Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File Monday, November 8, 1999     Full-Day Tutorials M1 Windows NT Security: Advanced Topics Phil Cox, Networking Technology Solutions M2 Hot Topics in Modern System Administration--1 Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder M3 System and Network Performance Tuning Marc Staveley, Sun Microsystems M4 Real World Applications of Cryptography - NEW Greg Rose, QUALCOMM Australia M5 Intrusion Detection and Network Forensics - NEW Marcus J. Ranum, Network Flight Recorder, Inc. M6 Configuring Cisco Routers on an IP Network William LeFebvre, Group sys Consulting M7 Practical Web Site Maintenance with Perl--A Cookbook Approach - NEW Mark-Jason Dominus, Consultant Half-Day Tutorials - Morning M8am Sendmail and Security - NEW Eric Allman, Sendmail, Inc. M9am Administering Linux in Production Environments - NEW Aeleen Frisch, Exponential Consulting M10am Professional Conduct and Computer Ethics Lee Damon, QUALCOMM, Inc. Half-Day Tutorials - Afternoon M11pm DHCP/DNS - NEW Greg Kulosa, GNAC, Inc. M12pm Performance Monitoring and Tuning Under Windows NT Aeleen Frisch, Exponential Consulting M13pm Management 101--The Soft Science of Systems Administration - NEW Geoff Halprin, The SysAdmin Group M1 Windows NT Security: Advanced Topics Phil Cox, Networking Technology Solutions Who should attend: Programmers; network and system administrators; individuals who need a better understanding of the "whys" for securing Windows NT; and anyone interested in Windows NT network protocols, details on what registry settings actually do, and other advanced topics. An intermediate knowledge of Windows NT security is assumed. Many security-related issues for Windows NT require an in-depth understanding of Windows NT security exposures and potential control measures. This course is designed for system and network administrators and system programmers who are already technically proficient with Windows NT security and want to learn more about advanced features. Experience in securing Windows NT and in dealing with network security is a prerequisite for this course. Topics include: Details of Windows NT related to security and their security implications The internal functionality of Windows NT Windows networking: SMB and NetBIOS Tradeoffs in designing and implementing suitable work-arounds to the flaws Practical exercise in defending NT with a firewall Dealing with Windows NT authentication Passthrough authentication Derivation and protection of password hashes Securing the Windows registry Advanced techniques Tradeoffs and pitfalls in each registry change The Security Configuration Manager Default configurations Defining specialized templates Phil Cox (M1, T1) is a consultant for SystemExperts Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the USENIX Association Magazine, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina. M2 Hot Topics in Modern System Administration--1 Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems. Topics include: wreq: Managing user requests and trouble tickets is an everyday task. We'll discuss the freely available Web-based tool wreq, together with procedures that you can use to make your SA group serve the needs of its internal customers. LPRng: Tired of those nasty printing problems? This next-generation print spooler can ease many cross-platform printing hassles, as well as reduce time spent maintaining the printing system at your site. Optimizing Web server performance: Learn tricks of the trade to make your hot UNIX Web server even hotter. We'll cover measuring UNIX Web server performance and how to tune your server for optimum throughput and response. What's hot on the UNIX security battlefront: It's been a long year in UNIX security, and now's a great time to brush up on happenings in this area. We'll talk about the most important holes you need to address and suggest approaches to general UNIX security. Modern UNIX filesharing: NFS has a bunch of new features, but do you know what they do or how to use them? Learn how to maximize the benefits of NFS 3.0 at your site. A new world, split by OS: Are you suffering from UNIX in the machine room with PCs on the desktop? This syndrome is affecting system administrators everywhere, but there are some cures. We'll talk about strategies to handle this situation and tools to make it seamless. Ned McClain (M2, T2) is a lead engineer at XOR Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell. Evi Nemeth (M2, T2), a faculty member in computer sci ence at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook. M3 System and Network Performance Tuning Marc Staveley, Sun Microsystems Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of the UNIX system facilities and network environments is assumed. We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single-system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single-host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis periods for particular situations will be provided. Topics include: Performance tuning strategies Practical goals Monitoring intervals Useful statistics Tools, tools, tools Server tuning Filesystem and disk tuning Memory consumption and swap space System resource monitoring NFS performance tuning NFS server constraints NFS client improvements NFS over WANs Automounter and other tricks Network performance, design, and capacity planning Locating bottlenecks Demand management Media choices and protocols Network topologies: bridges, switches, routers Throughput and latency considerations Modeling resource usage Application tuning System resource usage Memory allocation Code profiling Job scheduling and queueing Real-time issues Managing response time Marc Staveley (M3) recently took a position with Sun Microsystems Enterprise Services, where he is applying his 16 years of experience with UNIX development