Tuesday, June 11, 2002

Full-Day Tutorials T1 Building Secure Software NEW Gary McGraw, Cigital T2 Issues in UNIX Infrastructure Design Lee Damon, University of Washington T3 Solaris Internals: Architecture, Tips, and Tidbits James Mauro and Richard McDougall, Sun Microsystems, Inc. T4 Topics in UNIX and Linux Administration, Part 1 NEW Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado T5 Perl for System Administration—The Power and the Praxis David N. Blank-Edelman, Northeastern University CCS T6 Real-World Intrusion Detection: Problems and Solutions Phil Cox and Mark Mellis, SystemExperts Corporation T7 Practical UNIX Cryptography NEW Craig Hunt, WroteTheBook.com T8 FreeBSD Kernel Internals: Data Structures, Algorithms, and Networking—Part 2 Marshall Kirk McKusick, Author and Consultant

Who should attend: Developers, architects, and managers charged with developing code for security-critical and mission-critical projects (e.g., code that is intended to live on the Net), and security practitioners who must grapple with software security issues such as code review and risk analysis. Participants should have some familiarity with software development. Code examples include C, Java, and Python. This tutorial is based on material found in the book Building Secure Software, published by Addison-Wesley in their Professional Computing series.

What do wireless devices, cell phones, PDAs, browsers, operating systems, network services, public key infrastructure, and firewalls have in common? The answer is "software." Software is everywhere, and it is not usually built to be secure. This tutorial explains why the key to proactive computer security is making software behave. With software complexity growing alarmingly--the source code base for Windows XP is 40 million lines--we have our work cut out for us. Clearly, the penetrate-and-patch approach is non-optimal. Even worse is bolting security mechanisms on as an afterthought. Building software properly, both at the design and the implementation level, is a much better approach. This tutorial takes an in-depth look at some common software security risks, including buffer overflows, race conditions, and random number generation, and goes on to discuss essential guidelines for building secure software. A risk-driven approach to software security which integrates analysis and risk management throughout the software lifecycle is the key to better computer security.

Topics include:

• Aligning security goals and software project goals
• Software risk management
• Performing risk analysis
• Integrating securing into the software lifecycle
• Code-scanning technology
• Common software security risks
• Design versus implementation risks
• Building software security capability
• Open source and security
• Guidelines for building secure software

Gary McGraw (T1) Cigital Inc.'s CTO, researches soft ware security and sets technical vision in the area of software risk management. Dr. McGraw is co-author of four popular books: Java Security (Wiley, 1996), Securing Java (Wiley, 1999), Software Fault Injection (Wiley 1998), and Building Secure Software (Addison-Wesley, 2001). He consults with major e-commerce vendors, including Visa, MasterCard, and the Federal Reserve, functions as principal investigator on several government grants, and serves on commercial and academic advisory boards. Dr. McGraw holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from UVa.


T2 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington

Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This tutorial won't propose one "perfect solution." Instead, it will try to raise all the questions you should ask in order to design the right solution for your needs.

Topics include:

• Administrative domains: Who is responsible for what? What can users do for themselves?
• Desktop services vs. farming
• Disk layout
• Free vs. purchased solutions: Do you write your own, or do you outsource?
• Homogeneous vs. heterogeneous
• Master database: What do you need to track, and how?
• Policies to make your life easier
• Push vs. pull: Do you force data to each host, or wait for a client request?
• Quick replacement techniques: How to get the user back up in 5 minutes
• Remote install/upgrade/patching: How can you implement lights-out operation? Handle remote user sites? Keep up with vendor patches?
• Scaling and sizing: How do you plan?
• Security vs. sharing
• Single sign-on: Can one-password access to multiple services be secure?
• Single system images: Should each user see everything the same way, or should each user's access to each service be consistent with his/her own environment?
• Tools: What's free? What should you buy? What can you write yourself?

