Check out the new USENIX Web site.
LISA '99: 13th Systems Administration Conference
Home  | At a Glance  | Register  | Tutorials  | Technical Sessions  | Workshops  | Exhibition  | Organizers  | Activities

Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Sunday, November 7, 1999    

S1 Administering Windows NT: A Course for UNIX People
Aeleen Frisch, Exponential Consulting

Who should attend: UNIX system administrators who are also responsible for Windows NT systems (or who may become responsible for them). Students attending this class should be comfortable with general system administration concepts (file systems, processes, user accounts, backups, and the like), as well as the major tools and procedures used to manage them on UNIX systems. A sense of humor will also be beneficial when initially approaching Windows NT.

The primary goal of this course is to help you apply what you already know about systems administration under UNIX to the tasks and challenges of the Windows NT environment, in an effort to make that transition as easy and painless as possible. The course will include a variety of real-world examples and will focus on practical techniques and strategies for NT systems administration. You can expect a very fast-paced, information-rich course. This class focuses on NT 4.0, but will discuss Win2000 as appropriate.

Topics include:

  • A walking tour of a Windows NT server
    • The NT worldview (WNT = ? VMS++)
    • The client-server system model and its implications
    • Filesystem layout and essential system files
    • Processes under NT
    • Don't forget that it's a PC
  • Tools to aid in NT systems administration
    • What NT supplies
    • Commercial products and freely available software
    • Making NT act like UNIX
  • Booting under Windows NT
    • Normal startup and shutdown
    • Troubleshooting hints and strategies
    • Multi-OS system configurations
  • Managing user accounts
    • Mechanisms and procedures
    • NT groups
    • Security and user accounts
  • Disks and file systems on Windows NT systems
    • The NTFS file system
    • Spanning disk partitions
    • Fault-tolerance capabilities
    • Networking under NT: connecting to UNIX and other systems
    • What NT provides
    • NT and UNIX networks
    • Connecting to Windows systems
    • Filling in what NT is missing
    • Printing on and from Windows NT systems
    • Local printing
    • Printers and networks
    • Going to and from UNIX systems
    • Overview of Windows NT security
    • NT's view of system and network security
    • Controlling access to system resources
    • System monitoring and security

Aeleen Frisch (S1, M9am, M12pm) has been a system frisch_aeleen administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.





S2 Linux Systems Administration
Bryan C. Andregg, Red Hat Software

Who should attend: This tutorial is directed at system administrators who are planning on implementing a Linux solution in a production environment. Course attendees should be familiar with the basics of systems administration in a UNIX®/Linux® environment: user-level commands, administration commands, and TCP/IP networking. The novice administrator and the guru should both leave the tutorial having learned something.

From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable in other platforms. Starting with a single server and ending with a multi-server 1000+ user environment, case studies will provide practical information for using Linux in the real world.

Topics include (with special emphasis on security):

  • Installation features
  • Disk partitioning and RAID
  • Networking
  • User accounts
  • Services
  • NFS and NIS
  • High availability environments
  • The workplace
  • Up and coming in the Linux world (CODA, LVM, etc.)

Upon completion of the course, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The tutorial will be conducted in an open manner that allows for questions at all times.

Bryan C. Andregg (S2) is the Director of MIS at Red andregg_bryan Hat Software, where he has held that position for almost two years. During that time he has overseen combining two nationally distinct offices and moving the entire organization twice and has finally been allowed to hire an assistant.




S3 Designing Resilient Distributed Systems--High Availability
Evan Marcus, Veritas Software

Who should attend: Beginning and intermediate UNIX system and network administrators, and UNIX developers concerned with building applications that can be deployed and managed in a highly resilient manner. A basic understanding of UNIX system programming, UNIX shell programming, and network environments is required.

This course will explore procedures and techniques for designing, building, and managing predictable, resilient UNIX-based systems in a distributed environment. Hardware redundancy, system redundancy, monitoring and verification techniques, network implications, and system and application programming issues will all be addressed. We will discuss the trade-offs among cost, reliability, and complexity.

Topics include:

  • What is high availability? Who needs it?
  • Defining uptime and cost; "big rules" of system design
  • Disk and data redundancy; RAID and SCSI arrays
  • Host redundancy in HA configurations
  • Network dependencies
  • Application system programming concerns
  • Anatomy of failovers: applications, systems, management tools
  • Planning disaster recovery sites and data updates
  • Security implications
  • Upgrade and patch strategies
  • Backup systems: off-site storage, redundancy, and disaster recovery issues
  • Managing the system: managers, processes, verification

Evan Marcus (S3) is a senior systems engineer and marcus_evan_l high availability specialist with VERITAS Software Corporation. Evan has more than 12 years of experience in UNIX systems administration. While employed at Fusion Systems and OpenVision Software, Evan worked to bring the first high availability software application for SunOS and Solaris to market. Evan is the author of several articles and talks on the design of high availability systems.



S4 Modern Security Systems for Intranets, Extranets, and the Internet NEW
Daniel E. Geer, Jr., CertCo, LLC, and Jon Rochlis, Consultant

In today's fast-moving Internet and client-server world, security is a critical component of most systems. But security systems are complex and confusing. Different systems provide overlapping functionality, and what's popular today may be gone tomorrow. This course describes many of today's most popular network security systems. We describe how the various security protocols work, what value they provide, and how difficult they are to implement. The goal: attendees should be well equipped to understand which protocols are applicable to their environments and systems, which to pursue in more detail, and which are likely to be just a flash in the pan.

Topics include:

  • Internet/intranet security--confidentiality, authentication, integrity, authorization
  • Fundamental technology--encryption, public key, private key, certification
  • Low-security systems--basic WWW/HTTP, cookies, classic remote login (telnet/rlogin/rsh), file transfer
  • Secure Socket Layer (SSL) for securing HTTP
  • Kerberos-based systems--intranet cross-application private key, including MS-DCE and Microsoft NT5
  • Secure Shell (SSH)--remote login and lots more
  • Email--PGP & S/Mime
  • VPNs--IPsec, remote access
  • Payment protocols--Digicash, SET (Visa/Mastercard), and more

Daniel E. Geer, Jr. (S4), Sc.D., is vice-president of geer_dan CertCo, LLC, market leader in digital certification. Dr. Geer has a long history in network security and distributed computing management as an entrepreneur, consultant, teacher, and architect. He holds a Bachelor of Science in electrical engineering and computer science from MIT, and a Doctor of Science in biostatistics from Harvard University. A frequent speaker, popular teacher, and member of several professional societies, he is active in USENIX, where he has participated in virtually every activity, including serving as technical program chair for the San Diego, California, 1993 Winter Technical Conference, as well as conference chair for both the First Symposium on Mobile and Location Independent Computing and the First USENIX Workshop on Electronic Commerce. He was elected to the Board of Directors in June 1994 and began an elected two-year term as vice-president in June 1996. He is the co-author of Wiley's Web Security Sourcebook (June 1997).

Jon Rochlis (S4) is a senior consultant for rochlis_jon_a SystemExperts Corp. He and his colleagues provide high-level advice to businesses large and small in the areas of network security, distributed systems design and management, high availability, and electronic commerce. Before joining SystemExperts, Mr. Rochlis was engineering manager with BBN Planet, a major national Internet service provider.