and administration in helping to create new service programs. Previously Marc was an independent consultant and has held positions at NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, systems administration, and performance tuning. M4 Real World Applications of Cryptography NEW Greg Rose, QUALCOMM Australia Who should attend: System, network, and security administrators, people who communicate remotely a lot and require security, developers of applications that require authentication or privacy, managers needing to understand better what is (and is not) possible. Cryptography continues to grow in importance, and cryptographic algorithms are well understood. Actually using cryptography, however, either embedded in day-to-day applications or by developing new "crypto-enabled" applications, is hard. This tutorial aims to provide an understanding of the capabilities of cryptographic techniques, some common pitfalls in their use, and some techniques for successfully using cryptography in applications. Examining some very useful tools which embed cryptography supplies both directly applicable knowledge and good examples. Topics include: Historical perspective Brief introduction to cryptographic primitives Random numbers Hash functions and message authentication codes Block and stream ciphers (symmetric ciphers) Public key encryption and digital signatures Useful tools PGP old and new (versions 2.6* and 5.0+) SSH (Secure Shell), for when you are on the road IPsec and Virtual Private Networks Tripwire, to help detect break-ins CFS, the Cryptographic File System for UNIX Cryptographic toolkits SSLeay, OpenSSL (public SSL implementation library) Cryptlib (public general-purpose encryption library) Export regulations How to comply to avoid nasty things Various recovery strategies No politics! After completing this tutorial, participants will know many tricks for using cryptography successfully in their work or applications. Greg Rose (M4) graduated from the University of New South Wales with a B.Sc. (honours) in computer science, and he was awarded the University Medal in 1977. A member of the Board of Directors of the USENIX Association, he served as program chair of the 1996 USENIX Security Symposium. His work at QUALCOMM focuses on cryptographic security and authentication for wireless communications, particularly mobile phones. He has written a number of public tools using cryptography, and he holds generic cryptographic export licenses for two countries. M5 Intrusion Detection and Network Forensics NEW Marcus J. Ranum, Network Flight Recorder, Inc. Who should attend: Network and system managers, security managers, and auditors. This tutorial will assume some knowledge of TCP/IP networking and client/server computing. What can intrusion detection do for you? Intrusion detection systems are designed to alert network managers to the presence of unusual or possibly hostile events within the network. Once you've found traces of a hacker, what should you do? What kinds of tools can you deploy to determine what happened, how they got in, and how to keep them out? This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered. Topics include: What is IDS? Principles Prior art Can IDS help? What IDS can and can't do for you IDS and the WWW IDS and firewalls IDS and VPNs Types and trends in IDS design Anomaly detection Misuse detection Traps Future avenues of research Concepts for building your IDS What you need to know first Performance issues Tools for building your IDS Sniffers and suckers Host logging tools Log recorders Reporting and recording Managing alerts What to throw away What to keep Network Forensics So you've been hacked Forensic tools Brief overview of evidence handling Who can help you Resources and references Marcus J. Ranum (M5) is CEO and founder of Network Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker on computer security topics. M6 Configuring Cisco Routers on an IP Network William LeFebvre, Group sys Consulting Who should attend: System administrators who are, or who anticipate being, responsible for router configuration and maintenance for their Internet or intranet site. Attendees are expected to have a solid knowledge of general networking concepts, data encapsulation, the ISO seven-layer model, the Internet Protocol, IP addressing, and subnetting. Knowledge of routing protocols, especially distance vector versus link state, is also recommended. The class is not intended to teach networking concepts, but to apply those concepts to the configuration of a router. Routers are the glue that holds the Internet together by providing direct connectivity between adjacent networks. Cisco routers dominate the router marketplace. They are an extremely popular choice among sites with high networking demands. But configuring and maintaining Cisco routers is unlike anything else in the industry. The command-oriented interface is unique and difficult to master. This session introduces the attendees to the essentials of Cisco router configuration. Those who complete the class will feel comfortable at a router's console and will be able to interpret the output from the more common router commands. They will understand the various modes of the Internetwork Operating System (IOS), and how to read and alter a basic configuration. Topics include: Router modes (user, privileged, configuration) Configuration file syntax Command line editing On-line help Configuration statements essential to IP Configuring routing protocols: RIP, IGRP, EIGRP, OSPF Serial lines: frame relay (if time permits) The class size will not permit hands-on work, but live demonstrations will be provided throughout the lecture. William LeFebvre (S9am, S12pm, M6) has been using UNIX and Internet technologies since 1983. He has written many articles on UNIX, networking, and systems administration issues. Currently he writes the