
- Job scheduling and queuing
- Real-time issues
- Managing response time
Marc Staveley (M1, R1) works with Soma Networks, where he is applying his many years of experience with UNIX development and administration in
leading their IT group. Previously Marc had been an independent
consultant and also held positions at Sun Microsystems, NCR,
Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development,
multi-threaded programming, system administration, and performance
tuning.
M2
|
TCP/IP WEAPONS SCHOOL (Day 2 of 2) |
Richard Bejtlich, TaoSecurity
9:00 a.m.5:00 p.m.
See S2 for the description of the first day of this tutorial.
Who should attend: Junior and intermediate analysts and
system administrators who detect and respond to security incidents.
TWS is the right way for junior and intermediate security
personnel to learn the fundamentals of TCP/IP networking. Students
learn how to interpret network traffic by analyzing packets generated by
network security tools. Examples of normal, suspicious, and malicious
traffic teach analysts how to identify security events on the wire.
Students wil analyze traffic using open source tools.
The point of the class is to teach TCP/IP by looking at nontraditional
TCP/IP traffic. I will make comparisons to normal TCP/IP traffic for
reference purposes. The name of the course is related to the US Air Force Weapons School,
which is the "Top Gun" of the Air Force.
Course plan: The
class will concentrate on the protocols and services most likely to be
encountered when performing system administration and security work. Students
will inspect traffic such as would be seen in various malicious security events.
Topics for Day 2 include:
- Layer 2 attacks: Changing MAC addresses; MAC flooding (Macof); ARP denial
of service (Arp-sk); port stealing (Ettercap); layer 2 man-in-the-middle
(Ettercap); Dynamic Trunking Protocol attack (Yersinia)
- Layer 3: What Layer 3 is; Internet Protocol, raw IP (Nemesis), IP options
(Fragtest), and IP time-to-live (Traceroute); Internet Control Message
Protocol (Sing) and ICMP error messages (Gnetcat)
- Layer 3 attacks: IP spoofing; Gont ICMP attacks; ICMP Shell
Want to learn more from Richard Bejtlich? Check out his extra 2-day class after LISA, December 910, 2006. See the PDF flyer for details.
Richard Bejtlich (S2, M2, F1) is founder of TaoSecurity LLC(https://www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network
security monitoring (NSM) principles. Richard was previously a principal
consultant at Foundstone, performing incident response, emergency NSM, and
security research and training. He has created NSM operations for ManTech
International Corporation and Ball Aerospace & Technologies Corporation. From
1998 to 2001, Richard defended global American information assets
in the Air Force Computer Emergency Response Team (AFCERT), performing and
supervising the real-time intrusion detection mission.
Formally trained as an intelligence officer, he holds degrees from Harvard
University and the United States Air Force Academy. Richard wrote the Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking
Exposed, 4th Ed., Incident Response, 2nd Ed., and Sys Admin Magazine. Richard holds the CISSP, CIFI, and CCNA
certifications. His popular Web log resides at https://taosecurity.blogspot.com.
M3
|
ISSUES IN UNIX
INFRASTRUCTURE DESIGN
|
Lee Damon, University of Washington
9:00 a.m.5:00 p.m.
Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.
This intermediate class will examine many of the background issues that
need to be considered during the design and implementation of a
mixed-architecture or single-architecture UNIX environment. It will
cover issues from authentication (single sign-on) to the Holy Grail of
single system images.
This class won't implement a "perfect solution," as each site has
different needs. It will try to raise all the questions you should
ask (and answer) while designing the solution that will meet your
needs. We will look at some freeware and some commercial solutions,
as well as many of the tools that exist to make a workable environment
possible.
Topics include:
- Administrative domains: Who is responsible for what, and what can users do for themselves?
- Desktop services vs. farming: Do you do serious computation on the desktop, or do you build a compute farm?
- Disk layout: How do you plan for an upgrade? Where do things go?
- Free vs. purchased solutions: Should you write your own, or hire a consultant or company?
- Homogeneous vs. heterogeneous: Homogeneous is easier, but will it do what your users need?
- The essential master database: How can you keep track of what you have?
- Policies to make life easier
- Push vs. pull
- Getting the user back online in 5 minutes
- Remote administration: Lights-out operation; remote user sites; keeping up with vendor patches, etc.
- Scaling and sizing: How do you plan on scaling?
- Security vs. sharing: Your users want access to everything. So do the crackers . . .
- Single sign-on: How can you do it securely?
- Single system images: Can users see just one environment, no matter how many OSes there are?
- Tools: The free, the purchased, the homegrown
Lee Damon (M3, T3) has a B.S. in Speech Communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. Among other professional activities, he is a charter member of LOPSA and SAGE and past chair of the SAGE Ethics and Policies working groups, and he was the chair of LISA '04.
M4
|
AN INTRODUCTION TO OPENAFS AND ITS ADMINISTRATION
|
Esther Filderman, Pittsburgh Supercomputing Center, and Alf Wachsmann, Stanford Linear Accelerator Center
9:00 a.m.5:00 p.m.
Who should attend: Anyone looking to learn more about OpenAFS and how to
set up and administer an OpenAFS cell.
AFS is a global distributed file system which works on many
different operating systems (UNIX, Windows, Mac OS). It is ideal for
sharing data and software in a heterogeneous distributed computing
environment. Now that AFS has become available through an open source license,
it is available to sites and IT groups of all sizes. Although the use of
AFS is simple, setting up your own AFS servers can be a rather
daunting task.
Topics include:
- Overview of AFS concepts and semantics
- Setting up and managing the AFS client (even without your own servers)
- A working outline of the AFS server processes and how they play together
- How to set up a new AFS cell: design decisions, initial
setup, planning for the future
- Authentication issues: Native KAS vs. Kerberos5
- Backups: How and what to choose to use
- AFS tools to make everything from maintenance to
monitoring easier
Esther Filderman (M4) has been working with AFS since its infancy at CMU, before it was called AFS, and is currently Senior Operations Specialist and AFS administrator for the Pittsburgh Supercomputing Center. She has been working to bring AFS content to LISA conferences since 1999. She is also coordinating documentation efforts for the OpenAFS project.
Alf Wachsmann (M4) is working at the Stanford Linear Accelerator Center (SLAC) in the Computing Services' High-Performance Computing Group, where he is an infrastructure designer and automation specialist. He has a doctor's degree in natural sciences obtained in Computer Science at the University of Paderborn (Germany). He worked as a post-doc in the computing center of DESY Zeuthen (Germany) before he came to SLAC in 1999.
M5
|
ADVANCED TOPICS IN DNS ADMINISTRATION |
Matt Larson, VeriSign, Inc.
9:00 a.m.5:00 p.m.
Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND 9. Attendees should have some experience
of running a name server and be familiar with DNS jargon, resource records,
and the syntax of zone files and named.conf.
This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"
Topics include:
- The BIND 9 logging subsystem
- Getting the most from the name server's logs
- Running the name server in debugging mode
- Managing the name server with rndc
- Configuring split DNS: internal and external versions of a domain
- Using the views mechanism of BIND 9 to implement split DNS
- Securing the name server
- Running it chroot()ed
- Using access control lists
- Preventing unwanted access
- Security
- DNS vulnerability overview
- Using Transaction Signatures (TSIG) to protect messages: cases and tools
- Using DNSSEC to protect DNS data: cases, tools, implications
- Dynamic DNS (DDNS)
- Secure dynamic updates with nsupdate: policies and usage models
- IPv6
- Resolving and answering queries over IPv6 transport
- Setting up AAAA records to resolve IPv6 addresses
Matt Larson (M5) works in the Advanced Products and Research Group of VeriSign Information Services
as a specialist in DNS protocol and
operational issues. He is the co-author of the O'Reilly & Associates
Nutshell Handbooks DNS on Windows Server 2003, DNS on Windows 2000,
and DNS on Windows NT. Matt joined VeriSign in June 2000 from Acme Byte & Wire, a company he started in 1997 with co-author Cricket Liu. Acme Byte & Wire
specialized in DNS consulting and training, and its customers included
more than 10% of the Fortune 100. Prior to Acme Byte & Wire, Matt worked for five years at
Hewlett-Packard, first in the Corporate Network Services group, where
he ran hp.com, one of the largest corporate domains in the world. He
later joined HP's professional services organization.
|
Monday Morning Half-Day Tutorials
|
|
M6
|
THE LATEST HACKING TOOLS AND DEFENSES
|
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.12:30 p.m.
Who should attend: Anyone who is interested in how hackers work these days, and what system and network administrators can do to defend themselves.
This presentation will examine recent developments in hacker tools and techniques. Live demos of tools will be given as time permits, and defenses against the tools will be discussed. Bonus: A look at some recently headlined cybercrimes, with an emphasis on the techniques used.
Topics may include:
- VoIP security
- Phishing
- Reverse engineering
- Anti-forensics
- Wi-Fi and Bluetooth
- Web application attacks
- Spyware and malware
- Network tools
- Denial of service attacks
David Rhoades (M6) is a principal consultant with Maven Security
Consulting, Inc. Since 1996, David has provided information protection services
for various FORTUNE 500 customers. His work has taken him across the U.S.
and abroad to Europe and Asia, where he has lectured and consulted in
various areas of information security. David has a B.S. in computer
engineering from the Pennsylvania State University and has taught
for the SANS Institute, the MIS Training Institute, and ISACA.
M7
|
BLOGS AND SPAM: LEGAL ISSUES FOR THE SYSTEM ADMINISTRATOR |
Daniel L. Appelman, Technology lawyer, USENIX attorney, and partner at Heller Ehrman LLC
9:00 a.m.12:30 p.m.
Who should attend: System administrators at all levels of experience and seniority, and
others who are facing legal and ethical issues about blogs and spam.
Blogs and spam have both proliferated tremendously in the past few years. Weak federal legislation has preempted much stronger state attempts to control spam. The Federal Trade Commission has enacted new rules that clarify some of the ambiguities in the CAN-SPAM Act. System administrators need to understand the requirements of the law and the new regulations.