S5 Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You
Brad Johnson, SystemExperts Corporation

Who should attend: Network, system, and firewall administrators; security auditors and those who are audited; people involved with responding to intrusions or responsible for network-based applications or systems that might be targets for hackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and Tcl.

This course will be useful for anyone with any TCP/IP-based system--a UNIX, Windowsxx, Windows NT, or mainframe operating system, or a router, firewall, or gateway network host.

Whether network-based host intrusions come from the Internet, an extranet, or an intranet, they typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the tools and techniques hackers (determined intruders) use to perform these activities. You will learn what types of protocols and tools they use, and you will become familiar with a number of current methods and exploits. The course will show how you can generate vulnerability profiles of your own systems. Additionally, it will review some of the important management policies and issues related to these network-based probes.

The course will focus primarily on tools that exploit many of the common TCP/IP based protocols, such as WWW, SSL, DNS, ICMP, and SNMP, that underlie virtually all Internet applications, including Web technologies, network management, and remote file systems. Some topics will be addressed at a detailed technical level. This course will concentrate on examples drawn from public domain tools, because these tools are widely available and commonly used by hackers (and are free for you to use).

Topics include:

  • Profiles: what can an intruder determine about your site remotely?
  • Review of profiling methodologies: different "viewpoints" generate different types of profiling information
  • Techniques: scanning, on-line research, TCP/IP protocol "mis"uses, denial of service, hacking clubs
  • Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
  • Tools, including scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, and SSLeay/upget
  • Management issues: defining policies and requirements to minimize intrusion risk

Topics not covered:

  • Social engineering
  • Buffer overflow exploits
  • Browser (frame) exploits
  • Shell privilege escalation

Brad Johnson (S5) is a principal of SystemExperts johnson_bradC Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the field of secure distributed systems and has recently served as a technical advisor to both Dateline NBC and CNN on network security matters. He has participated in seminal industry initiatives, including the Open Software Foundation, X/Open, and the IETF, and has often published about open systems.


S6 Sendmail Configuration and Operation (Updated for Sendmail 8.10)
Eric Allman, Sendmail, Inc.

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This will be an intense, fast-paced, full-day tutorial for people who have already been exposed to sendmail. This tutorial describes the latest release of sendmail from Berkeley, version 8.10.

We begin by introducing a bit of the philosophy and history underlying sendmail.

Topics include:

  • The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
  • Configuring sendmail using the M4 macro package
  • Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command line flags, tuning, and security
  • How sendmail interacts with the Domain Name System

Eric Allman (S6, M8am) is the original author of send allman_eric mail. He was the chief programmer on the INGRES database management project and an early contributor to the UNIX effort at Berkeley, authoring syslog, tset, the -me troff macros, and trek. He designed database user and application interfaces at Britton Lee (later Sharebase) and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. He is a former member of the USENIX Board of Directors.


S7 Advanced Topics in Perl Programming NEW
Tom Christiansen, Consultant

Who should attend: Experienced Perl programmers interested in honing their existing Perl skills for quick prototyping, system utilities, software tools, system management tasks, database access, and WWW programming. Students should have used Perl for basic scripting for several months before taking this course.

Topics include:

  • Exceptions and eval
  • References
  • Complex data structures
  • Modules
  • Object-oriented programming
  • Networking
  • Database access
  • Advanced I/O techniques and file locking
  • Assorted tips and tricks

Upon completion of this course, students will be able to:

  • Develop standard- and OO-modules for code reuse
  • Understand complex and hierarchical data structures
  • Understand runtime eval and exception handling
  • Understand Perl's facilities for file locking
  • Use Perl for client-server programming
  • Use Perl for database access (new and existing)

Tom Christiansen (S7) has been involved with Perl christiansen_tom since day zero of its initial public release in 1987. Lead author of The Perl Cookbook, co-author of the second editions of Programming Perl and Learning Perl, and co-author of Learning Perl on Win32 Systems, Tom is also the managing editor of the www.perl.com Web site, major caretaker of Perl's online documentation, originator and co-maintainer of the Perl Frequently Asked Questions list, and president of The Perl Journal. Tom served two terms on the USENIX Board of Directors. He holds undergraduate degrees in computer science and Spanish and a master's in computer science from the University of Wisconsin at Madison. He now lives in Boulder, Colorado.


S8am Configuring and Administering SAMBA Servers NEW
Gerald Carter, Auburn University

Who should attend: This tutorial is intended for system and network administrators who wish to integrate SAMBA running on a UNIX-based machine with Microsoft Windows clients. No familarity with Windows networking concepts will be assumed.

SAMBA is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As SAMBA makes its way into more and more network shops all over the world, it is common to see "configuring SAMBA servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

  • Installing SAMBA from the ground up
  • Understanding the basic Microsoft networking protocols and concepts, such
    as NetBIOS, CIFS, and Windows NT domains
  • Configuring a UNIX box to provide remote access to local files and printers from Microsoft Windows clients
  • Utilizing tools to access files on Windows servers from a UNIX client
  • Configuring SAMBA as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
  • Using SAMBA as a domain controller
  • Configuring SAMBA to participate in network browsing
  • Automating the daily tasks of managing SAMBA

Gerald Carter (S8am) has been a member of the carter_gerald SAMBA Team since 1998. However, he has been maintaining SAMBA servers for the past four years. Currently employed as a network manager by the College of Engineering at Auburn University, Auburn, Alabama, Gerald daily maintains approximately 600 PCs running a melting pot of Microsoft operating systems and 30 Solaris 2.x servers running SAMBA. He recently acted as the lead author for Teach Yourself SAMBA in 24 Hours (Sams Publishing) and writes regularly for the Web-based magazine LinuxWorld on Linux and Windows NT integration.


S9am Introduction to Domain Name System Administration
William LeFebvre, Group sys Consulting

Who should attend: System or network administrators who have never been exposed to DNS, except as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

The Domain Name System (DNS) is the primary method the Internet uses to name and number machines. It is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. The DNS is critical to the operation of the Internet. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This course will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the class on "Intermediate Topics in Domain Name System Administration."

Topics include:

  • DNS and BIND
  • The DNS Name Hierarchy
  • The four components of the DNS protocol
  • Query methods--iterative versus recursive
  • Essential resource records: SOA, A, PTR, CNAME, NS
  • Zone transfers and secondaries
  • Vendor-specific differences

William LeFebvre (S9am, S12pm, M6) has been using lefebvre_bill UNIX and Internet technologies since 1983. He has written many articles on UNIX, networking, and systems administration issues. Currently he writes the monthly "Daemons & Dragons" column for UNIX Review. William is the editor of the SAGE series "Short Topics in System Administration." He has taught tutorials since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates, and he is a certified Cisco Systems Instructor. William is the primary programmer for the popular UNIX utility top and has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He can be reached at wnl@groupsys.com or via https://www.groupsys.com/.


S10am Legal Issues for System Administrators NEW
Daniel Appelman, Heller, Ehrman, White, and McAuliffe

Who should attend: This tutorial is designed for system administrators at all levels of experience and without regard to particular employment situations. Of course, the legal situation of the system administrator and the appropriate resolution of legal issues may vary depending on many factors, including the status of the employer. We will attempt to address these variations as they become relevant during the tutorial.