Lee Damon (T2) holds a B.S. in speech communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He has developed several large-scale mixed environments. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of ethics in the system administration community, including writing ethics concerns into policy documents.



T3 Solaris Internals: Architecture, Tips, and Tidbits
James Mauro and Richard McDougall, Sun Microsystems, Inc.

Who should attend: Software engineers, application architects and developers, kernel developers, device driver writers, system administrators, performance analysts, capacity planners, Solaris users who wish to know more about the system they're using and the information available from bundled and unbundled tools, and anyone interested in operating system internals.

The installed base of Solaris systems being used for various commercial data-processing applications across all market segments and scientific computing applications has grown dramatically over the last several years, and it continues to grow. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system works is required in order to design and develop applications that take maximum advantage of the various features of the operating system, to understand the data made available via bundled system utilities, and to optimally configure and tune a Solaris system for a particular application or load.

Topics include the major subsystems of the Solaris 8 kernel. We review the major features of the release and take a look at how the major subsystems are tied together. We cover in detail the implementation of Solaris services (e.g. system calls) and low-level functions, such as synchronization primitives, clocks and timers, and trap and interrupt handling. We discuss the system's memory architecture; the virtual memory model, process address space and kernel address space, and memory allocation. The Solaris process/thread model is discussed, along with the kernel dispatcher and the various scheduling classes implemented and supported. We cover the Virtual File System (VFS) subsystem, the implementation of the Unix File System (UFS), and file IO-related topics.

All topics are covered with an eye to the practical application of the information, such as for performance tuning or software development. Solaris networking (topics related to TCP/IP and STREAMS) is not covered in this course.

After completing this course, participants will have a solid understanding of the internals of the major areas of the Solaris kernel that they will be able to apply to systems performance analysis, tuning, load/ behavior analysis, and application development.

James Mauro (T3) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. He co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun. Jim co-authored Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000).



T4 Topics in UNIX and Linux Administration, Part 1 NEW
Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics.

Topics include:

• Logical Volume Management for Linux: Logical volume support for Linux has brought storage flexibility and high availability to the masses. By abstracting physical storage devices, logical volumes let you grow and shrink partitions, efficiently back up databases, and much more. We'll talk about Linux LVM, what you need to get it up and running, and how to take advantage of its many features.
• Security Packet Filtering Primer: What does the word "firewall" really mean, and how do you set up a packet filter list to implement a basic one? We'll teach you the dos and don'ts of creating a tough packet filter, and talk specifically about capabilities of packages available for Linux.
• What's New in BIND9? BINDv9 includes a long laundry list of features needed for modern architectures, huge zones, machines serving a zillion zones, co-existence with PCs, security, and IPv6--specifically, dynamic update, incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME records. We'll talk about the gory details of these new features.
• Network Server Performance Tuning: Instead of throwing expensive hardware at a performance problem, consider that many performance problems are really due to misconfigured networks, systems, and applications. We'll focus on Linux and UNIX performance tuning, with an emphasis on low-cost, high-impact strategies and solutions.
• Security Crisis Case Studies: Before your very eyes, we'll dissect a set of security incident case studies using many tools available on your system or from the Net. We'll specifically describe how to avoid common security-incident pitfalls.
• Policy and Politics: Many of the policies and procedures followed at a site are carefully filed in the sysadmin's head. With the worldwide Net invading your local site, these secrets need to be written down, run by lawyers, and followed by your sysadmin staff. We will discuss approaches to these tasks, both good and bad, and illustrate with war stories, sample policy agreements, and procedure checklists.

Trent Hein (T4, W4) is co-founder of Applied Trust Engineering. Previously, he was the CTO at XOR Inc., where he focused on using UNIX and Linux in production-grade commercial environments.Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado. Email him at trent@atrust.com.



T5 Perl for System Administration—The Power and the Praxis
David N. Blank-Edelman, Northeastern University CCS

Who should attend: People with system administration duties, advanced-beginner to intermediate Perl experience, and a desire to make their jobs easier and less stressful in times of sysadmin crises.