monthly "Daemons & Dragons" column for UNIX Review. William is the editor of the SAGE series "Short Topics in System Administration." He has taught tutorials since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates, and he is a certified Cisco Systems Instructor. William is the primary programmer for the popular UNIX utility top and has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He can be reached at wnl@groupsys.com or via https://www.groupsys.com/. M7 Practical Web Site Maintenance with Perl--A Cookbook Approach NEW Mark-Jason Dominus, Consultant Who should attend: Programmers moderately experienced in Perl and CGI/HTML who would like to automate their Web site so that they can get more done with less work. This is not a class for non-programmers--we will be doing a lot of Perl code-reading. With the proliferation of Web sites, the problem of maintenance has become almost unmanageable. Every Web site needs a person to update databases, send and answer mail, and handle membership sign-ups and account expiration, password protection, and a host of other tasks. Or do they? This tutorial will show, with numerous real-life examples, how a Web site can be largely automated, leaving the site maintainer free to handle only the exceptional cases. Topics include: Dynamically creating and expiring user accounts Checking for password sharing Sending out membership newsletters Responding to "remove" requests Automatic site updates (images and text) Automatic newsgroup posting (e.g., monthly FAQ posting) Daily/weekly/monthly reporting Referral tracking/reporting Link exchanges (and checking for dead links) Database synchronization, searching, and updating We'll use Web-based modules from CPAN and explain their interfaces. We will also pay special attention to file locking, synchronization, error checking, reporting, and recovery, and to the special needs of the asynchronous environment the Web provides. For each example, we will present a problem, discuss the conceptual overview, and delve into the code to solve it. Using these examples, attendees will easily be able to implement solutions on their own sites. In all cases, issues of scalability will be discussed. The instructor's wide range of experience will give the students the perspective they need to plan for their needs. Mark-Jason Dominus (M7, T8am) has been involved in computer security since 1988 and has been developing interactive Web applications since 1994. He was a system administrator and the first Webmaster at the University of Pennsylvania's Department of Computer and Information Sciences, and then became a founding staff member of Pathfinder, Time-Warner's Internet Web service, where he was the leader of the system administration and network security group. He is now an independent consultant working in the area of dynamic application development and systems and security analysis. He writes a regular column for The Perl Journal. M8am Sendmail and Security NEW Eric Allman, Sendmail, Inc. Who should attend: System and network administrators responsible for sendmail security, particularly on firewalls and other similar systems. Sendmail is a powerful Mail Transport Agent that can be configured for many different environments, from firewalls through workstation mail servers. These environments have different security requirements; in particular, in a pure relay configuration (with no local user accounts or delivery) sendmail can be configured to relinquish root permissions. This is a fast-paced tutorial intended for system and network administrators who are already familiar with configuring and administering sendmail. You will learn essential principles of sendmail security, including how to configure sendmail on systems that have special security requirements, such as firewalls; configuring sendmail to run as anon-root user; and running sendmail in a "chroot"ed jail, as well as how and when to relax sendmail's file security checks. Eric Allman (S6, M8am) is the original author of send mail. He was the chief programmer on the INGRES database management project and an early contributor to the UNIX effort at Berkeley, authoring syslog, tset, the -me troff macros, and trek. He designed database user and application interfaces at Britton Lee (later Sharebase) and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. He is a former member of the USENIX Board of Directors. M9am Administering Linux in Production Environments NEW Aeleen Frisch, Exponential Consulting Who should attend: This course is designed for both current and prospective Linux system administrators. It will cover configuring and managing Linux computer systems in production environments, with a focus on the administrative issues involved in deploying Linux systems for real-world tasks and problems arising from both commercial and R&D contexts. Topics include: Why Linux? How to justify a free operating system in a production environment (including addressing common management questions: "Why don't we just buy Suns?" "Why not use Windows NT instead?") High-performance I/O: advanced file systems (coda, logical volumes), disk striping, optimizing I/O performance Advanced server environments: Beowulf, clustering, parallelization environments and facilities, CPU performance optimization High-availability Linux: fault-tolerant options, UPS configuration Aeleen Frisch (S1, M9am, M12pm) has been a system administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration. M10am Professional Conduct and Computer Ethics Lee Damon, QUALCOMM, Inc. Who should attend: Anyone who is a system administrator or has access to confidential information, and anyone who manages system administrators or makes policy decisions about computer systems and their users. This introductory class will start by examining some of the ethical responsibilities that come along with access to other