This course discusses the laws of cyberspace, with particular emphasis on the rights and liabilities of system administrators. The format is a presentation by the instructor, with plenty of time to ask questions. The course aims to provide attendees with a better understanding of how the law views system administrators, of the sensitive legal issues and potential liabilities they face, and of the concrete steps they can take to help their employers minimize their liability.

Topics include:

  • Overview of the law and its effect on system administrators
  • Privacy rights in cyberspace
  • Employer rights vs. employee rights
  • Defamation liability
  • Intellectual property rights
  • Your responsibilities on the job: what to do and what not to do
  • How to deal with potential legal issues as they arise

Daniel Appelman (S10am, S13pm) is a lawyer with a appelman_dan major Silicon Valley law firm. He has been practicing in the areas of cyberspace and software law for over fifteen years. Dan is the attorney for the USENIX Association and for many high-tech companies.





S11pm Using Amd and the Automounter Utilities NEW
Erez Zadok, Columbia University

Who should attend: System administrators and managers who maintain large heterogeneous sites. These sites often use the Amd automounter to provide a uniform, sitewide filesystem hierarchy. Participants should know the basics of NFS and other file systems, but expertise is not required. Prior use of Amd or experience with Amd is not required.

Amd is an automounter daemon used by administrators at many sites to provide a uniform filesystem mount strategy. Amd is particularly useful at large sites with two or more UNIX systems, because, unlike vendor-supplied automounters, it works the same for all platforms. Amd is also useful on systems whose vendors do not supply an automounter. Amd is a complex tool that supports many features. Its map syntax has numerous capabilities. Often you can achieve the same goal in several different ways. Careless use of Amd, however, can result in user-visible delays or even system hangs.

This tutorial's main focus is the efficient, long-running use of Amd. Many examples will be provided to illustrate each feature discussed.

Topics include:

  • Writing and debugging Amd maps and configuration files
  • Using special map features to shorten maps
  • How to choose among the many map features
  • How to make Amd run faster
  • Testing and configuration techniques to improve stability
  • Recovery from system lockups and Amd hangs

Participants will learn useful techniques: how to run Amd efficiently, how to write shorter and more clever maps, how to use the many (new) advanced features and tools that come with am-utils, and how to debug and test their configurations.

Erez Zadok (S11pm) began maintaining Amd in 1992. zadok_erez Starting in 1996, he rewrote large parts of Amd and converted it to use Autoconf tools. Numerous new features and ports have since been added. The package, now called am-utils, contains additional tools written by Erez (e.g., hlfsd). Erez is a Ph.D. student in Columbia University's Computer Science Department. Erez has been researching file systems and cross-platform filesystem extensibility since 1989.



S12pm Intermediate Topics in Domain Name System Administration
William LeFebvre, Group sys Consulting

Who should attend: Network administrators with a basic understanding of DNS and its configuration should consider attending this course. Those whose experience is limited to administering a single domain will learn how to create and delegate subdomains. Administrators planning to install and use BIND 8 will also benefit. Attendees are expected either to have prior experience with the domain name system, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration."

Once an administrator has a basic understanding of DNS, additional information and techniques are required to utilize the system's potential fully. Attendees will be taken beyond the basics into a more thorough understanding of the overall design and implementation of the domain name system.

Topics include:

  • Subdomains and delegation
  • Resource records: NS, RP, MX, TXT, AAAA
  • Migration to BIND 8
  • DNS management tools
  • DNS design
  • DNS and firewalls

William LeFebvre (S9am, S12pm, M6) has been using lefebvre_bill UNIX and Internet technologies since 1983. He has written many articles on UNIX, networking, and systems administration issues. Currently he writes the monthly "Daemons & Dragons" column for UNIX Review. William is the editor of the SAGE series "Short Topics in System Administration." He has taught tutorials since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates, and he is a certified Cisco Systems Instructor. William is the primary programmer for the popular UNIX utility top and has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He can be reached at wnl@groupsys.com or via https://www.groupsys.com/.


S13pm The First Amendment and the System Administrator NEW
Daniel Appelman, Heller, Ehrman, White, and McAuliffe

Who should attend: This tutorial is designed for system administrators at all levels of experience and without regard to particular employment situations. Of course, the legal situation of the system administrator and the appropriate resolution of legal issues may vary depending on many factors including the status of the employer. We will attempt to address these variations as they become relevant during the tutorial.

System administrators are often faced with conflicting demands and issues. Of particular importance are the conflicting expectations of users and employers concerning rights and responsibilities in using network facilities and the Internet. Often these expectations have legal dimensions and involve real or potential liabilities.

This tutorial focuses on the First Amendment (free speech) rights of users and how those rights sometimes conflict with other rights, such as the right to privacy, the right to some recourse against defamation and the distribution of obscenity, and the rights of employers to control their networks and the activities of their employees. Particular emphasis will be put on addressing how far the system administrator's duties go in policing and enforcing the rights of others. We will discuss real-life situations and the methodology for analyzing and resolving legal issues.

Daniel Appelman (S10am, S13pm) is a lawyer with a appelman_dan major Silicon Valley law firm. He has been practicing in the areas of cyberspace and software law for over fifteen years. Dan is the attorney for the USENIX Association and for many high-tech companies.





Monday, November 8, 1999    

M1 Windows NT Security: Advanced Topics
Phil Cox, Networking Technology Solutions

Who should attend: Programmers; network and system administrators; individuals who need a better understanding of the "whys" for securing Windows NT; and anyone interested in Windows NT network protocols, details on what registry settings actually do, and other advanced topics. An intermediate knowledge of Windows NT security is assumed.

Many security-related issues for Windows NT require an in-depth understanding of Windows NT security exposures and potential control measures. This course is designed for system and network administrators and system programmers who are already technically proficient with Windows NT security and want to learn more about advanced features.

Experience in securing Windows NT and in dealing with network security is a prerequisite for this course.

Topics include:

  • Details of Windows NT related to security and their security implications
    • The internal functionality of Windows NT
    • Windows networking: SMB and NetBIOS
  • Tradeoffs in designing and implementing suitable work-arounds to the flaws
  • Practical exercise in defending NT with a firewall
  • Dealing with Windows NT authentication
    • Passthrough authentication
    • Derivation and protection of password hashes
  • Securing the Windows registry
    • Advanced techniques
    • Tradeoffs and pitfalls in each registry change
  • The Security Configuration Manager
    • Default configurations
    • Defining specialized templates

Phil Cox (M1, T1) is a consultant for SystemExperts cox_phil Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the USENIX Association Magazine, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.



M2 Hot Topics in Modern System Administration--1
Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder

Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems.