Blogging raises many legal issues, including the scope of intellectual property rights, content regulation, and labor and employment issues. Several important recent cases highlight how existing laws are being applied to this new form of communication. Employees use company facilities and company time to post entries to their personal blogs and to read and comment on the blogs of others. These postings may include comments critical of their employers, or information their employers consider to be confidential and proprietary, or material created by others the use of which may not be authorized. Employers are increasingly using blogs to market and promote their company's products and services and also as a communications tool within the company. System administrators need to understand the legal issues that arise from blogging in the workplace.
This session will provide system administrators with a clear understanding of the new spam laws and the legal issues that need to be addressed when employees' right to free expression by blogging collides with employers' right to control the workplace. We will define the duties and responsibilities of system administrators when faced with spam campaigns and the use of their company's facilities for personal communication in the blogosphere. Finally, we will suggest guidelines for meeting the challenges presented by both of these popular technologies.
Topics include:
- CAN-SPAM and what it means for the system administrator
- New FTC rules implementing CAN-SPAM
- Blogging issues for the system administrator
- Use of company facilities for personal purposes: what are the limits?
- Who owns the blog?
- First Amendment rights and employer workplace rights: which prevail?
- When intellectual property rights conflict with free expression
- Blogging and trade secrets
- The fair use doctrine and blogging
- The role of company policies with respect to spam and blogging
- Recommendations for the system administrator
Daniel L. Appelman (M7) is a lawyer in the Silicon Valley office of a major international law firm. He has been practicing in the areas of cyberspace and software law for many years. He was the lawyer for Berkeley Software Design in the BSDi/UNIX System Laboratories (AT&T) case. Dan is the attorney for the USENIX Association and for many tech companies. He is also founding chair of his firm's Information Technology practice group, is the former chair of the California Bar's Standing Committee on Cyberspace Law, and is a current member of the California Bar Business Law Section's Executive Committee, the Computer Law Association, and the American Bar Association's Cyberspace Committee.
M8
|
BEYOND SHELL SCRIPTS: 21ST-CENTURY AUTOMATION TOOLS AND TECHNIQUES |
Æleen Frisch, Exponential Consulting
9:00 a.m.12:30 p.m.
Who should attend: System administrators who want to explore new
ways of automating administrative tasks. Shell scripts are appropriate for many jobs, but more complex operations will often benefit from sophisticated tools.
Topics include:
- Cfengine
- Basic and advanced configurations
- Samples uses, including: installations and beyond; "self-heaing" configs; data collection; and more
- Cfengine limitations: when not to use it
- Expect: Automating interactive processes
- What to Expect . . .
- Using Expect with other tools
- Security issues
- Bacula, an enterprise backup management facility
- Prerequisites
- Configuration
- Getting the most from Bacula
Æleen Frisch (S4, M8) has been a system administrator for over 20 years. She currently
looks after a pathologically heterogeneous network of UNIX and Windows
systems. She is the author of several books, including Essential
System Administration (now in its 3rd edition).
M9
|
ETHEREAL AND THE ART OF DEBUGGING NETWORKS |
Gerald Carter, Centeris
9:00 a.m.12:30 p.m.
Who should attend: System and network administrators who are interested in
learning more about the TCP/IP protocol and how network traffic
monitoring and analysis can be used as a debugging, auditing,
and security tool.
The focus of this course is using the Ethereal protocol analyzer
as a debugging and auditing tool for TCP/IP networks. System
logs can turn out to be incomplete or incorrect when you're trying to track down
network application failures. Sometimes the quickest, or the only,
way to find the cause is to look at the raw data on the
wire. This course is designed to help you make sense of that data.
Topics include:
- Introduction to Ethereal for local and remote network tracing
- TCP/IP protocol basics
- Analysis of popular application protocols such as DNS, DHCP, HTTP, NFS, CIFS, and LDAP
- How some kinds of TCP/IP network attacks can be recognized
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team
since 1998. He has been developing, writing about, and
teaching on open source since the late 1990s. Currently
employed by Centeris as a Samba and open source developer,
Gerald has written books for SAMS Publishing and for
O'Reilly Publishing.
|
Monday Afternoon Half-Day Tutorials
|
|
M10
|
DOCUMENTATION TECHNIQUES FOR SYSADMINS |
Mike Ciavarella, University of Melbourne
1:30 p.m.5:00 p.m.
Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.
Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.
Topics include:
- Why system administrators need to document
- The document life cycle
- Targeting your audience
- An adaptable document framework
- Common mistakes
- Tools to assist the documentation process
Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching software
engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
M11
|
HOW TO INTERVIEW A SYSTEM ADMINISTRATOR |
Adam Moskowitz, Menlo Computing
1:30 p.m.5:00 p.m.
Who should attend: System administrators of all levels of experience, as well as managers of system administrators. The course will focus on techniques for interviewers, but even sysadmins who are just starting out will learn some things to use as an interviewee. Managers of system administrators and junior sysadmins will learn, among other things, how to interview someone who knows more than you do. Junior administrators will also learn how to respond (as an interviewee) when asked a bad questionin particular, how to turn it into a better question.
Do you know how to interview a system administrator? Do the questions you ask elicit specific, narrowly focused information, or do they show you both the depth and breadth of a candidate's knowledge of a particular subject or technology? Do you know how to distinguish between a candidate who is just trying to bluff through the interview and one who has some knowledge of the field but hasn't yet become an expert? Are trick questions ever appropriate, and, if so, when and why? Some questions shouldn't be asked, and some would even land you in hot water with your company's HR or legal department: do you know what those questions are? Finally, have you figured out how to help a candidate do well in an interview while still getting an objective and fair assesment of their skills?
If you answered "no" or even "I'm not sure" to any of these questions, this course is for you.
Topics include:
- Purposes of an interview
- To assess the candidate's technical skills
- To get a feel for the candidate's personality and interpersonal skills
- To learn whether a candidate is likely to be a good fit with the company and with the IT group
- To help the candidate figure out whether he wants this
job and whether he is likely to do well in the
position
- Maybe even to teach the candidate something new
about system administration
- Basic questions to bear in mind
- Is the candidate comfortable?
- Does he need a drink or a bathroom break?
- Does she know who you are and what your role in
the company is?
- Preparatory questions
- What are you really trying to learn about the
candidate's skills, and why?
- What makes a good question good?
- What makes a bad question bad?
- How can you turn bad questions into good ones?
- When is it appropriate to ask a trick question,
and why?
- What questions can't or shouldn't you ask?
Adam Moskowitz (M11), in his roles as IT manager and senior system administrator, and on behalf of several of his consulting clients, has interviewed more candidates for system administration positions than he can remember. By virtue of having worked for a lot of companies that are no longer in business, he has been a candidate for almost that many system administration positions. Over the years he's been asked good questions, bad questions, and horrible questions, and has seen candidates become flummoxed when asked what seemed like rather simple questions. All this plus his almost 30 years of experience in the field (not to mention a darned good ratio of interviews to job offers) have given Adam considerable field experience to draw on for this tutorial.
When he's not in an interview, Adam works as a system administratorbut only to support his hobby of judging barbecue contests and to keep food in his puppy's bowl.
M12
|
DATABASES: WHAT YOU NEED TO KNOW |
John Sellens, SYONEX
1:30 p.m.5:00 p.m.
Who should attend: System and application administrators who need
to support databases and database-backed applications.
Databases used to run almost exclusively on dedicated database
servers, with one or more database administrators (DBAs) dedicated
to their care. These days, with the easy availability of database
software such as MySQL and PostgreSQL, databases are popping up
in many more places, and are used by many more applications.
As a system administrator you need to understand databases, their care and feeding.
Attendees will leave the tutorial with a better understanding of
databases and their use and will be ready to deploy and support
common database software and database-backed applications.
Topics include:
- An introduction to database concepts
- The basics of SQL (Structured Query Language)
- Common applications of databases
- Berkeley DB and its applications
- MySQL installation, configuration, and management
- PostgreSQL installation, configuration, and management
- Security, user management, and access controls
- Ad-hoc queries with standard interfaces
- ODBC and other access methods
- Database access from other tools (Perl, PHP, sqsh, etc.)
John Sellens (S3, M12) has been involved in system and network administration since 1986
and is the author of several related USENIX papers, a number of ;login: articles, and the SAGE Short Topics in System Administration booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.
M13
|
PROJECT TROUBLESHOOTING |
Strata Rose Chalup, Project Management Consultant
1:30 p.m.5:00 p.m.
Who should attend: Anyone with an existing project that
isn't going well, and they're not sure why, or with a big
initiative at work that they'd like to turn into a project but
can't seem to get beyond a certain point with it; anyone who's
been getting involved with open source software development, and
things have gotten complex now that more folks are on board.
If you've been thinking, "Hey, if we had a little
more structure, we could get a lot more accomplished," this tutorial is for you. It's likely,
but not strictly required, that you've taken some kind of project
management training or done some reading on your own.
As for me: I've been pulling clients' projects out
of the fire for years. As a career consultant, I'm constantly
running into the "When all else fails, hire a consultant" syndrome.
I've seen projects without a plan, plans without a project, and
just about everything in betweenincluding a lot of busy people
who don't seem to know what the common goal is, or even whether there
is one!
So come on down, bring your laptop, your notes, and your questions,
and get your project back on track.
Strata Rose Chalup (M13, W8, R4) began as a fledgling sysadmin in 1983 and
has been leading and managing complex IT projects for many years,
serving in roles ranging from Project Manager to Director of Network
Operations. She has written a number of articles on management and
working with teams and has applied her management skills on various
volunteer boards, including BayLISA and SAGE. Strata has a keen interest
in network information systems and new publishing technologies and built
a successful consulting practice around being an avid early adopter of
new tools, starting with ncsa_httpd and C-based CGI libraries in 1993 and
moving on to wikis, RSS readers, and blogging. Another MIT dropout,
Strata founded VirtualNet Consulting in 1993.
|
Tuesday, December 5, 2006
|
Full-Day Tutorials
|
T1
|
SOLARIS 10 PERFORMANCE, OBSERVABILITY, AND DEBUGGING |
James Mauro and Richard McDougall, Sun Microsystems
9:00 a.m.5:00 p.m.