users' data, accounts, and confidential information, with several case studies. All attendees will be encouraged to participate in the discussion. We will look at numerous viewpoints in order to give students a perspective from which to develop their own reasoned response to ethical challenges. We will use the SAGE Ethics statement as a model. Topics include: Implicit expectations of ethical behavior: For example, a sysadmin reads another person's email to see how that person feels about someone or something. Coercion to violate ethics: Your manager, wanting to "get the dirt" on another manager, asks you to look in her email and files for anything "wrong." Well-intentioned violations of privacy: An ISP front-line support person is asked by his manager to examine customer homedirs for kiddy porn. Collection, retention, and protection of personal data: Your site collects names, addresses, email information, age, and other information on-line. What should you do or not do with that data? Your friend and fellow employee has been terminated "for cause" and their account disabled. Your manager wants you to look through their files. Should you protect their privacy? If so, how? You are asked to deploy some very expensive software. Your company buys a one-seat license and tells you to duplicate it on all 1,000 hosts on your network. The answers to these and other problems are often far more complicated than one would initially guess. After completing this tutorial, you will be better able to resolve questionable situations and will have the means to support your decisions. Lee Damon (M10am) holds a B.S. in speech communi cation from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of ethics in the systems administration community, including writing it into policy documents. M11pm DHCP/DNS NEW Greg Kulosa, GNAC, Inc. Who should attend: Anyone with two or more networked clients (Macintosh, UNIX, or Windows) who wants to automatically distribute network information to those clients. Attendees should have a basic knowledge of TCP/IP and typical network set-ups and should understand the procedures for installing and working with their operating systems. DHCP can be used to distribute IP address, router, DNS, WINS, and other information to network clients, to eliminate manual configuration of each machine. DNS, the Domain Name Service, is the system by which Internet TCP/IP hosts look up host addresses and network services. We will discuss these protocols and how they fit into a typical network. We will cover both UNIX and Windows NT servers but will focus on Windows clients, since UNIX and Macintosh clients are similar. Topics include: DHCP & DNS protocols in depth Which server platform should I use (UNIX, NT)? Which DHCP/DNS server should I run, freeware or a commercial solution? How do I integrate DHCP info into DNS, and do I really need to? How do I debug problems? Useful reference materials Please note: This is not a tutorial on integrating DHCP & DNS; it simply covers both topics in the same tutorial. Greg Kulosa (M11pm, T11pm) has been a UNIX system administrator for over eight years. He is currently a senior consultant, solving a myriad of host and networking problems for a variety of clients. In his spare time, he trains and grooms his American Quarter Horse, Jane, and goes on regular trail rides in the hills around San Francisco Bay. M12pm Performance Monitoring and Tuning Under Windows NT Aeleen Frisch, Exponential Consulting Who should attend: Students attending this class should be familiar with elementary Windows NT systems administration concepts and tasks, including basic server configuration and maintenance, configuring TCP/IP networking under Windows NT, and administering Windows NT services. Experience tuning UNIX or other systems is helpful but not required. This course, designed for NT system administrators, will provide in-depth advice on monitoring and improving Windows NT system and network performance. It will include a variety of real-world scenarios and examples. We will use the standard Windows NT Performance Monitor utility to track system performance. Topics include: Performance factors and considerations Monitoring system operation and evaluating system efficiency Locating performance bottlenecks CPU performance Memory usage and its performance implications I/O performance issues Network performance issues System tuning strategies and hints Capacity planning Aeleen Frisch (S1, M9am, M12pm) has been a system administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration. M13pm Management 101--The Soft Science of Systems Administration NEW Geoff Halprin, The SysAdmin Group Who should attend: System administrators who have been given nontechnical responsibilities and need to learn techniques that may help them in performing these duties. As system administrators mature in their knowledge and responsibilities, they come to rely on a number of "soft skills" to help them in their jobs. Topics include: Management of: Projects Vendor relationships People Time Risks Finances Written and oral communication skills This tutorial provides an overview of these diverse areas and provides tools that assist in communicating effectively with peers, managers, and other important constituents and users of sysadmin services. Geoff Halprin (M13pm, T3) is the principal consultant at The SysAdmin Group. He has been a system administrator for the past 15 years and a consulting system administrator for over 10. Geoff specializes in data security and systems management disciplines and in the evaluation and improvement of systems management practices. He has acted as consultant to a wide variety of organizations, including government, large corporations, and several major ISPs. Geoff is also the vice-president of the System Administrators Guild of Australia (SAGE-AU) and is a member of the SAGE Executive Committee.