Topics include:

  • wreq: Managing user requests and trouble tickets is an everyday task. We'll discuss the freely available Web-based tool wreq, together with procedures that you can use to make your SA group serve the needs of its internal customers.
  • LPRng: Tired of those nasty printing problems? This next-generation print spooler can ease many cross-platform printing hassles, as well as reduce time spent maintaining the printing system at your site.
  • Optimizing Web server performance: Learn tricks of the trade to make your hot UNIX Web server even hotter. We'll cover measuring UNIX Web server performance and how to tune your server for optimum throughput and response.
  • What's hot on the UNIX security battlefront: It's been a long year in UNIX security, and now's a great time to brush up on happenings in this area. We'll talk about the most important holes you need to address and suggest approaches to general UNIX security.
  • Modern UNIX filesharing: NFS has a bunch of new features, but do you know what they do or how to use them? Learn how to maximize the benefits of NFS 3.0 at your site.
  • A new world, split by OS: Are you suffering from UNIX in the machine room with PCs on the desktop? This syndrome is affecting system administrators everywhere, but there are some cures. We'll talk about strategies to handle this situation and tools to make it seamless.

Ned McClain (M2, T2) is a lead engineer at XOR mcclain_ned Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.



Evi Nemeth (M2, T2), a faculty member in computer sci nemeth_evi ence at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.





M3 System and Network Performance Tuning
Marc Staveley, Sun Microsystems

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of the UNIX system facilities and network environments is assumed.

We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single-system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single-host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
    • Practical goals
    • Monitoring intervals
    • Useful statistics
    • Tools, tools, tools
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
  • NFS performance tuning
    • NFS server constraints
    • NFS client improvements
    • NFS over WANs
    • Automounter and other tricks
  • Network performance, design, and capacity planning
    • Locating bottlenecks
    • Demand management
    • Media choices and protocols
    • Network topologies: bridges, switches, routers
    • Throughput and latency considerations
    • Modeling resource usage
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queueing
    • Real-time issues
    • Managing response time

Marc Staveley (M3) recently took a position with Sun staveley_mark Microsystems Enterprise Services, where he is applying his 16 years of experience with UNIX development and administration in helping to create new service programs. Previously Marc was an independent consultant and has held positions at NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, systems administration, and performance tuning.


M4 Real World Applications of Cryptography NEW
Greg Rose, QUALCOMM Australia

Who should attend: System, network, and security administrators, people who communicate remotely a lot and require security, developers of applications that require authentication or privacy, managers needing to understand better what is (and is not) possible.

Cryptography continues to grow in importance, and cryptographic algorithms are well understood. Actually using cryptography, however, either embedded in day-to-day applications or by developing new "crypto-enabled" applications, is hard.

This tutorial aims to provide an understanding of the capabilities of cryptographic techniques, some common pitfalls in their use, and some techniques for successfully using cryptography in applications. Examining some very useful tools which embed cryptography supplies both directly applicable knowledge and good examples.

Topics include:

  • Historical perspective
  • Brief introduction to cryptographic primitives
    • Random numbers
    • Hash functions and message authentication codes
    • Block and stream ciphers (symmetric ciphers)
    • Public key encryption and digital signatures
  • Useful tools
    • PGP old and new (versions 2.6* and 5.0+)
    • SSH (Secure Shell), for when you are on the road
    • IPsec and Virtual Private Networks
    • Tripwire, to help detect break-ins
    • CFS, the Cryptographic File System for UNIX
  • Cryptographic toolkits
    • SSLeay, OpenSSL (public SSL implementation library)
    • Cryptlib (public general-purpose encryption library)
  • Export regulations
    • How to comply to avoid nasty things
    • Various recovery strategies
    • No politics!

After completing this tutorial, participants will know many tricks for using cryptography successfully in their work or applications.

Greg Rose (M4) graduated from the University of New rose_greg South Wales with a B.Sc. (honours) in computer science, and he was awarded the University Medal in 1977. A member of the Board of Directors of the USENIX Association, he served as program chair of the 1996 USENIX Security Symposium. His work at QUALCOMM focuses on cryptographic security and authentication for wireless communications, particularly mobile phones. He has written a number of public tools using cryptography, and he holds generic cryptographic export licenses for two countries.


M5 Intrusion Detection and Network Forensics NEW
Marcus J. Ranum, Network Flight Recorder, Inc.

Who should attend: Network and system managers, security managers, and auditors. This tutorial will assume some knowledge of TCP/IP networking and client/server computing.

What can intrusion detection do for you? Intrusion detection systems are designed to alert network managers to the presence of unusual or possibly hostile events within the network. Once you've found traces of a hacker, what should you do? What kinds of tools can you deploy to determine what happened, how they got in, and how to keep them out? This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered.

Topics include:

  • What is IDS?
    • Principles
    • Prior art
  • Can IDS help?
    • What IDS can and can't do for you
    • IDS and the WWW
    • IDS and firewalls
    • IDS and VPNs
  • Types and trends in IDS design
    • Anomaly detection
    • Misuse detection
    • Traps
    • Future avenues of research
  • Concepts for building your IDS
    • What you need to know first
    • Performance issues
  • Tools for building your IDS
    • Sniffers and suckers
    • Host logging tools
    • Log recorders
  • Reporting and recording
    • Managing alerts
    • What to throw away
    • What to keep
  • Network Forensics
    • So you've been hacked
    • Forensic tools
    • Brief overview of evidence handling
    • Who can help you
  • Resources and references

Marcus J. Ranum (M5) is CEO and founder of Network ranum_marcus Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker on computer security topics.



M6 Configuring Cisco Routers on an IP Network
William LeFebvre, Group sys Consulting

Who should attend: System administrators who are, or who anticipate being, responsible for router configuration and maintenance for their Internet or intranet site. Attendees are expected to have a solid knowledge of general networking concepts, data encapsulation, the ISO seven-layer model, the Internet Protocol, IP addressing, and subnetting. Knowledge of routing protocols, especially distance vector versus link state, is also recommended. The class is not intended to teach networking concepts, but to apply those concepts to the configuration of a router.

Routers are the glue that holds the Internet together by providing direct connectivity between adjacent networks. Cisco routers dominate the router marketplace. They are an extremely popular choice among sites with high networking demands. But configuring and maintaining Cisco routers is unlike anything else in the industry. The command-oriented interface is unique and difficult to master.

This session introduces the attendees to the essentials of Cisco router configuration. Those who complete the class will feel comfortable at a router's console and will be able to interpret the output from the more common router commands. They will understand the various modes of the Internetwork Operating System (IOS), and how to read and alter a basic configuration.

Topics include:

  • Router modes (user, privileged, configuration)
  • Configuration file syntax
  • Command line editing
  • On-line help
  • Configuration statements essential to IP
  • Configuring routing protocols: RIP, IGRP, EIGRP, OSPF
  • Serial lines: frame relay (if time permits)

The class size will not permit hands-on work, but live demonstrations will be provided throughout the lecture.

William LeFebvre (S9am, S12pm, M6) has been using lefebvre_bill UNIX and Internet technologies since 1983. He has written many articles on UNIX, networking, and systems administration issues. Currently he writes the monthly "Daemons & Dragons" column for UNIX Review. William is the editor of the SAGE series "Short Topics in System Administration." He has taught tutorials since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates, and he is a certified Cisco Systems Instructor. William is the primary programmer for the popular UNIX utility top and has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He can be reached at wnl@groupsys.com or via https://www.groupsys.com/.


M7 Practical Web Site Maintenance with Perl--A Cookbook Approach NEW
Mark-Jason Dominus, Consultant

Who should attend: Programmers moderately experienced in Perl and CGI/HTML who would like to automate their Web site so that they can get more done with less work. This is not a class for non-programmers--we will be doing a lot of Perl code-reading.