Who should attend: Anyone who supports or may support Solaris 10 machines. This one-day tutorial will cover the tools and utilities available in Solaris 10 for understanding system and application behavior. An overview of the various tools will be followed by a drill-down on the uses of and methodology for applying the tools to resolve performance issues and pathological behavior, or simply to understand the system and workload better.
Topics include:
- Solaris 10 features overview
- Solaris 10 tools and utilities
- The conventional stat tools (mpstat, vmstat, etc.)
- The procfs tools (ps, prstat, map, pfiles, etc.)
- lockstat and plockstat
- Using kstat
- Dtrace, the Solaris dynamic tracing facility
- Using mdb in a live system
- Understanding memory use and performance
- Understanding thread execution flow and profiling
- Understanding I/O flow and performance
- Looking at network traffic and performance
- Application and kernel interaction
- Putting it all together
James Mauro (T1) is a Senior Staff Engineer in the Performance and Availability Engineering group at
Sun Microsystems. Jim's current interests and activities are centered on benchmarking Solaris 10 performance, workload analysis, and tool development. This work includes Sun's new Opteron-based systems and multicore performance on Sun's Chip Multithreading (CMT) Niagara processor. Jim resides in Green Brook, New Jersey, with his wife and two sons. He spent most of his spare time in the past year working on the second edition of Solaris Internals. Jim co-authored the first edition of Solaris Internals with Richard McDougall and has been writing about Solaris in various forums for the past eight years.
Richard McDougall (T1), had he lived 100 years ago, would have had the hood
open on the first four-stroke internal combustion gasoline-powered vehicle, exploring new techniques for making improvements. He would be looking for simple ways to solve complex problems and helping pioneering owners understand how the technology works to get the most from their new experience. These days, McDougall uses technology to satisfy his curiosity. He is a Distinguished Engineer at Sun Microsystems, specializing in operating systems technology and system performance. He is co-author of Solaris Internals (Prentice Hall PTR, 2000) and Resource Management (Sun Microsystems Press, 1999).
T2
|
BUILDING A LOGGING INFRASTRUCTURE AND LOG ANALYSIS FOR SECURITY |
Abe Singer, San Diego Supercomputer Center
9:00 a.m.5:00 p.m.
Who should attend: System, network, and security administrators who want to be able to separate the wheat of warning information from the chaff of normal activity in their log files.
This tutorial will show the importance of log files for maintaining
system security and general well-being, offer some strategies for building
a centralized logging infrastructure, explain some of the types of
information that can be obtained for both real-time monitoring and
forensics, and teach techniques for analyzing log data to obtain useful
information.
The devices on a medium-sized network can generate millions of lines
of log messages a day. Although much of the information is normal activity,
hidden within that data can be the first signs of an intrusion, denial of
service, worms/viruses, and system failures. Why should you attend? Getting a handle on your log
files can help you run your systems and networks more effectively and
can provide forensic information for post-incident investigation.
Topics include:
- Problems, issues, and scale of handling log information
- Generating useful log information: improving the quality of
your logs
- Collecting log information
- syslog and friends
- Building a log host
- Integrating MS Windows into a UNIX log architecture
- Storing log information
- Centralized log architectures
- Log file archiving
- Log analysis
- Log file parsing tools
- Data analysis of log files (e.g., baselining)
- Attack signatures and other interesting things to look for in your logs
- How to handle and preserve log files for HR and legal folks
Abe Singer (T2, W6) is a Computer Security Researcher in the Security Technologies Group at the San Diego Supercomputer Center. In his operational security responsibilities, he participates in incident response and forensics and in improving the SDSC logging infrastructure. His research is in pattern analysis of syslog data for data mining. He is co-author of of the SAGE booklet Building a Logging Infrastructure and author of a forthcoming O'Reilly book on log analysis.
T3
|
SEVEN HABITS OF THE HIGHLY EFFECTIVE SYSTEM ADMINISTRATOR: HINTS, TRICKS, TECHNIQUES, & TOOLS OF THE TRADE
|
Mike Ciavarella, University
of Melbourne, and Lee Damon, University of Washington
9:00 a.m.5:00 p.m.
Who should attend: Junior system administrators with anywhere from little to 3+ years of experience in computer system administration. We will focus on enabling the junior system administrator to "do it right the first time." Some topics will use UNIX-specific tools as examples, but the class is applicable to any sysadmin and any OS. Most of the material covered is "the other 90%" of system administrationthings every sysadmin needs to do and to know, but which aren't details of specific technical implementation.
We aim to accelerate the experience curve for junior system administrators by teaching them the time honored tricks (and effective coping strategies) that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.
The class covers many of the best practices that senior administrators have long incorporated in their work. We will touch on tools you should use, as well as tools you should try to avoid. We will touch on things that come up frequently, as well as those which happen only once or twice a year. We will look at a basic security approach.
We will talk about issues such as why your computers should all agree on what time it is, why root passwords should not be the same on every computer, why backing up every filesystem on every computer is not always a good idea, policieswhere you want them and where you might want to avoid themethical issues, and growth and success as a solo-sysadmin as well as in small, medium, and large teams. We will discuss training, mentoring, and personal growth planning, as well as site planning, budgeting, and logistics. We will discuss books that can help you and your users.
Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching software engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.
Lee Damon (M3, T3) has a B.S. in Speech Communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. Among other professional activities, he is a charter member of LOPSA and SAGE and past chair of the SAGE Ethics and Policies working groups, and he was the chair of LISA '04.
Gerald Carter, Centeris
9:00 a.m.5:00 p.m.
Who should attend: System administrators who are
currently managing Samba servers or are planning to deploy
new servers this year. This course will outline the new
features of Samba 3.0, including working demonstrations
throughout the course session.
Topics include:
- Providing basic file and print services
- Centrally managing printer drivers for Windows clients
- Cofiguring Samba's support for Access Control Lists and the Microsoft Distributed File System
- Making use of Samba VFS modules for features such as virus scanning and a network recycle bin
- Integrating with Windows NT 4.0 and Active Directory
authentication services
- Implementing a Samba primary domain controller along with
Samba backup domain controllers
- Migrating from a Windows NT 4.0 domain to a Samba domain
- Utilizing account storage alternatives to smbpasswd such
as LDAP
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team
since 1998. He has published articles with various
Web-based magazines and teaches courses as a
consultant for several companies. Currently employed by
Hewlett-Packard as a Samba developer, Gerald has written
books for SAMS Publishing and is the author of the recent
LDAP System Administration for O'Reilly Publishing.
T5
|
INTRODUCTION TO VMWARE ESX SERVER |
John Arrasjid and Stephen Sorota, VMware
9:00 a.m.5:00 p.m.
Who should attend: System administrators and architects who are interested in deploying VMware ESX Server in a production environment. No prior experience with VMware products is required. Knowledge of Linux is helpful; basic knowledge of SANs is useful but not required.
VMware ESX Server is virtual infrastructure software for partitioning,
consolidating, and managing systems in mission-critical Intel environments. In this tutorial, we will provide an overview of virtual machine technology as well as the features and functionality of ESX Server. Installation, configuration, and best practices will be the focus of the session.
Topics include:
- Virtual infrastructure overview
- ESX Server overview
- Installation and configuration
- Virtual Machine (VM) creation and operation
- Operations and administration best practices
- Advanced configuration (SAN and networking)
John Arrasjid (T5) has 20 years of experience in the computer science field. His experience includes work with companies such as AT&T, Amdahl, 3Dfx
Interactive, Kubota Graphics, Roxio, and his own company, WebNexus
Communications, where he developed consulting practices and built a cross-platform IT team. John is currently a senior member of the VMware Professional Services
Organization as a Consulting Architect. John has developed a number of PSO
engagements, including Performance, Security, and Disaster Recovery and
Backup.
|
Tuesday Morning Half-Day Tutorials
|
|
T6
|
HITCHHIKER'S GUIDE TO EMAIL SENDER AUTHENTICATION
|
Murray Kucherawy, Sendmail, Inc.
9:00 a.m.12:30 p.m.
Who should attend: System administrators familiar with email concepts who want to get their feet wet in the emerging area of email sender authentication. Spam and phishing cost industry millions of dollars per year in lost productivity and fraud claims. Email sender authentication is a concerted, multi-fronted attempt to add technology to stem this tide of fraudulent and annoying email.
Some well-established methods, as well as some of the more nascent ones, will be covered. The components of each protocol, as well as the impact of bringing them into your environment, will be addressed. References will be provided to existing as well as upcoming implementations of several of these proposals (with an emphasis on the free ones, of course). We will discuss the technologies themselves while remaining as MTA-agnostic as possible, so that what you learn can be applied in whatever your home environment may be.
Topics include:
- Introduction
- Why sender authentication is necessary
- Why not PGP or S/MIME?
- Past
- Simple client checks: RMX, MTAMark
- Present
- Path-based methods: SPF, Sender-ID
- Crypto-based methods: DomainKeys, IIM, DKIM
- Best common practices
- Future
- Reputation: Realtime Blackhole Lists (RBLs), Collaborative (Vipul's Razor)
Murray Kucherawy (T6, T10) has been actively involved in email system
administration and software development since 1990 and has been awarded two
related patents, with a third pending. He holds a Bachelor of Mathematics degree
from the University of Waterloo and has been with Sendmail, Inc., for seven years
as a senior software engineer. Prior to that he completed a six-year tour of
duty in the Internet Service Provider industry in both Canada and the United
States, and also worked for three terms as a staff member in computing and
information technology at the University of Waterloo. He is currently working
with the IETF to advance the progress of sender authentication issues through
the standards process.
