Tutorials:
Overview | By Day (Sunday,
Monday, Tuesday) |
By Instructor | All in One File
M1 Windows NT Security: Advanced Topics Who should attend: Programmers; network and system administrators; individuals who need a better understanding of the "whys" for securing Windows NT; and anyone interested in Windows NT network protocols, details on what registry settings actually do, and other advanced topics. An intermediate knowledge of Windows NT security is assumed. Many security-related issues for Windows NT require an in-depth understanding of Windows NT security exposures and potential control measures. This course is designed for system and network administrators and system programmers who are already technically proficient with Windows NT security and want to learn more about advanced features. Experience in securing Windows NT and in dealing with network security is a prerequisite for this course. Topics include:
Phil Cox (M1, T1) is a consultant for SystemExperts
Corporation. Phil frequently writes and lectures on issues bridging the gap
between UNIX and Windows NT. He is a featured columnist in ;login;, the
USENIX Association Magazine, and has served on numerous USENIX program
committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.
Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems. Topics include:
Ned McClain (M2, T2) is a lead engineer at XOR
Network Engineering. He is currently helping with the 3rd edition of the UNIX
System Administration Handbook (by Nemeth, Snyder, and Hein). He has a
degree in computer science from Cornell University and has done research with
both the CS and Engineering Physics departments at Cornell.
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of the UNIX system facilities and network environments is assumed. We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single-system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single-host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis periods for particular situations will be provided. Topics include:
Marc Staveley (M3) recently took a position with Sun
Microsystems Enterprise Services, where he is applying his 16 years of
experience with UNIX development and administration in helping to create new
service programs. Previously Marc was an independent consultant and has held
positions at NCR, Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development, multi-threaded
programming, systems administration, and performance tuning.
Who should attend: System, network, and security administrators, people who communicate remotely a lot and require security, developers of applications that require authentication or privacy, managers needing to understand better what is (and is not) possible. Cryptography continues to grow in importance, and cryptographic algorithms are well understood. Actually using cryptography, however, either embedded in day-to-day applications or by developing new "crypto-enabled" applications, is hard. This tutorial aims to provide an understanding of the capabilities of cryptographic techniques, some common pitfalls in their use, and some techniques for successfully using cryptography in applications. Examining some very useful tools which embed cryptography supplies both directly applicable knowledge and good examples. Topics include:
After completing this tutorial, participants will know many tricks for using cryptography successfully in their work or applications.
Greg Rose (M4) graduated from the University of New
South Wales with a B.Sc. (honours) in computer science, and he was awarded the
University Medal in 1977. A member of the Board of Directors of the USENIX
Association, he served as program chair of the 1996 USENIX Security Symposium.
His work at QUALCOMM focuses on cryptographic security and authentication for
wireless communications, particularly mobile phones. He has written a number of
public tools using cryptography, and he holds generic cryptographic export
licenses for two countries.
Who should attend: Network and system managers, security managers, and auditors. This tutorial will assume some knowledge of TCP/IP networking and client/server computing. What can intrusion detection do for you? Intrusion detection systems are designed to alert network managers to the presence of unusual or possibly hostile events within the network. Once you've found traces of a hacker, what should you do? What kinds of tools can you deploy to determine what happened, how they got in, and how to keep them out? This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered. Topics include:
Marcus J. Ranum (M5) is CEO and founder of Network
Flight Recorder, Inc. He is the principal author of several major Internet
firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS
Internet Firewall Toolkit. Marcus has been managing UNIX systems and network
security for over 13 years, including configuring and managing whitehouse.gov.
Marcus is a frequent lecturer and conference speaker on computer security
topics.