With the proliferation of Web sites, the problem of maintenance has become almost unmanageable. Every Web site needs a person to update databases, send and answer mail, and handle membership sign-ups and account expiration, password protection, and a host of other tasks. Or do they? This tutorial will show, with numerous real-life examples, how a Web site can be largely automated, leaving the site maintainer free to handle only the exceptional cases.

Topics include:

  • Dynamically creating and expiring user accounts
  • Checking for password sharing
  • Sending out membership newsletters
  • Responding to "remove" requests
  • Automatic site updates (images and text)
  • Automatic newsgroup posting (e.g., monthly FAQ posting)
  • Daily/weekly/monthly reporting
  • Referral tracking/reporting
  • Link exchanges (and checking for dead links)
  • Database synchronization, searching, and updating

We'll use Web-based modules from CPAN and explain their interfaces. We will also pay special attention to file locking, synchronization, error checking, reporting, and recovery, and to the special needs of the asynchronous environment the Web provides. For each example, we will present a problem, discuss the conceptual overview, and delve into the code to solve it. Using these examples, attendees will easily be able to implement solutions on their own sites. In all cases, issues of scalability will be discussed. The instructor's wide range of experience will give the students the perspective they need to plan for their needs.

Mark-Jason Dominus (M7, T8am) has been involved in dominus_mark-jason computer security since 1988 and has been developing interactive Web applications since 1994. He was a system administrator and the first Webmaster at the University of Pennsylvania's Department of Computer and Information Sciences, and then became a founding staff member of Pathfinder, Time-Warner's Internet Web service, where he was the leader of the system administration and network security group. He is now an independent consultant working in the area of dynamic application development and systems and security analysis. He writes a regular column for The Perl Journal.


M8am Sendmail and Security NEW
Eric Allman, Sendmail, Inc.

Who should attend: System and network administrators responsible for sendmail security, particularly on firewalls and other similar systems.

Sendmail is a powerful Mail Transport Agent that can be configured for many different environments, from firewalls through workstation mail servers. These environments have different security requirements; in particular, in a pure relay configuration (with no local user accounts or delivery) sendmail can be configured to relinquish root permissions. This is a fast-paced tutorial intended for system and network administrators who are already familiar with configuring and administering sendmail.

You will learn essential principles of sendmail security, including how to configure sendmail on systems that have special security requirements, such as firewalls; configuring sendmail to run as anon-root user; and running sendmail in a "chroot"ed jail, as well as how and when to relax sendmail's file security checks.

Eric Allman (S6, M8am) is the original author of send allman_eric mail. He was the chief programmer on the INGRES database management project and an early contributor to the UNIX effort at Berkeley, authoring syslog, tset, the -me troff macros, and trek. He designed database user and application interfaces at Britton Lee (later Sharebase) and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. He is a former member of the USENIX Board of Directors.


M9am Administering Linux in Production Environments NEW
Aeleen Frisch, Exponential Consulting

Who should attend: This course is designed for both current and prospective Linux system administrators. It will cover configuring and managing Linux computer systems in production environments, with a focus on the administrative issues involved in deploying Linux systems for real-world tasks and problems arising from both commercial and R&D contexts.

Topics include:

  • Why Linux? How to justify a free operating system in a production environment (including addressing common management questions: "Why don't we just buy Suns?" "Why not use Windows NT instead?")
  • High-performance I/O: advanced file systems (coda, logical volumes), disk striping, optimizing I/O performance
  • Advanced server environments: Beowulf, clustering, parallelization environments and facilities, CPU performance optimization
  • High-availability Linux: fault-tolerant options, UPS configuration

Aeleen Frisch (S1, M9am, M12pm) has been a system frisch_aeleen administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.





M10am Professional Conduct and Computer Ethics
Lee Damon, QUALCOMM, Inc.

Who should attend: Anyone who is a system administrator or has access to confidential information, and anyone who manages system administrators or makes policy decisions about computer systems and their users.

This introductory class will start by examining some of the ethical responsibilities that come along with access to other users' data, accounts, and confidential information, with several case studies. All attendees will be encouraged to participate in the discussion. We will look at numerous viewpoints in order to give students a perspective from which to develop their own reasoned response to ethical challenges.

We will use the SAGE Ethics statement as a model.

Topics include:

  • Implicit expectations of ethical behavior: For example, a sysadmin reads another person's email to see how that person feels about someone or something.
  • Coercion to violate ethics: Your manager, wanting to "get the dirt" on another manager, asks you to look in her email and files for anything "wrong."
  • Well-intentioned violations of privacy: An ISP front-line support person is asked by his manager to examine customer homedirs for kiddy porn.
  • Collection, retention, and protection of personal data: Your site collects names, addresses, email information, age, and other information on-line. What should you do or not do with that data?
  • Your friend and fellow employee has been terminated "for cause" and their account disabled. Your manager wants you to look through their files. Should you protect their privacy? If so, how?
  • You are asked to deploy some very expensive software. Your company buys a one-seat license and tells you to duplicate it on all 1,000 hosts on your network.

The answers to these and other problems are often far more complicated than one would initially guess. After completing this tutorial, you will be better able to resolve questionable situations and will have the means to support your decisions.

Lee Damon (M10am) holds a B.S. in speech communi damon_lee cation from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of ethics in the systems administration community, including writing it into policy documents.



M11pm DHCP/DNS NEW
Greg Kulosa, GNAC, Inc.

Who should attend: Anyone with two or more networked clients (Macintosh, UNIX, or Windows) who wants to automatically distribute network information to those clients. Attendees should have a basic knowledge of TCP/IP and typical network set-ups and should understand the procedures for installing and working with their operating systems.

DHCP can be used to distribute IP address, router, DNS, WINS, and other information to network clients, to eliminate manual configuration of each machine. DNS, the Domain Name Service, is the system by which Internet TCP/IP hosts look up host addresses and network services. We will discuss these protocols and how they fit into a typical network. We will cover both UNIX and Windows NT servers but will focus on Windows clients, since UNIX and Macintosh clients are similar.

Topics include:

  • DHCP & DNS protocols in depth
  • Which server platform should I use (UNIX, NT)?
  • Which DHCP/DNS server should I run, freeware or a commercial solution?
  • How do I integrate DHCP info into DNS, and do I really need to?
  • How do I debug problems?
  • Useful reference materials

Please note: This is not a tutorial on integrating DHCP & DNS; it simply covers both topics in the same tutorial.

Greg Kulosa (M11pm, T11pm) has been a UNIX system kulosa_greg administrator for over eight years. He is currently a senior consultant, solving a myriad of host and networking problems for a variety of clients. In his spare time, he trains and grooms his American Quarter Horse, Jane, and goes on regular trail rides in the hills around San Francisco Bay.




M12pm Performance Monitoring and Tuning Under Windows NT
Aeleen Frisch, Exponential Consulting

Who should attend: Students attending this class should be familiar with elementary Windows NT systems administration concepts and tasks, including basic server configuration and maintenance, configuring TCP/IP networking under Windows NT, and administering Windows NT services. Experience tuning UNIX or other systems is helpful but not required.