T7
|
DISK-TO-DISK BACKUP AND ELIMINATING BACKUP SYSTEM BOTTLENECKS |
Jacob Farmer, Cambridge Computer
9:00 a.m.12:30 p.m.
Who should attend: System administrators involved in the design
and management of backup systems and policymakers responsible for
protecting their organization's data. A general familiarity with
server and storage hardware is assumed. The class focuses on
architectures and core technologies and is relevant regardless of
what backup hardware and software you currently use. Students will
leave this lecture with immediate ideas for effective, inexpensive
improvements to their backup systems.
The data protection industry is going through a mini-renaissance. In the
past few years, the cost of disk media has dropped to the point where it
is practical to use disk arrays in backup systems, thus minimizing and
sometimes eliminating the need for tape. In the first incarnations of
disk-to-disk backupdisk staging and virtual tape librariesdisk has
been used as a direct replacement for tape media. While this compensates
for the mechanical shortcomings of tape drives, it fails to address other
critical bottlenecks in the backup system, and thus many disk-to-disk
backup projects fall short of expectations. Meanwhile, many early adopters
of disk-to-disk backup are discovering that the longterm costs of disk
staging and virtual tape libraries are prohibitive.
The good news is that the next generation of disk-enabled data protection
solutions have reached a level of maturity where they can assistand
sometimes even replaceconventional enterprise backup systems. These new
D2D solutions leverage the random access properties of disk devices to use
capacity much more efficiently and to obviate many of the hidden backup
system bottlenecks that are not addressed by first-generation solutions.
The challenge to the backup system architect is to cut through the industry
hype, sort out all of these new technologies, and figure out how to integrate
them into an existing backup system.
This tutorial identifies the major bottlenecks in conventional backup
systems and explains how to address them. The emphasis is placed on the
various roles for inexpensive disk in your data protection strategy;
however, attention is given to SAN-enabled backup, the current state and
future of tape drives, and iSCSI.
Topics include:
- Identifying and eliminating backup system bottlenecks
- Conventional disk staging
- Virtual tape libraries
- Removable disk media
- Incremental forever and synthetic full backup strategies
- Block- and object-level incremental backups
- Information lifecycle management and nearline archiving
- Data replication
- CDP (Continuous Data Protection)
- Snapshots
- Current and future tape drives
- Capacity Optimization (Single-Instance File Systems)
- Minimizing and even eliminating tape drives
- iSCSI
Jacob Farmer (T7, T11) is a well-known figure in the data storage industry. He has authored numerous papers and articles and is a regular speaker at trade
shows and conferences. In addition to his regular expert advice column
in the "Reader I/O" section of InfoStor Magazine, the leading trade
magazine of the data storage industry, Jacob also serves as the
publication's senior technical advisor. Jacob has over 18 years of
experience with storage technologies and is the CTO of Cambridge
Computer Services, a national integrator of data storage and data
protection solutions.
T8
|
OVER THE EDGE SYSTEM ADMINISTRATION, VOLUME 1 |
David N. Blank-Edelman, Northeastern University
9:00 a.m.12:30 p.m.
Who should attend: Old-timers who think they've already seen it all, and those who
want to develop inventive thinking early in their career. Join us and be
prepared to be delighted, disgusted, and amazed. Most of all, be ready to
enrich your network and system adminstration by learning to be different.
It's time to learn how to break the rules, abuse the tools, and generally
turn your system administration knowledge inside out. This class is a
cornucopia of ideas for creative ways to take the standard (and sometimes
not-so-standard) system administration tools and techniques and use them in
ways no one would expect. We'll also cover some tools you may have missed.
Note: The teacher takes no responsibility should your head explode during
this class.
Topics include:
- How to (ab)use perfectly good network transports by using them for
purposes never dreamed of by their authors
- How to increase user satisfaction during downtimes with 6 lines of Perl
- How to improve your network services by intentionally throwing away data
- How to drive annoying Web-only applications that don't have a command
line interfacewithout lifting a finger
- How to use ordinary objects you have lying around the house, such as Silly
Putty, to make your life easier (seriously!)
David N. Blank-Edelman (T8, T12, W5) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the past 20+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and is one of the LISA '06 Invited Talks co-chairs.
T9
|
FIREWALLS AND INTERNET SECURITY FOR MAC OS X |
Rik Farrow, Security Consultant
9:00 a.m.12:30 p.m.
Who should attend: Mac OS X users and
administrators. Some experience with command-line UNIX tools is
required to get the most out of this class. Security analysts and
managers can also take this class and learn what must be done to
create secure Mac OS X systems.
Mac OS X includes a firewall that you can enable with one click via a GUI interface. And if all you want to do is block most incoming network access, that's all you need to know. But if you need to know more, this class is for you.
Mac OS X uses ipfw, one of the firewalls available in FreeBSD. You can use the GUI to manage ipfw and do simple things such as allow SSH connections through. Under the covers, Mac OS X is storing your firewall configuration in two formats, both editable, and using the ipfw commandline tool. Ipfw provides a lot more flexibility than you can get from using the GUI tool, and a little knowledge permits you to install new rules on the fly or add rules that will be installed with every restart.
Bring your Apple laptop so that you can participate in class exercises.
If you don't have a laptop, there should be enough people who do
have one that you can comfortably shoulder surf.
Topics include:
- Configuring ipfw using the GUI and understanding what this actually does
- Understanding IP as it applies to firewalls and Internet security
- Using ipfw firewalls to both block potential attacks and blunt
successful attacks
- Recognizing IP protocols that are peculiar to Mac OS X and may or
may not be welcome in networks where you use just a few Macs
- Using ipfw to control network access to your Mac OS X systems
Rik Farrow (S5, T9) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many U.S. and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow is the editor of ;login:. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.
|
Tuesday Afternoon Half-Day Tutorials
|
|
T10
|
WRITING FILTERS USING "MILTER" |
Murray Kucherawy, Sendmail, Inc.
1:30 p.m.5:00 p.m.
Who should attend: System administrators and software developers familiar with email concepts who want to write applications that can plug into the sendmail MTA to monitor and control the flow and content of email.
Email is critical infrastructure. In the past few years there have been huge changes: growth in mail volume, new regulations, sender authentication, and an increasing variety of filtering needs. Wouldn't it be great if you didn't need to be a full-blown MTA developer to write your own customized filters, or integrate your own local applications into your email stream?
Well, you can! A few years ago, Sendmail introduced a generic programming interface called milter that allows exactly this. After this course you will be able to write and debug your own mail filtering applications that plug directly into Sendmail, and understand how all the parts fit together. Examples in both C and Perl will be offered. Sample programs will also be shown.
If you've ever hacked your own database queries or other site-specific changes into Sendmail and then had to deal with carrying your patches forward from one version to the next, this could be the tutorial you've been waiting for.
Topics include:
- Phases of SMTP and how they relate to your filter
- The callbacks milter offers
- How threads are used in milter
- Writing a basic filter using the milter API
- Registering the filter with Sendmail
- Handling failures
- Related known limitations in various environments
- Examples of applications
- Future development
Murray Kucherawy (T6, T10) has been actively involved in email system administration and software development since 1990 and has been awarded two related patents, with a third pending. He holds a Bachelor of Mathematics degree from the University of Waterloo and has been with Sendmail, Inc., for seven years as a senior software engineer. Prior to that he completed a six-year tour of duty in the Internet Service Provider industry in both Canada and the United States, and also worked for three terms as a staff member in computing and information technology at the University of Waterloo. He is currently working with the IETF to advance the progress of sender authentication issues through the standards process.
T11
|
NEXT GENERATION STORAGE NETWORKING |
Jacob Farmer, Cambridge Computer
1:30 p.m.5:00 p.m.
Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This tutorial is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures and various approaches to scaling in both performance and capacity. Since storage networking technologies tend to be costly, there is some discussion of the relative cost of different technologies and of strategies for managing cost and achieving results on a limited budget.
There has been tremendous innovation in the data storage industry over the past few years. Proprietary, monolithic SAN and NAS solutions are beginning to give way to open-system solutions and distributed architectures. Traditional storage interfaces such as parallel SCSI and Fibre Channel are being challenged by iSCSI (SCSI over TCP/IP), SATA (serial ATA), SAS (serial attached SCSI), and even Infiniband. New filesystem designs and alternatives to NFS and CIFS are enabling high-performance filesharing measured in gigabytes (yes, "bytes," not "bits") per second. New spindle management techniques are enabling higher-performance and lower-cost disk storage. Meanwhile, a whole new set of efficiency technologies are allowing storage protocols to flow over the WAN with unprecedented performance. This tutorial is a survey of the latest storage networking technologies, with commentary on where and when these technologies are most suitably deployed.
Topics include:
- Fundamentals of storage virtualization: the storage I/O path
- Shortcomings of conventional SAN and NAS architectures
- In-band and out-of-band virtualization architectures
- The latest storage interfaces: SATA (serial ATA), SAS (serial
attached SCSI), 4Gb Fibre Channel, Infiniband, iSCSI
- Content-Addressable Storage (CAS)
- Information Life Cycle Management (ILM) and Hierarchical Storage
Management (HSM)
- The convergence of SAN and NAS
- High-performance file sharing
- Parallel file systems
- SAN-enabled file systems
- Wide-area file systems (WAFS)
Jacob Farmer (T7, T11) is a well-known figure in the data storage industry. He has authored numerous papers and articles and is a regular speaker at trade shows and conferences. In addition to his regular expert advice column in the "Reader I/O" section of InfoStor Magazine, the leading trade magazine of the data storage industry, Jacob also serves as the publication's senior technical advisor. Jacob has over 18 years of experience with storage technologies and is the CTO of Cambridge Computer Services, a national integrator of data storage and data protection solutions.
T12
|
OVER THE EDGE SYSTEM ADMINISTRATION, VOLUME 2 |
David N. Blank-Edelman, Northeastern University
1:30 p.m.5:00 p.m.
Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different. Previous attendance at Volume 1 of the series is recommended but not required.
Join us for volume two of the wildly successful Over the Edge System Administration class series. Once again we'll learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out with the help of a whole new set of examples. This class is a second cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed. This class will take some of the concepts from the first installment and develop them even further.
Once again, we feel it is important to remind you: The teacher
takes no responsibility should your head explode during this class.
Topics include:
- How to exploit side effects to your benefit
- Applying the arts and crafts you learned in camp to system
administration
- Pressing Web apps from places like Google and Yahoo! into
service as sysadmin tools
- How to perform SQL queries on your network equipment
- How to use even more ordinary objects you have lying around
the house to make your life easier (seriously!)
David N. Blank-Edelman (T8, T12, W5) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the past 20+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and is one of the LISA '06 Invited Talks co-chairs.
T13
|
ENTERPRISE WIRELESS NETWORK SETUP |
Rudi van Drunen, Competa IT/Xlexit
1:30 p.m.5:00 p.m.
Who should attend: Network professionals and system administrators deploying and managing wireless networks in an enterprise setting who want to use the new encryption/authentication/authorization protocols.
Wireless networks are becoming ready for the enterprise. Serious flaws in the encryption are being solved with new protocols on top of 802.11. This tutorial describes setting up a wireless network in an enterprise environment using the latest protocols for authentication, authorization, and encryption, and it explains how to choose and set up your access points, antennas, and accompanying infrastructure.
After supplying some background in radio technology and antennas and showing ways to deploy your access points, we will describe the newer higher-level protocols. This tutorial will provide answers to key questions: What are the strong points? the weak points? How should you implement an enterprise structure using a RADIUS back end? Now you have it, how can you manage it?
Topics include:
- Making a radio plan
- Selecting and placing access points
- Determining your cabling and antennae needs
- Designing the authentication/authorization infrastructure
- Setting up hardware and software (including clients)
Topics do not include:
- Cryptanalysis of protocols
- Details of vendor-specific software
Rudi van Drunen (T13) met UNIX about 25 years ago at the University of Groningen (NL). Nowadays he is employed as a senior infrastructure
and UNIX consultant. Before that, he was head of IT for a medical lab in
Leiden, The Netherlands, where he did A.O. UNIX system administration and applied
research in image analysis and neural networks.
He is one of the tech gurus and a board member of Wireless Leiden, the
leading wireless community in the Netherlands. Rudi has his own small
open source and hardware design company, Xlexit. He has taught a
number of classes and given invited talks on wireless topics at SANE
and for the Dutch UNIX community (NLUUG).
|
Wednesday, December 6, 2006
|
Full-Day Tutorials
|
W1
|
RESOURCE MANAGEMENT WITH SOLARIS CONTAINERS
|
Jeff Victor, Sun Microsystems
9:00 a.m.5:00 p.m.
Who should attend: System administrators who want to improve resource utilization of their Solaris (SPARC, x64, x86) systems.
This tutorial covers the facilities available in Solaris for managing
system resources. These facilities enable you to perform workload
management and service-level management, leverage available capacity, and
manage system utilization. Controls for CPUs, processes and threads,
CPU affinity, scheduling classes, memory, partitioning facilities, and
network bandwidth management are explained and demonstrated.
At the conclusion of this session, the student will have a solid
understanding of the facilities and commands available for maximizing
utilization of the Solaris systems in their data center.
Topics include:
- What are resources?
- Why would you want to manage them?
- How do you use these Solaris features?
- Projects and Tasks
- Resource Controls
- Dynamic Resource Pools, including processor sets
- Physical Memory management with Resource Capping and Memory Sets
- Network bandwidth management with IPQoS
- Schedulers
- Application isolation with Zones
Jeff Victor (W1) has been using UNIX systems since 1984. His two-decade career has included software design and development, network and telecomm administration, and nine
years as a Systems Engineer at Sun Microsystems. Recently Jeff wrote the Sun
BluePrint "Solaris Containers Technology Architecture Guide" and the "How to Move
a Container" guide, both available at www.sun.com. He also maintains the Solaris
Zones and Containers FAQ at opensolaris.org. Jeff holds a B.S. in Computer
Science from Rensselaer Polytechnic Institute.
W2
|
IMPLEMENTING [OPEN]LDAP DIRECTORIES |
Gerald Carter, Centeris
9:00 a.m.5:00 p.m.
Who should attend: Both LDAP directory administrators and architects. The focus is
on integrating standard network services with LDAP directories. The
examples are based on UNIX hosts and the OpenLDAP directory server
and will include actual working demonstrations throughout the course.
System administrators today run a variety of directory services,
although these are referred to by names such as DNS and NIS. The
Lightweight Directory Access Protocol (LDAP) is the successor to
the X.500 directory and has the promise of allowing administrators
to consolidate multiple existing directories into one.
Topics include:
- Replacing NIS domains
- Integration with Samba file and print servers
- Integrating MTAs such as Sendmail and Postfix
- Creating address books for mail clients
- Managing user access to HTTP and FTP services
- Integrating with DHCP and DNS servers
- Scripting with the Net::LDAP Perl module
- Defining custom attributes and object classes
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team
since 1998. He has been developing, writing about, and
teaching on open source since the late 1990s. Currently
employed by Centeris as a Samba and open source developer,
Gerald has written books for SAMS Publishing and for
O'Reilly Publishing.
|
Wednesday Morning Half-Day Tutorials
|
|
W3
|
ADVANCED SHELL PROGRAMMING |
Mike Ciavarella, University of Melbourne
9:00 a.m.12:30 p.m.
Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).
The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.
Topics include:
- Common mistakes and unsafe practices
- Modular shell script programming
- Building blocks: awk, sed, etc.
- Writing secure shell scripts
- Performance tuning
- Choosing the right utilities for the job
- Addressing portability at the design stage
- When not to use shell scripts
Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since
he naively agreed to write application manuals for his first
employer in the early 1980s. He has been a technical editor for
MacMillan Press and has been teaching system administrators about
documentation for the past eight years. Mike has an Honours Degree in
Science from the University of Melbourne. After a number
of years working as Senior Partner and head of the Security Practice
for Cybersource Pty Ltd, Mike returned to his alma mater, the University
of Melbourne. He now divides his time between teaching software
engineering, providing expert testimony in computer security matters,
and trying to complete a Doctorate. In his ever-diminishing spare time,
Mike is a caffeine addict and photographer.
W4
|
INTERNET SECURITY FOR UNIX SYSTEM ADMINISTRATORS
|
Ed DeHart, aspStation, Inc.
9:00 a.m.12:30 p.m.
Who should attend: UNIX system administrators and operations/support staff. Attendees should have a good working knowledge of UNIX system administration and be experienced Internet users.
After completing this tutorial, attendees will be able to establish
and maintain
a secure Internet site that offers the benefits of Internet connectivity
while protecting their organization's information.
At this half-day tutorial you will learn strategies and techniques to
help eliminate the threat of Internet intrusions and to improve the
security of UNIX systems connected to the Internet. It will also help you understand, set up, and manage a number
of Internet services appropriate for your site's mission.
Topics include:
- Latest information on security problems
- UNIX system security
- Security policies
Ed DeHart (W4, W7) is a former member of the CERT Coordination Center, which he helped found in 1988. The CERT was formed by the Defense Advanced
Research Projects Agency (DARPA) to serve as a focal point for the
computer security concerns of Internet users. Ed is currently the
president of aspStation, Inc., a data center for server co-location.
W5
|
Hackingn Perl
|
David N. Blank-Edelman, Northeastern University
9:00 a.m.12:30 p.m.
Who should attend: Anyone who has ever had a nagging feeling that there might be
ways to make hacking Perl easier and more efficient. A basic knowledge of Perl will help attendees gain more from this class.
There are many ways to learn the Perl language itself, but you
usually have to learn how to get better at hacking Perl through years
of trial and error. This class will help you improve the actual
process of creating and debugging Perl code without all of that
trouble.
Topics include:
- The best development environments for Perl (editors, IDEs, etc.)
- How to find code that already does what you need (and the
potential hazards of using that code)
- Tools that can help make coding Perl easier
- Ways to make debugging Perl code (your own or someone else's) easier
- Coding techniques that lead to less debugging
David N. Blank-Edelman (T8, T12, W5) is the Director of Technology
at the Northeastern University College of Computer and Information Science
and the author of the O'Reilly book Perl for System Administration. He has
spent the past 20+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology
Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and is one of the LISA '06 Invited Talks co-chairs.
|
Wednesday Afternoon Half-Day Tutorials
|
|
W6
|
SECURITY WITHOUT FIREWALLS |
Abe Singer, San Diego Supercomputer Center
1:30 p.m.5:00 p.m.
Who should attend: Administrators who want or need to explore strong, low-cost, scalable security without firewalls.
Good, possibly better, network security can be achieved without
relying on firewalls. The San Diego Supercomputer Center does not
use firewalls, yet managed to go almost 4 years without an intrusion.
Our approach defies some common beliefs, but it seems to work, and it
scales well.
"Use a firewall" is the common mantra of much security documentation, and are the primary security "solution" in most networks. However, firewalls don't protect against activity by insiders, nor do firewalls provide protection against any activity that is allowed through the firewall. And, as is true for many academic institutions, firewalls just don't make sense in our environment. Weighting internal threats equally with external threats, SDSC has built an effective, scalable, host-based security model. The keys parts to our model are: centralized configuration management; regular and frequent patching; and strong authentication (no plaintext passwords). This model extends well to many environments beyond the academic.
Of course, we're not perfect, and last year we had a compromise as
part of a security incident that spanned numerous institutions.
However, firewalls would have done little if anything to have
mitigated that attack, and we believe our approach to security
reduced the scope of compromise and helped us to recover faster
than some of our peers.
The key parts to that model are centralized configuration
management, regular and frequent patching, and strong authentication
(no plaintext passwords). This model extends well to many environments besides the academic.