Who should attend: System administrators who are, or who anticipate being, responsible for router configuration and maintenance for their Internet or intranet site. Attendees are expected to have a solid knowledge of general networking concepts, data encapsulation, the ISO seven-layer model, the Internet Protocol, IP addressing, and subnetting. Knowledge of routing protocols, especially distance vector versus link state, is also recommended. The class is not intended to teach networking concepts, but to apply those concepts to the configuration of a router. Routers are the glue that holds the Internet together by providing direct connectivity between adjacent networks. Cisco routers dominate the router marketplace. They are an extremely popular choice among sites with high networking demands. But configuring and maintaining Cisco routers is unlike anything else in the industry. The command-oriented interface is unique and difficult to master. This session introduces the attendees to the essentials of Cisco router configuration. Those who complete the class will feel comfortable at a router's console and will be able to interpret the output from the more common router commands. They will understand the various modes of the Internetwork Operating System (IOS), and how to read and alter a basic configuration. Topics include:
The class size will not permit hands-on work, but live demonstrations will be provided throughout the lecture.
William LeFebvre (S9am, S12pm, M6) has been using
UNIX and Internet technologies since 1983. He has written many articles on UNIX,
networking, and systems administration issues. Currently he writes the monthly
"Daemons & Dragons" column for UNIX Review. William is the editor of
the SAGE series "Short Topics in System Administration." He has taught tutorials
since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS
Training Institute, IT Forum, and Great Circle Associates, and he is a certified
Cisco Systems Instructor. William is the primary programmer for the popular UNIX
utility top and has contributed to several widely used UNIX packages, including
Wietse Venema's logdaemon package. He can be reached at wnl@groupsys.com or via
https://www.groupsys.com/.
Who should attend: Programmers moderately experienced in Perl and CGI/HTML who would like to automate their Web site so that they can get more done with less work. This is not a class for non-programmers--we will be doing a lot of Perl code-reading. With the proliferation of Web sites, the problem of maintenance has become almost unmanageable. Every Web site needs a person to update databases, send and answer mail, and handle membership sign-ups and account expiration, password protection, and a host of other tasks. Or do they? This tutorial will show, with numerous real-life examples, how a Web site can be largely automated, leaving the site maintainer free to handle only the exceptional cases. Topics include:
We'll use Web-based modules from CPAN and explain their interfaces. We will also pay special attention to file locking, synchronization, error checking, reporting, and recovery, and to the special needs of the asynchronous environment the Web provides. For each example, we will present a problem, discuss the conceptual overview, and delve into the code to solve it. Using these examples, attendees will easily be able to implement solutions on their own sites. In all cases, issues of scalability will be discussed. The instructor's wide range of experience will give the students the perspective they need to plan for their needs.
Mark-Jason Dominus (M7, T8am) has been involved in
computer security since 1988 and has been developing interactive Web
applications since 1994. He was a system administrator and the first Webmaster
at the University of Pennsylvania's Department of Computer and Information
Sciences, and then became a founding staff member of Pathfinder, Time-Warner's
Internet Web service, where he was the leader of the system administration and
network security group. He is now an independent consultant working in the area
of dynamic application development and systems and security analysis. He writes
a regular column for The Perl Journal.
Who should attend: System and network administrators responsible for sendmail security, particularly on firewalls and other similar systems. Sendmail is a powerful Mail Transport Agent that can be configured for many different environments, from firewalls through workstation mail servers. These environments have different security requirements; in particular, in a pure relay configuration (with no local user accounts or delivery) sendmail can be configured to relinquish root permissions. This is a fast-paced tutorial intended for system and network administrators who are already familiar with configuring and administering sendmail. You will learn essential principles of sendmail security, including how to configure sendmail on systems that have special security requirements, such as firewalls; configuring sendmail to run as anon-root user; and running sendmail in a "chroot"ed jail, as well as how and when to relax sendmail's file security checks.
Eric Allman (S6, M8am) is the original author of send
mail. He was the chief programmer on the INGRES database management project and
an early contributor to the UNIX effort at Berkeley, authoring
syslog, tset, the -me troff macros, and trek. He designed database user and
application interfaces at Britton Lee (later Sharebase) and contributed to the
Ring Array Processor project for neural-network-based speech recognition at the
International Computer Science Institute. He is a former member of the USENIX
Board of Directors.