This course, designed for NT system administrators, will provide in-depth advice on monitoring and improving Windows NT system and network performance. It will include a variety of real-world scenarios and examples. We will use the standard Windows NT Performance Monitor utility to track system performance.

Topics include:

  • Performance factors and considerations
  • Monitoring system operation and evaluating system efficiency
  • Locating performance bottlenecks
  • CPU performance
  • Memory usage and its performance implications
  • I/O performance issues
  • Network performance issues
  • System tuning strategies and hints
  • Capacity planning

Aeleen Frisch (S1, M9am, M12pm) has been a system frisch_aeleen administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.





M13pm Management 101--The Soft Science of Systems Administration NEW
Geoff Halprin, The SysAdmin Group

Who should attend: System administrators who have been given nontechnical responsibilities and need to learn techniques that may help them in performing these duties.

As system administrators mature in their knowledge and responsibilities, they come to rely on a number of "soft skills" to help them in their jobs.

Topics include:

  • Management of:
    • Projects
    • Vendor relationships
    • People
    • Time
    • Risks
    • Finances
  • Written and oral communication skills

This tutorial provides an overview of these diverse areas and provides tools that assist in communicating effectively with peers, managers, and other important constituents and users of sysadmin services.

Geoff Halprin (M13pm, T3) is the principal consultant halprin_geoff at The SysAdmin Group. He has been a system administrator for the past 15 years and a consulting system administrator for over 10. Geoff specializes in data security and systems management disciplines and in the evaluation and improvement of systems management practices. He has acted as consultant to a wide variety of organizations, including government, large corporations, and several major ISPs. Geoff is also the vice-president of the System Administrators Guild of Australia (SAGE-AU) and is a member of the SAGE Executive Committee.


Tuesday, November 9, 1999    

T1 Windows NT and UNIX Integration: Problems and Solutions NEW
Phil Cox, Networking Technology Solutions

Who should attend: System administrators who are responsible for heterogeneous Windows NT and UNIX-based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it's recommended they have systems administration experience in at least one.

Today's organizations choose computing solutions from a variety of vendors. Often, integration of the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This class covers specific problem areas and practical solutions for administering a mixture of UNIX and Windows NT systems. The focus will be on solutions that can be applied today to real-world administration problems in heterogeneous UNIX and Windows NT-based networks.

Topics include:

  • Overview of NT and UNIX
    • Basic homogeneous setups
    • Services: what's offered, and how
    • Similarities
    • Differences
    • Potential sticking points
  • Areas of interest
    • Electronic mail
    • Web servers
    • User authentication
    • File serving
    • Printing
    • Faxes and modems
    • Host-to-host connectivity
    • Remote administration
    • Backup and restore
For each of the areas of interest we will cover:
  • Current uses in homogeneous environments
  • Available answers--where integration can happen
  • Integration solutions and how to choose one (tools that provide the answers will be discussed)
  • Security considerations

Phil Cox (M1, T1) is a consultant for SystemExperts cox_phil Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the USENIX Association Magazine, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.



T2 Hot Topics in Modern System Administration--2 NEW
Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder

Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems.

Topics include:

  • Y2K compliance: The year 2000 is coming, and it's past time to make sure your site is prepared. We'll talk about the Y2K issues confronting you as an administrator in the UNIX environment, and we'll give you some tips on creating a Y2K gameplan for the UNIX hosts at your site.
  • LDAP: We'll tell you what it is and why it might be time to implement it. From client to server, we will survey how LDAP can strengthen your organization internally and externally. The major focus will be on choosing a UNIX server that's right for your organization.
  • News: Usenet news is the Internet's giant bulletin board: about half a million new articles each day require 20-50GB of disk space. We look at the administration chores and requirements of taking a full news feed, pruning it of spam, and delivering it to your users.
  • DHCP: Short on address space? Sick of configuring each and every one of your users' machines? We'll talk about making DHCP work for your organization. We will cover servers and clients, on both UNIX and NT and hosts.
  • Disaster planning: In planning for disasters, whether they are physical incidents, security incidents, or just sysadmin errors, hindsight and good backups are invaluable. We will provide some guidelines and a checklist of some of the documentation that you need to maintain to make disasters more recoverable.
  • Security tools: A new generation's worth of security management tools are on the loose, and we'll help you understand how to use them to your advantage. We'll examine new scanning tools such as Nessus and nmap, as well as looking at new tools to facilitate security forensics.

Ned McClain (M2, T2) is a lead engineer at XOR mcclain_ned Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.



Evi Nemeth (M2, T2), a faculty member in computer sci nemeth_evi ence at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.





T3 Auditing--An Agent of Change for the Better!NEW
Geoff Halprin, The SysAdmin Group

Who should attend: System administrators who are responsible for developing strategy for their sites, performing system reviews, planning improvements, or proposing expenditures to improve practices, and consultants wishing to develop their skills in planning work and communicating with clients.

As a system administrator, you know when there is a problem. But how can you convince the higher-ups that something needs to be done? The audit is the most valuable tool in your arsenal when it comes to dealing with management, because it forces a rigorous assessment of the current situation, evaluates alternatives, and results in a document that cogently addresses the problems. Audits also have the side effect of uncovering problems you didn't even know existed! An audit enables you to prove your point and also cover your back. It should be your primary tool for:

  • Convincing management that a problem exists
  • Educating management as to the true nature and complexity of your role, and how much effort is involved in doing that job well
  • Planning technical improvements to a site, including obtaining management sign-off on these projects

Audits come in many shapes and sizes. They are a basic mechanism for system review and control over entropy. This workshop will introduce the concepts and principles of audits and will examine in detail how to conduct an audit, including interviews and system inspections, and how to present the results of that work to management in the form of a formal audit report.

Topics include:

  • What an audit is
  • Audit concepts and terminology
  • Three audit perspectives
  • The 4-step audit process
  • The 5-step controlled improvement process
  • A detailed look at interviews, site inspections, and tools
  • The audit report

Geoff Halprin (M13pm, T3) is the principal consultant halprin_geoff at The SysAdmin Group. He has been a system administrator for the past 15 years and a consulting system administrator for over 10. Geoff specializes in data security and systems management disciplines and in the evaluation and improvement of systems management practices. He has acted as consultant to a wide variety of organizations, including government, large corporations, and several major ISPs. Geoff is also the vice-president of the System Administrators Guild of Australia (SAGE-AU) and is a member of the SAGE Executive Committee.


T4 Computer Attacks: Trends and Countermeasures
Tina Darmohray, System Experts, Inc.

Who should attend: System and network administrators who implement or maintain networks, and site managers charged with selecting and setting site security requirements. Familiarity with TCP/IP networking is a plus.

Many classic security problems, such as perimeter and host security, have become well defined and are routinely addressed by a wide range of product offerings; however, computer and network attacks are still on the rise. Effectively combating these attacks is a network and security management discipline with emerging strategies and solutions. This tutorial will cover the latest trends in computer attacks and the security precautions you can take against them, including defensive penetration analysis, host auditing, network logging solutions, and intrusion detection.

After taking this tutorial, attendees will understand the important areas of security management. They will be able to defensively assess their system and network security. Additionally, they will have an appreciation for auditing and monitoring hosts and networks for intrusions, and for storing critical information required for network forensics.