In addition, our system
administration costs scale well. The incremental cost of adding a
host to our network (beyond the cost of the hardware) is negligible,
as is the cost of reinstalling a host.
Topics include:
- The threat perspective from a data-centric point of view
- How to implement and maintain centralized configuration
management using cfengine, and how to build reference systems
for fast and consistent (re)installation of hosts
- Secure configuration and management of core network services such as NFS, DNS, and SSH
- Good system administration practices
- Implementing strong authentication and eliminating use of
plaintext passwords for services such as
POP/IMAP
- A sound patching strategy
- An overview of last year's compromise, how we recovered, and what we learned
Abe Singer (T2, W6) is a Computer Security Researcher in the Security Technologies Group at the San Diego Supercomputer Center. In his operational security responsibilities, he participates in incident response and forensics and in improving the SDSC logging infrastructure. His research is in pattern analysis of syslog data for data mining. He is co-author of of the SAGE booklet Building a Logging Infrastructure and author of a forthcoming O'Reilly book on log analysis.
W7
|
SETTING UP A DATA CENTER (OR DATA CLOSET)
|
Ed DeHart, aspStation, Inc.
1:30 p.m.5:00 p.m.
Who should attend: System administrators in charge of multiple servers,
whether currently or planned to be located in one room, who are interested in learning more about how to build a server environment.
It is not unusual for system administrators to find the number of servers under their control increasing. Often the servers are located in one room or, if space is an issue, in one closet. Placement of the servers is usually based not on a longterm plan but on available space. This tutorial is for those for whom the time has come to build a server room or to move the servers into a data center. This tutorial is also well suited to the sysadmin who has inherited a server room and wants to know how best to manage it and plan for future growth.
Topics include:
- Wiring best practices
- Ethernet: Switches, ConServers, etc.
- Remote access and control
- Active and standby power
- Cooling and ventilation
- Budget realities, including free-standing vs. rack-mounted servers
Ed DeHart (W4, W7) is a former member of the CERT Coordination Center, which he helped found in 1988. The CERT was formed by the Defense Advanced
Research Projects Agency (DARPA) to serve as a focal point for the
computer security concerns of Internet users. Ed is currently the
president of aspStation, Inc., a data center for server co-location.
W8
|
PROBLEM-SOLVING FOR IT PROFESSIONALS
|
Strata Rose Chalup, Project Management Consultant
1:30 p.m.5:00 p.m.
Who should attend: IT support people who would like to have a better grasp of the domain of problem-solving as a discipline.
In the world of IT support, you build up a lot of specialized domains of knowledge that may or may not interact. We're going to trace out common patterns of interaction here and show you how you can apply basic principles to isolate symptoms and interactions between subsystems. As you will see, most types of troubleshooting rely on what you might call call "guided intuition"focusing your attention down a probable path of diagnosis and then making an intuitive leap.
If you haven't practiced your intuitive pole vaulting lately, don't worry. By using checklists and patterns to do brute-force style troubleshooting, you will gradually build up a reservoir of understanding that will eventually have you shouting "Aha!" while other folks are still scratching their heads in puzzlement.
What this class will do for you:
- Give you a solid grounding in the process of solving problems
- Provide a framework on which to build specialized troubleshooting
techniques that are specific to your environment
- Build your confidence in your ability to apply logic and common sense to
debug problems in complex interacting systems
What this class does not provide:
- Detailed instruction in specific problem-solving situations, such as
"what to do when the mouse stops moving"
- Information on custom environments that are unique to your employer or
organization
- Intro or remedial tutoring on IT basics such as how DNS lookups occur or
what TCP steps happen when a request to a Web server comes in
Rather than cover ground many of you already know, we have
chosen to focus exclusively on problem-solving
as a discipline, rather than solving specific problems common in
IT situations.
Strata Rose Chalup (M13, W8, R4) began as a fledgling sysadmin in 1983 and
has been leading and managing complex IT projects for many years, serving in roles ranging from Project Manager to Director of Network Operations. She has written a number of articles on management and working with teams and has applied her management skills on various volunteer boards, including BayLISA and SAGE. Strata has a keen interest in network information systems and new publishing technologies and built a successful consulting practice around being an avid early adopter of new tools, starting with ncsa_httpd and C-based CGI libraries in 1993 and moving on to wikis, RSS readers, and blogging. Another MIT dropout, Strata founded VirtualNet Consulting in 1993.
|
Thursday, December 7, 2006
|
Full-Day Tutorials
|
R1
|
SOLARIS 10 SECURITY FEATURES WORKSHOP |
Peter Baer Galvin, Corporate Technologies, Inc., and Marc Staveley, Soma Networks
9:00 a.m.5:00 p.m.
Who should attend: Solaris systems managers and administrators interested in
the new security features in Solaris 10 (and features in previous Solaris
releases that they may not be using).
This course covers a variety of topics surrounding Solaris 10 and security.
Solaris 10 includes many new features, and there are new issues to consider
when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Each student should have a laptop with wireless access for remote access into a Solaris 10 machine.
Topics include:
- N1 Grid Containers (a.k.a. Zones) (lab)
- RBAC (lab)
- Privileges (lab)
- NFSv4
- Flash archives and live upgrade
- Moving from NIS to LDAP
- DTrace
- FTP client and server enhancements
- PAM enhancements
- Auditing enhancements
- BSM
- Service Management Facility (lab)
- Solaris Cryptographic Framework
- Smartcard interfaces and APIs
- Kerberos enhancements
- Packet filtering
- BART
Peter Baer Galvin (S1, R1), a systems integrator and VAR, was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.
Marc Staveley (M1, R1) works with Soma Networks, where he is applying his many years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant and also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.
R2
|
LINUX SYSTEM ADMINISTRATION |
Joshua Jensen, Cisco Systems Inc.
9:00 a.m.5:00 p.m.
Who should attend: System administrators who plan to implement Linux in a production environment. Attendees should understand the basics of system administration in a UNIX/Linux environment, i.e., user-level commands and TCP/IP networking. Both novice admins and gurus should leave the tutorial having learned something.
From a single server to a network of workstations, maintaining a Linux environment
can be a daunting task for administrators knowledgeable in other
platforms. Starting with a single server and ending with a
multi-server, 1000+-user environment, this tutorial will provide
practical information on how to use Linux in the real world. Attendees should leave the tutorial confident in their ability to set up and manage a secure Linux server and services. The tutorial will be conducted in an open manner that allows for question-and-answer interruptions.
Topics include (with an emphasis on security):
- Installation issues
- Boot loaders and system startup
- Disk partitioning and LVM
- Software RAID
- The RPM package system
- Networking
- User management
- Automated system installation
- Network-based authentication
- User accounts and management
- Network services and xinetd
- SSH: port tunneling, keys, tricks
- New developments
Joshua Jensen (R2) has worked for IBM and Cisco Systems, and was Red Hat's
first instructor, examiner, and
RHCE. He worked with Red Hat for four and a half years, during which he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Joshua has been working with Linux since 1996 and finds himself having come full circle: he recently left IBM to work with Red Hat Linux for Cisco Systems. In his spare time he dabbles in cats, fish, boats, and frequent flyer miles.
|
Thursday Morning Half-Day Tutorials
|
|
R3
|
TIME MANAGEMENT: GETTING IT ALL DONE AND NOT GOING (MORE) CRAZY! |
Tom Limoncelli, Google
9:00 a.m.12:30 p.m.
Who should attend: Sysadmins who want to improve their
time-management skills, who want to have more control over their time
and better follow-through on assignments. If you feel overloaded, miss
appointments, and forget deadlines and tasks, this class is for you.
Do any of these statements sound like you?
- I don't have enough time to get all my work done.
- I don't have control over my schedule
- I'm spending all my time mopping the floor; I don't have
time to fix the leaking pipe.
- My boss says I don't work hard enough, but I'm always working
my off!
Based on a new book from O'Reilly, this tutorial will help you get
more done in less time. You'll miss fewer deadlines, be more
relaxed at work, and have more fun in your social life. If you think you don't have time to take this tutorial, you really need to take this tutorial!
Topics include:
- Why typical "time management" books don't work for sysadmins
- How to delegate tasks effectively
- A way to keep from ever forgetting a user's request
- Why "to do" lists fail and how to make them work
- Prioritizing tasks so that users think you're a genius
- Getting more out of your Palm Pilot
- Having more time for fun (for people with a social life)
- How to leave the office every day with a smile on your face
Tom Limoncelli (R3), author of O'Reilly's The Art of Time Management for System Administrators and co-author of The Practice of System and Network
Administration
from Addison-Wesley (second edition to be premiered at this conference), is a system administrator at Google in NYC. He received the SAGE 2005 Outstanding Achievement award. A sysadmin and network wonk since 1987, he has worked at Cibernet, Dean for America, Lumeta, Bell Labs/Lucent, AT&T, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.
R4
|
PRACTICAL PROJECT MANAGEMENT FOR SYSADMINS AND IT PROFESSIONALS |
Strata Rose Chalup, Project Management Consultant
9:00 a.m.12:30 p.m.
Who should attend: System administrators who want to stay hands-on as team leads or
system architects and need a new set of skills with which to tackle bigger,
more complex challenges. No previous experience with project management is
required. Participants will get a no-nonsense grounding in methods that work
without adding significantly to one's workload. After completing this tutorial, participants will be able to take an
arbitrarily daunting task and reduce it to a plan of attack that will be
realistic, lend itself to tracking, and have functional, documented goals. They will be able to give succinct and useful feedback to management on
overall project viability and timelines and easily deliver regular progress
reports.
People who have been through traditional multi-day project management courses
will be shocked, yet refreshed, by the practicality of our approach. To get the
most out of this tutorial, participants should have some real-world project or
complex task in mind for the lab sections.