Who should attend: This course is designed for both current and prospective Linux system administrators. It will cover configuring and managing Linux computer systems in production environments, with a focus on the administrative issues involved in deploying Linux systems for real-world tasks and problems arising from both commercial and R&D contexts. Topics include:
Aeleen Frisch (S1, M9am, M12pm) has been a system
administrator for over 15 years. She currently looks after a very heterogeneous
network of UNIX and Windows NT systems. She is the author of several books,
including Essential Windows NT System Administration.
Who should attend: Anyone who is a system administrator or has access to confidential information, and anyone who manages system administrators or makes policy decisions about computer systems and their users. This introductory class will start by examining some of the ethical responsibilities that come along with access to other users' data, accounts, and confidential information, with several case studies. All attendees will be encouraged to participate in the discussion. We will look at numerous viewpoints in order to give students a perspective from which to develop their own reasoned response to ethical challenges. We will use the SAGE Ethics statement as a model. Topics include:
The answers to these and other problems are often far more complicated than one would initially guess. After completing this tutorial, you will be better able to resolve questionable situations and will have the means to support your decisions.
Lee Damon (M10am) holds a B.S. in speech communi
cation from Oregon State University. He has been a UNIX system administrator
since 1985 and has been active in SAGE since its inception. He is a member of
the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics
document. He has championed awareness of ethics in the systems administration
community, including writing it into policy documents.
Who should attend: Anyone with two or more networked clients (Macintosh, UNIX, or Windows) who wants to automatically distribute network information to those clients. Attendees should have a basic knowledge of TCP/IP and typical network set-ups and should understand the procedures for installing and working with their operating systems. DHCP can be used to distribute IP address, router, DNS, WINS, and other information to network clients, to eliminate manual configuration of each machine. DNS, the Domain Name Service, is the system by which Internet TCP/IP hosts look up host addresses and network services. We will discuss these protocols and how they fit into a typical network. We will cover both UNIX and Windows NT servers but will focus on Windows clients, since UNIX and Macintosh clients are similar. Topics include:
Please note: This is not a tutorial on integrating DHCP & DNS; it simply covers both topics in the same tutorial.
Greg Kulosa (M11pm, T11pm) has been a UNIX system
administrator for over eight years. He is currently a senior consultant, solving
a myriad of host and networking problems for a variety of clients. In his spare
time, he trains and grooms his American Quarter Horse, Jane, and goes on regular
trail rides in the hills around San Francisco Bay.
Who should attend: Students attending this class should be familiar with elementary Windows NT systems administration concepts and tasks, including basic server configuration and maintenance, configuring TCP/IP networking under Windows NT, and administering Windows NT services. Experience tuning UNIX or other systems is helpful but not required. This course, designed for NT system administrators, will provide in-depth advice on monitoring and improving Windows NT system and network performance. It will include a variety of real-world scenarios and examples. We will use the standard Windows NT Performance Monitor utility to track system performance. Topics include:
Aeleen Frisch (S1, M9am, M12pm) has been a system
administrator for over 15 years. She currently looks after a very heterogeneous
network of UNIX and Windows NT systems. She is the author of several books,
including Essential Windows NT System Administration.
Who should attend: System administrators who have been given nontechnical responsibilities and need to learn techniques that may help them in performing these duties. As system administrators mature in their knowledge and responsibilities, they come to rely on a number of "soft skills" to help them in their jobs. Topics include:
This tutorial provides an overview of these diverse areas and provides tools that assist in communicating effectively with peers, managers, and other important constituents and users of sysadmin services.
Geoff Halprin (M13pm, T3) is the principal consultant
at The SysAdmin Group. He has been a system administrator for the past 15 years
and a consulting system administrator for over 10. Geoff specializes in data
security and systems management disciplines and in the evaluation and
improvement of systems management practices. He has acted as consultant to a
wide variety of organizations, including government, large corporations, and
several major ISPs. Geoff is also the vice-president of the System
Administrators Guild of Australia (SAGE-AU) and is a member of the SAGE
Executive Committee.
|
Need help? Use our Contacts page.
Last changed: 11 Aug. 1999 mc |
|