Topics include:

  • Trends in computer attacks
  • Defensive penetration analysis
  • Host and network auditing tools
  • Intrusion detection
  • Network forensics
  • Ethics, policies, and legal concerns of auditing computer communications

Tina Darmohray (T4) is a network and security consult darmohray_tina ant with over a decade of experience in administration and programming UNIX/TCP-based computers. She specializes in firewalls, Internet connections, sendmail/DNS configurations, and defensive intrusion management. Previously Tina was the lead for the UNIX support team at Lawrence Livermore National Laboratory. She was a founding board member of SAGE. She is the author of the popular SAGE jobs booklet Job Descriptions for System Administrators, she's the editor of SAGE News and Features for ;login:, the USENIX Association magazine, and she co-chaired the USENIX LISA IX conference. Tina holds a B.S. and an M.S. from the University of California, Berkeley.


T5 UNIX Security Tools: Use and Comparison
Matt Bishop, University of California, Davis

Who should attend: UNIX system, network, and security administrators who need to understand better the various security tools currently available.

The goal of this course is to assist UNIX security administrators, and other interested users, in locating and using publicly available programs to improve the security of their systems. This course will compare the uses and drawbacks of several different programs, with an emphasis on when to use which.

Topics include:

  • Tool checking and analysis: what to look for, how to analyze a tool, checking downloaded tools for security problems
  • Static analysis tools (filesystem auditing tiger, COPS)
  • Network analysis and security tools: monitors (nfsbug, nfswatch), ISS, SATAN, Gabriel, Courtney
  • Tools for privilege: managing shells (lsu)
  • Tools for logging and log analysis tools (swatch, logcheck)
  • Libraries (msystem, trustfile)
  • Tools for authentication: proactive password changers (shadow, crack)

Matt Bishop (T5) began working on problems of security bishop_matt in computer systems, and UNIX systems in particular, at Purdue, where he earned his doctorate. He subsequently worked at the Research Institute for Advanced Computer Science at NASA and taught courses in operating systems, computer security, and software engineering at Dartmouth College. Matt chaired the first USENIX Security Workshop and plays an active role in identifying and thwarting security threats. Matt has been on the faculty at UC Davis since 1993.


T6 Advanced Topics in DNS and BIND
Paul Vixie, Internet Software Consortium

Who should attend: Name-server administrators and software developers who need a deeper understanding of the DNS protocol and of the internals of BIND. Participants should already be responsible for the operation of at least one name server, should be familiar with Internet protocols such as TCP and UDP, and should be able to recognize C source code when they see it (which they will).

This tutorial will survey the DNS protocol and describe upcoming extensions to it, as well as implementation considerations in BIND.

Topics include:

  • DNS message format
  • DNS resource-record format
  • Zone file format and zone transfers
  • Incremental zone transfer
  • Dynamic update and deferred update
  • Real-time change notification
  • DHCP interaction
  • BIND current status
  • DNS security
  • DNS politics
  • BIND Version 8

After completing this tutorial, participants will know what the IETF has been up to lately, and what to expect in upcoming BIND releases. A note to those who have taken Paul's tutorials before: this tutorial will not be a rehash of prior material--new subjects will be covered.

Paul Vixie (T6) is the current maintainer of the BIND vixie_paul software system. BIND, the Berkeley Internet Name Domain, includes the name server ("named") used every-where on the Internet. Paul is also a coauthor of Sendmail: Theory and Practice (Digital Press, 1995) and serves as moderator of the comp.sources.unix newsgroup.




T7 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

This course covers a variety of topics that matter to Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information a system manager/administrator needs to run a Solaris installation effectively.

Topics include:

  • Installing and upgrading
    • Architecting an appropriate facility
    • Choosing the best hardware for your needs
    • Planning your installation, filesystem layout, post-installation steps
    • Installing (and removing) patches and packages
  • Advanced features of Solaris 2
    • CacheFS: configuring and using AutoFS
    • The /proc file system and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris
    • High-availability essentials: disk failures and recovery, RAID levels, uses and performance, H-A technology and implementation
    • Performance: how to track down and break up bottlenecks
    • Tools: Useful free tools, tool use strategies
    • Security: locking down Solaris, system modifications, tools
    • Resources and references

Peter Baer Galvin (T7) is the chief technologist for galvin_peter Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is security columnist for SunWorld, and is co-author of the Operating Systems Concepts textbook. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences.



T8am Web Application Security NEW
Mark-Jason Dominus, Consultant

Who should attend: Programmers and managers involved in the development of CGI programs and other applications designed to deliver dynamic or interactive content on the Web, and system administrators of Web servers. Participants should have some experience in developing these applications.

Interactive content on the Web is the world's biggest computer security hole. Before the WWW was invented, sane system administrators would never have considered setting up a network service that allowed an anonymous user to execute a complex program on their systems. Nevertheless, this is exactly what the Web does. Programs of formidable complexity and power are executed thousands of times every day on your systems, by unknown users in unknown locations with no supervision. If these programs are not written with great care, they can be subverted and used to steal your information or vandalize your machine.

The tutorial will include a number of case studies of programs that appear safe but aren't, and will show why "eyeball" methods of program verification are ineffective. We will spend some time discussing common problems and oversights and will show how they can be avoided. The examples will be in the Perl programming language, but the problems are not language-
specific and most of the solutions apply to programs written in any language. The tutorial will, however, spend some time discussing the unique "tainting" feature of Perl, which can detect many of these problems automatically.

We will examine the common programming error of trusting the browser, including improper use of cookies and client-side data validation. Additionally, we will take a close look at the strengths and weaknesses of authentication systems commonly used on the Web. Along the way, the tutorial will present important basic principles of security, with an emphasis on developing a sound security policy that is effective for your situation.

Mark-Jason Dominus (M7, T8am) has been involved in dominus_mark-jason computer security since 1988 and has been developing interactive Web applications since 1994. He was a system administrator and the first Webmaster at the University of Pennsylvania's Department of Computer and Information Sciences, and then became a founding staff member of Pathfinder, Time-Warner's Internet Web service, where he was the leader of the system administration and network security group. He is now an independent consultant working in the area of dynamic application development and systems and security analysis. He writes a regular column for The Perl Journal.


T9am Topics in AFS Administration NEW
Esther Filderman, Pittsburgh Supercomputing Center; Ted McCabe, MIT

Who should attend: Newer administrators of AFS, a distributed filesystem product of the Transarc corporation, who wish to further their knowledge. Working knowledge of AFS administration is required. This is not an advanced class; programming knowledge is not required, nor is access to AFS source.

This tutorial will offer both information and methods for a more efficient Cell. Participants will be walked through various parts of AFS and shown some of the internal workings.

Topics include:

  • Methods for tuning and administering AFS clients, both UNIX and NT, and the NFS/AFS translator
  • Maintaining AFS server machines: how the various server processes work together, protocols, authentication issues, and Ubik DB quorums
  • Management issues, from attaining stability through ensuring security, all while keeping track of volumes
  • Transarc's AFS Backup system, and other alternatives
  • Time-saving tricks
  • Alternatives to pure Transarc AFS, such as ARLA and DFS
  • The future of AFS

After completing this tutorial, participants will be aware of a number of ways to make their AFS administration tasks more trouble-free and efficient.