This tutorial focuses on complementing your own organizational style (or lack thereof) with a toolbox of ways to organize and manage complex tasks without drowning in paperwork or clumsy, meeting-intensive methodologies. Also emphasized is how to bridge the gap between ad-hoc methods and the kinds of tracking and reporting traditionally trained managers will understand.
Topics include:
- Quick basics of project management
- The essentials you need to know
- How to map the essentials onto real-world projects
- Skill sets
- Defining success
- Chunking and milestoning
- Delegating
- Tracking
- Reporting
- Problem areas
- Teams, interactions among people
- The albatross project
- When to go deep and when to get "pointy-haired"
- When disaster strikes, should you scrap, or salvage?
- Project management tools
- What tools should do for you
- Leveraging the command line: UNIX PM
- Freeware PM tool options
- The only 15 minutes of MS Project you'll ever need
Strata Rose Chalup (M13, W8, R4) began as a fledgling sysadmin in 1983 and
has been leading and managing complex IT projects for many years, serving in roles ranging from Project Manager to Director of Network Operations. She has written a number of articles on management and working with teams and has applied her management skills on various volunteer boards, including BayLISA and SAGE. Strata has a keen interest in network information systems and new publishing technologies and built a successful consulting practice around being an avid early adopter of new tools, starting with ncsa_httpd and C-based CGI libraries in 1993 and moving on to wikis, RSS readers, and blogging. Another MIT dropout, Strata founded VirtualNet Consulting in 1993.
R5
|
REGULAR EXPRESSION MASTERY |
Chip Salzenberg, Cloudmark
9:00 a.m.12:30 p.m.
Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.
Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems. The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.
In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."
Topics include:
- Inside the regex engine
- Regular expressions are programs
- Backtracking
- NFA vs. DFA
- POSIX and Perl
- Quantifiers
- Greed and anti-greed
- Anchors and assertions
- Backreferences
- Disasters and optimizations
- Where machines come from
- Disaster examples
- Tokenizing
- New optimizations
- Matching strings with balanced parentheses
Chip Salzenberg (R5, R8, F5) is Principal Engineer at Cloudmark, where he fights spam with flair and aplomb. Chip is also chief coder ("pumpking") of the Parrot virtual machine (https://parrotcode.org,) with which Chip plans to bring all dynamic
languages together and, in the darkness, dynamically bind them.
Chip is a well-known figure in the Perl and free and open source communities, having worked on free and open source software for over 20 years, Perl for 18 years, and Linux for 13 years. Chip was pumpking for Perl release 5.4. He created the automated Linux install-and-test system for VA Linux Systems and was VA's Kernel Coordinator. Chip is a perennial presenter at the O'Reilly Open Source Conference and YAPC (Yet Another Perl Conference), teaches Perl and C++ commercially, and has been published by O'Reilly and Prentice Hall on Perl and other topics.
When away from his keyboard, Chip plays with (live) parrots and trains in Krav
Maga. Chip's journal is at https://pobox.com/~chip/journal/.
|
Thursday Afternoon Half-Day Tutorials
|
|
R6
|
BLUEPRINTS FOR HIGH AVAILABILITY
|
Evan Marcus, Aardvark Technologies, Ltd
1:30 p.m.5:00 p.m.
Who should attend: System administrators and data center managers, developers, IT
managers.
High availability: Every systems vendor, every OS vendor, every storage vendor, every networking vendor has his own definition of this very generic termand all the definitions are different! Do any of these definitions apply to you and your systems? Probably not.
What does high availability really mean? Do you need it? Do you already have it? How high is up? How up is high? Whom can you trust to give you a practical and useful answer, an answer you can apply to your data center and your systems? How can you sort through all of the marketing noise and really put high availability into place on your systems?
In this lively and upbeat tutorial, we'll give you some practical and useful information about high availability. We'll show you the relationship between cost and availability. We'll show you our list of 20 key high availability design principlesthe foundation for any critical systemand how you can get started down the path toward high availability without spending boatloads of money. You'll take home simple and practical tools you can use right away to persuade the bean counters in your organization of the value of putting high availability techniques and practices into place.
Evan Marcus (R6, F3) founded Aardvark Technologies in 1994 as a systems consulting company. Evan and Aardvark have produced many books, papers (white and other colors), and tutorials. Along the way, Evan acquired more than 15 years of experience in UNIX systems, through (among other things) 8 years at VERITAS Software as a systems engineer, speaker, and author. He also spent 5 years at Sun Microsystems, and 2 years at Fusion Systems, where he worked to bring the first high availability clustering software applications for SunOS and Solaris to market. He also spent 2 years as a system administrator on the equities trading floor of a multinational trading institution. He is the lead author of Blueprints for High Availability from John Wiley & Sons and co-author and co-editor
of The Resilient Enterprise from VERITAS Publications. He is a
well-regarded and popular speaker on the design of highly available
and disaster-resilient systems, and on fixed-content storage archives.
R7
|
HOT SWAP FILE/PRINT SERVICES FROM WINDOWS TO SAMBA
|
Gerald Carter, Centeris
1:30 p.m.5:00 p.m.
Who should attend: Administrators who are interested in transparently replacing
Windows file/print servers with Samba running on UNIX/Linux
servers.
Samba is the interoperability tool for mixed networks. Consolidating servers to a single OS can be a huge help when solving basic issues such as backups, remote administration, and monitoring. This course will help you to identify and solve the issues surrounding migrating existing Windows file and print servers to UNIX/Linux hosts. The process can be done after hours and in such a way that users are unaware of any changes when arriving the next day.
Topics include:
- Understanding Samba's use of POSIX Access Control Lists
and Extended Attributes
- Maintaining Windows ACLs while moving files and directories
- Migrating printer queues, drivers, and settings
- Migrating users and groups from an NT4 domain controller
Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team
since 1998. He has been developing, writing about, and
teaching on open source since the late 1990s. Currently
employed by Centeris as a Samba and open source developer,
Gerald has written books for SAMS Publishing and for
O'Reilly Publishing.
R8
|
HIGHER-ORDER PERL
|
Chip Salzenberg, Cloudmark
1:30 p.m.5:00 p.m.
Who should attend: Programmers involved in the development and
maintenance of large systems written partly or mostly in Perl.
One of the most powerful techniques available to Perl programmers is writing functions that can manufacture or modify other functions. Instead of writing ten similar functions that must be maintained separately, you can write a single function that will create the others as needed. This class will teach you how.
The first section concerns the technique of dynamically replacing functions with facades. Without changing a function's code, we can add caching behavior to it, or have it enforce an interface contract, or automatically track its own performance.
The second section concerns iterators, that is, functions for generating data a little bit at a time. For files, Perl provide filehandles, but the technique is more generally applicable. As with filehandles, the technique is suitable when the total amount of data is too large to use all at once. This section ends by implementing an improved version of Perl's standard File::Find module. Unlike the usual implementation, the improved version can be stopped in the middle and resumed later as often as desired. Multiple searches can be active simultaneously, making it possible to recursively compare two separate directory structures.
The final section concerns parsing. Perl's built-in utilities make it easy to parse simple inputs, but for more complex data a modular approach is more effective. A basic parser is a trivial function that transforms a simple input into a value. By writing functions that build more complex parsers from simple, interchangeable parts, we can easily built up a parser for any kind of input.
Chip Salzenberg (R5, R8, F5) is Principal Engineer at Cloudmark, where he fights spam with flair and aplomb. Chip is also chief coder ("pumpking") of the Parrot virtual machine (https://parrotcode.org,) with which Chip plans to bring all dynamic
languages together and, in the darkness, dynamically bind them.
Chip is a well-known figure in the Perl and free and open source communities, having worked on free and open source software for over 20 years, Perl for 18 years, and Linux for 13 years. Chip was pumpking for Perl release 5.4. He created the automated Linux install-and-test system for VA Linux Systems and was VA's Kernel Coordinator. Chip is a perennial presenter at the O'Reilly Open Source Conference and YAPC (Yet Another Perl Conference), teaches Perl and C++ commercially, and has been published by O'Reilly and Prentice Hall on Perl and other topics.
When away from his keyboard, Chip plays with (live) parrots and trains in Krav
Maga. Chip's journal is at https://pobox.com/~chip/journal/.
|
Friday, December 8, 2006
|
Tutorials
|
F1
|
NETWORK SECURITY MONITORING WITH OPEN SOURCE TOOLS
|
Richard Bejtlich, TaoSecurity
9:00 a.m.5:00 p.m.
Who should attend: Anyone who wants to know what is happening on their network.
I assume command-line knowledge of UNIX and familiarity with TCP/IP. Anyone
with duties involving intrusion detection, security analysis, incident response,
or network forensics will profit from this course.
This course will show there is more to network security monitoring (NSM) than Snort and Ethereal. In fact, we won't talk about either, unless it's to mention something you might not have seen before! NSM involves collecting the statistical, session, full content, and alert data you need to discover normal, malicious, and suspicious network events. You will leave this course immediately able to implement numerous new techniques and tools. Past participants have discovered intrusions during the class, using concepts learned in a few hours. The instructor bases his teaching on his books, professional consulting experience, and latest security research.
From the start of the course to the first break I will present NSM theory and the problems with performing intrusion detection with Web-based alert browsers such as BASE and ACID. From the first break until lunch I will describe Sguil, a free, open source NSM suite that compensates for the deficiencies of Web-based alert browsers. After lunch I will discuss a reference intrusion model which provides context for the sorts of intrusions one detects with NSM principles and will cover deployment considerations for network sensors, a topic ignored by most books and briefings. I will then turn to the tools and techniques of collecting full content data. After the final break I plan to describes the tools and techniques of collecting and analyzing sessions and statistical data.
Students with VMware Player installed will be able to follow along with the
technique and tool demonstrations, using a NSM VMware image provided by the
instructor.
Topics include:
- NSM theory
- Building and deploying NSM sensors
- Accessing wired and wireless traffic
- Full content tools: Tcpdump, Ethereal/Tethereal, Snort as packet logger
- Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude
- Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP
- Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records
- Sguil (sguil.sf.net)
- Case studies, personal war stories, and attendee participation
Want to learn more from Richard Bejtlich? Check out his extra 2-day class after LISA, December 910, 2006. See the PDF flyer for details.