Esther Filderman (T9am) has been administrating AFS filderman_esther since its first incarnation as the file system behind the Andrew system, which was originally designed as part of an experiment by Carnegie Mellon University and IBM. She has been a system administrator for nearly 10 years. Once the 24x7 on-call person for the Andrew system, Esther is currently the senior operations specialist for the Pittsburgh Supercomputing Center, the site that, in a moment of insanity, ported AFS to Unicos.

Ted McCabe (T9am) has been administrating AFS since mccabe_ted_BW its first incarnation as the file system behind the Andrew system, which was originally designed as part of an experiment by Carnegie Mellon University and IBM. He was a system administrator at Carnegie Mellon for three years, maintaining and improving the backup system, known as Stage, that was initially developed with AFS. In 1996 Ted received an M.A. in mathematics from Boston University. Ted then returned to systems administration at Massachusetts Institute of Technology, where he has been wrestling with Transarc's backup system ever since.


T10am Dealing with Difficult People NEW
Steve Johnson, Transmeta; Dusty White, Consultant

Who should attend: Anyone who needs to deal with difficult people on the job; it will be especially useful to manager, and those who deal with difficult clients.

Do you work with some difficult people? They may be clients, employees, peers, or managers. This tutorial will discuss what makes people difficult, and how you can deal more easily with them without knuckling under.

Topics include:

  • Reaching agreement with negative people
  • Fitting loners into your group
  • Dealing with people who do not like to plan or attend meetings
  • Giving feedback constructively
  • Dealing with difficult bosses
  • How to know when to disengage from difficult people

Steve Johnson (T10am, T13pm) has been a technical johnson_steve_BW manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs. He has also been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk on management at LISA two years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at Transmeta.

Dusty White (T10am, T13pm) was an early employee of dusty_white Adobe, where she served in a variety of managerial positions. She now works as a management consultant in Silicon Valley, where she acts as a trainer, coach, and troubleshooter for technical companies.





T11pm Automating/Standardizing Operating System Installations: Solaris Jumpstart, Red Hat Kickstart, and Others . . .
Greg Kulosa, GNAC, Inc.

Who should attend: System administrators and managers responsible for multiple machines, who are charged with performing consistent and reliable operating system installs.

Installing the "MIS approved" operating system on lots of incoming hardware can become a chore at any site. It's boring for one person to do all the installs, but if you farm it out to lots of staff, how do you guarantee that all machines have identical set-ups?

Using an automated system can solve both these problems at once. We will cover the most popular methods vendors provide to automate this process, and we'll mention some home-grown and free solutions.

Topics include:

  • Why should I automate and standardize installs?
  • Using Solaris Jumpstart
    • Jumpstart overview
    • Setting up the server
    • Rules files
    • Finish script
    • Booting clients
  • Using Red Hat Linux Kickstart
    • Kickstart file
    • Creating a boot floppy
  • Brief overview of other methods
    • Norton Ghost
    • MOSIP
    • The old "clone-disk" trick

Greg Kulosa (M11pm, T11pm) has been a UNIX system kulosa_greg administrator for over eight years. He is currently a senior consultant, solving a myriad of host and networking problems for a variety of clients. In his spare time, he trains and grooms his American Quarter Horse, Jane, and goes on regular trail rides in the hills around San Francisco Bay.




T12pm Administering Backups with Legato NetWorker NEW
W. Curtis Preston, Collective Technologies

Who should attend: System administrators involved in the design, implementation, and administration of Legato NetWorker. Participants should be familiar with basic NetWorker installation and administration. Participants who are planning to use, but are not yet using, NetWorker should review the NetWorker documentation before attending this session.

Anyone who has implemented a medium to large installation of any commercial backup software package understands the challenges such a project will face. This tutorial will focus on the challenges unique to Legato NetWorker, with a heavy emphasis on automation, monitoring, and reporting. The tutorial will also answer questions all NetWorker administrators find themselves asking, and it will provide scripts that can be used to automate NetWorker.

Topics include:

  • Legato architecture
    • Master servers and storage nodes
    • Media and browse index
    • How NetWorker's dynamic parallelism works
  • System design
    • Setting client, server, and device parallelism for optimal performance
    • Determining the future size of your Networker client indexes
    • Deciding whether a client should back up to its own library or to a remote library
    • Setting up storage node fail-over
    • Determining the number of clients to put in a class
    • Deciding how many pools to use, and why
    • Designing the bootstrap backup to reduce disaster recovery time
  • System automation and Frequently Asked Questions
    • How does cloning really work? How do I clone just my full backups, or clone backups that take longer than a day to clone?
    • Why does my index get corrupted, and how can I protect against it?
    • How can I improve NetWorker's email capabilities to send my bootstrap reports somewhere other than my printer? to use a different subject line when the backup fails? to send the report to my pager if the backup fails?
    • Can NetWorker tell me when I'm LOW on volumes, instead of waiting until I'm OUT?
    • How do I automate the importing, exporting, and labeling of library volumes?
    • Can NetWorker back up a Veritas snapshoted file system?
    • How do I back up Network Appliance and Auspex systems?
    • What is the Tower of Hanoi, and what does it have to do with backups?
    • How can I get NetWorker to automatically retry failed backup jobs?
    • Is there a better way than mmrecov to recover my NetWorker server?

After completing this tutorial, participants will be able to answer all of these questions and will have the tools necessary to completely automate their NetWorker installation. They will also be aware of common pitfalls and how to avoid them.

W. Curtis Preston (T12pm), a principal consultant for preston_curtis-bw Collective Technologies, has been specializing in backup and recovery for over six years. He has designed and implemented many large Legato NetWorker installations and is also an accomplished author and speaker. (This will be his third time speaking at LISA.) Curtis has just completed work on his upcoming O'Reilly & Associates book, UNIX Backup & Recovery, which will be on the shelves this fall. Curtis's Web site is https://www.backupcentral.com/, and he can be reached at curtis@colltech.com.


T13pm Mastering an Interrupt-driven Job NEW
Steve Johnson, Transmeta; Dusty White, Consultant

Who should attend: Anyone who wants to feel more in control of the "uncontrollable" part of their job, or who manages people with interrupt-driven jobs.

How can you have an interrupt-driven job and still feel in control? The source of interruption may be your manager, or customer needs. Most people try some kind of time management, and this is surely part of the answer. However, time management alone will not allow you to avoid stress and overload. We will teach you some additional techniques.

Topics include:

  • Setting expectations realistically
  • Helping your interrupter feel heard
  • Building trust
  • Defusing irritation
  • Negotiating compromises
  • Saying no so that it will be understood and stick

Many examples will be taken from systems administration, but they can be applied much more broadly.

Steve Johnson (T10am, T13pm) has been a technical johnson_steve_BW manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs. He has also been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk on management at LISA two years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at Transmeta.

Dusty White (T10am, T13pm) was an early employee of dusty_white Adobe, where she served in a variety of managerial positions. She now works as a management consultant in Silicon Valley, where she acts as a trainer, coach, and troubleshooter for technical companies.



?Need help? Use our Contacts page.
Last changed: 11 Aug. 1999 mc
Conference index
Events Calendar
USENIX home