Richard Bejtlich (S2, M2, F1) is founder of TaoSecurity LLC(https://www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He has created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001, Richard defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, he holds degrees from Harvard University and the United States Air Force Academy. Richard wrote the Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and Sys Admin Magazine. Richard holds the CISSP, CIFI, and CCNA certifications. His popular Web log resides at https://taosecurity.blogspot.com.
F2
|
WI-FI, WIMAX, RFID, UWB, ZIGBEE, BLUETOOTH, ET AL. FOR DUMMIES . . . AND YOU
|
Don Bailey, Computer Security Engineer
9:00 a.m.5:00 p.m.
Who should attend: IT professionals involved or interested in anything wireless, particularly those interested in catching up on recently developed wireless technologies and their applicability to their work and leisure. Participants should already be familiar with basic computer/network technology, the Internet, and personal electronic devices such as PDAs and cell phones, but expertise is not required. This tutorial will assist and inform and enlighten many, including individuals with wireless networks at home and work, individuals who have deployed wireless networks or are planning to, and professionals too busy to learn the ins and outs of every new wireless revolution on their own.
Three years ago, the tech industry said Bluetooth was dead, but those Blueteeth are everywhere now! Yet another wireless revolution. Did you miss it? What about RFID? WiMAX? Zigbee? Ultra-Wideband? UMA? Yikes. Which wireless goes where?
This entertaining course is a one-stop wireless workshop, introducing you to a broad range of wireless technology for home and work use. From Wi-Fi's varied forms to the crazy A/V and PAN technologies that will ride on UWB, you learn about it all. Best of all, the ins and outs of each technology are covered: how they are supposed to work, how they actually work, and how they sometimes don't work. Particular attention is given to pushing high-rate data over various wireless technologies, including cellular and satellite.
Topics include:
- The 802.11 family and where it stands today
- Bluetooth device attractions and security distractions, and the future of Bluetooth
- RFID basics and how to lock yourself out of your apartment
- Ultra-Wideband and how it will put A/V pros out of business
- What Zigbee is and why it has a silly name
- Cellular data advances such as EVDO, GPRS/EDGE/HSPDA . . . 30 Mbps?
- Satellite offerings and how bandwidth might get worse
Don Bailey (F2) is a D.C.-area computer security engineer with nearly seven years of professional experience in the computer security industry. He holds a B.S. in computer science from James Madison University. He has performed numerous vulnerability assessments and penetration tests, as well as exploit and virus evaluation, and has developed new secure laboratory technologies and architectures to support computer network attack–related experimentation and training. In recent years, Mr. Bailey has tested and evaluated a wide range of commercial and consumer wireless technology. His war-driving setup and wireless adventures have been covered by NBC, NPR, the Washington Times, and the Baltimore Sun. Commonly referred to as "Beetle," Mr. Bailey has presented on the topic of wireless security at a variety of security/hacker conferences, including Black Hat, DefCon, ToorCon, LayerOne, and DallasCon.
|
Friday Morning Half-Day Tutorials
|
|
F3
|
DISASTER PLANNING (AND RECOVERY): HOW TO KEEP YOUR COMPANY (AND YOUR JOB) Alive
|
Evan Marcus, Aardvark Technologies, Ltd
9:00 a.m.12:30 p.m.
Who should attend: System administrators and managers who want to know what they need to think about, what they need to plan for (and what they can safely avoid considering), and how to carry out the plan if (God forbid!) disaster ever strikes. Disaster planning is like insurance: nobody wants to talk about it and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you had done personal disaster planning. We will explore the key aspects of developing a disaster recovery plan, including identifying the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing costs and benefits. We will also take a close look at one organization that completely recovered very quickly after 9/11.
Topics include:
- What a DR plan should contain, with real-world examples
- The costs of developing a plan
- Why do you need a plan?
- Legal and civil liabilities of not having a plan
- Four methods for testing your plan
- Downtime and data loss: two sides of the same coin
- DR as a subset of high availability
- Methods and technologies for protecting data through a disaster
- How a disaster may affect the people responsible for recovery
- Building and staff a DR team
- The role of senior management in DR
- Convincing management that a DR plan is necessary
- Case study of a company that survived 9/11
Evan Marcus (R6, F3) founded Aardvark Technologies in 1994 as a systems consulting company. Evan and Aardvark have produced many books, papers (white and other colors), and tutorials. Along the way, Evan acquired more than 15 years of experience in UNIX systems, through (among other things) 8 years at VERITAS Software as a systems engineer, speaker, and author. He also spent 5 years at Sun Microsystems, and 2 years at Fusion Systems, where he worked to bring the first high availability clustering software applications for SunOS and Solaris to market. He also spent 2 years as a system administrator on the equities trading floor of a multinational trading institution. He is the lead author of Blueprints for High Availability from John Wiley & Sons and co-author and co-editor of The Resilient Enterprise from VERITAS Publications. He is a well-regarded and popular speaker on the design of highly available and disaster-resilient systems, and on fixed-content storage archives.
F4
|
WIDE AREA STORAGE NETWORKING: SERVER CONSOLIDATION AND DATA PROTECTION OVER THE WAN
|
Michael Cucchi, Cambridge Computer
9:00 a.m.12:30 p.m.
Who should attend: System administrators, IT managers, and enterprise architects who are concerned with disaster recovery, data protection, server consolidation, and resource sharing over a WAN. This tutorial is a survey of the types of solutions on the market today, with examples of when to choose one approach over another.
Storage networking over the WAN? Impossible, right? Bandwidth is too expensive. WAN latency kills the applications. SAN replication and remote backup are too expensive.
That was yesterday. This is today. New technologies have emerged to address all of these challenges, and the results are much better than you might think. This tutorial is a survey of the various technologies available for moving and accessing storage over the WAN. It is divided into three sections. The first section focuses on backup and restore over the WAN and describes solutions for sending backups off-site over the WAN and for managing backups of branch offices. The second section focuses on the various technologies for replicating live data between sites. The third section focuses on accessing live storage over the WAN, covering technologies such as Wide Area File Services (WAFS) and WAN accelerators.
Topics include:
- Remote site backup techniques
- Continuous Data Protection (CDP)
- Storage encryption
- Capacity optimized storage devices and WAN accelerators
- Host-based vs. SAN-based vs. fabric-based replication
- Filesystem vs. volume-level vs. application-level replication
- Application fail-over
- The impact of latency on storage-intensive applications
- Compensating for WAN latencies
- WAN accelerators
- Wide Area File Services (WAFS)
- Email server consolidation
Michael Cucchi (F4) has over 13 years of IT experience. He spent seven of those years as a lead Linux/UNIX/Windows senior system admin and lead system
administrator for a major data center for the Federal Department of
Transportation. Michael did a two-year stint as a solution engineer for
Ammasso, where he helped launch the first RDMA Ethernet NIC. Mike is
currently a consultant for Cambridge Computer, a national integrator of
data protection and storage networking technologies.
F5
|
PERL PROGRAM REPAIR SHOP AND RED FLAGS
|
Chip Salzenberg, Cloudmark
9:00 a.m.12:30 p.m.
Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months'
experience programming in Perl.
You've probably been working too hard when you program, writing twenty lines of code when you only needed ten. But there is a better way, and I will show it to you. You'll learn how to improve your own code and the code of others, making it cleaner, more readable, more reusable, and more efficient, while at the same time making it 3050% smaller. Smaller code contains fewer bugs and takes less time to maintain. We will examine several real code examples in detail and see how to improve them. We'll focus on red flagswarning signs in your code that are plainly visible once you know what to look forand on techniques that require little complex thought or ingenuity. All the bad code in this class is guaranteed 100% genuine and typical.
Class
content varies depending on submissions, but is sure to include some
of the topics listed below.
Topics may include:
- Families of variables
- Making relationships explicit
- Refactoring
- Programming by convention
- The Flesh Blanket
- Conciseness
- Why you should avoid the "." operator
- Elimination of global variables
- Superstition
- The "use strict" zombies
- Repressed subconscious urges
- The cardinal rule of computer programming
- The psychology of repeated code
- Techniques for eliminating repeated code
- What can go wrong with "if" and "else"
- The Condition That Ate Michigan
- Resisting "Holy Doctrine"
- Trying it both ways
- Structural vs. functional code
- Elimination of structure
- Boolean values
- Programs that take two steps forward and one step back
- Programs that are 10% backslashes
- 'print print print print print '
- C-style "for" loops
- Loop counter variables
- Array length variables
- Unnecessary shell calls
- How (and why) to let "undef" be the special value
- Confusion of internal and external representations of data
- Tool use
- Elimination of repeated code with higher-order functions
- Learning to use a hammer
- The "swswsw" problem
- Avoiding special cases
- Using uniform data representations
Chip Salzenberg (R5, R8, F5) is Principal Engineer at Cloudmark, where he fights spam with flair and aplomb. Chip is also chief coder ("pumpking") of the Parrot virtual machine (https://parrotcode.org,) with which Chip plans to bring all dynamic
languages together and, in the darkness, dynamically bind them.
Chip is a well-known figure in the Perl and free and open source communities, having worked on free and open source software for over 20 years, Perl for 18 years, and Linux for 13 years. Chip was pumpking for Perl release 5.4. He created the automated Linux install-and-test system for VA Linux Systems and was VA's Kernel Coordinator. Chip is a perennial presenter at the O'Reilly Open Source Conference and YAPC (Yet Another Perl Conference), teaches Perl and C++ commercially, and has been published by O'Reilly and Prentice Hall on Perl and other topics.
When away from his keyboard, Chip plays with (live) parrots and trains in Krav
Maga. Chip's journal is at https://pobox.com/~chip/journal/.
|
|
There are no Friday afternoon half-day tutorials.
|
|
|