Perl was originally created to help with system administration, so it is a wonder that there isn't more instructional material devoted to helping people use Perl for this purpose. This tutorial hopes to begin to remedy this situation by giving you six solid hours of instruction geared towards putting your existing Perl knowledge to practice in the system administration realm.

The morning section will concentrate on the power of Perl in this context. Based on the instructor's O'Reilly book, we'll take a multi-platform look at using Perl in cutting-edge and old-standby system administration domains. This jam-packed survey will include:

• Secure Perl scripting
• Dealing with files and file systems (including source control, XML, databases, and log files)
• Dealing with SQL databases via DBI and ODBC
• Email as a system administration tool (including spam analysis)
• Network directory services (including NIS, DNS, LDAP, and ADSI)
• Network management (including SNMP and WBEM)

At the end of the day, you'll walk away from this class with Perl approaches and techniques that can help you solve your daily system administration problems. You'll have new ideas in hand for writing small Perl programs to get you out of big sysadmin pinches. And on top of all this, you are also likely to deepen your Perl knowledge.

David N. Blank-Edelman (T5) is the Director of Technology at the Northeastern University College of Computer Science and the author of Perl for System Administration (O'Reilly). He has spent the last 15 years as a system/network administrator in large multi-platform environments and has served as Senior Technical Editor for the Perl Journal. He has also written many magazine articles on world music.



T6 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation

Who should attend: System and network administrators who implement or maintain intrusion detection systems, managers charged with selecting and setting intrusion detection requirements, and anyone who wants to know the details of how to make intrusion detection work. Familiarity with TCP/IP networking is a plus.

In today's increasingly networked world, intrusion detection is essential for protecting resources, data, and reputation. It's a rapidly evolving field with several models and deployment methods from which to choose.

After taking this tutorial, attendees will understand the fundamental concepts of intrusion detection and will gain practical insights into designing, deploying, and managing intrusion detection systems in the real world.

Topics include:

• Why intrusion detection?
• ID and the organization
• Intrusion detection basics
  • Terms and definitions
  • Host-based systems
  • Network-based systems
  • Hybrid systems
• How attackers attempt to bypass IDS systems
• Case studies for small, medium, and large deployments

Who should attend: System administrators interested in using the cryptographic tools that are now available for UNIX. System administrators interested in practical configuration examples will benefit the most. Attendees need basic system administration skills and knowledge of UNIX configuration to reap the greatest benefit from this course.

Export restrictions have eased, and the RSA patent has expired, removing legal barriers to strong encryption. Soon all Linux and UNIX systems will ship with built-in cryptographic capabilities. System administrators need to understand what those tools can and cannot do for them and how to use the tools. This course outlines the current state of cryptographic support in UNIX and shows attendees how to make use of SSL and SASL services. The network protocols that underlie these cryptographic services are described. Practical advice about using strong authentication and encrypted data streams is given. This tutorial provides detailed, practical examples of installing, configuring, and using OpenSSL and SASL to support encryption for applications such as Apache. Installation, configuration and use of encryption tools such as SSH and GPG are also covered.

• The basics
  • Threats to data
  • Types of encryption and their roles
• Simple Authentication and Security Layer (SASL)
  • The role of SASL
  • Terminology
  • Supported authentication techniques
  • Installation, configuration, and use
• GNU Privacy Guard (GPG)
  • The role of GPG
  • Obtaining and installing GPG
  • Encrypting and protecting email
• Secure Shell (SSH)
  • The role of SSH
  • SSH protocol
  • Obtaining and installing SSH
  • Client and server configuration
  • Key distribution issues
• Secure Sockets Layer (SSL)
  • The role of SSL
  • TLS protocol
  • Certificates
  • Obtaining, configuring, and using OpenSSL
  • Using OpenSSL with Apache
  • Securing services with stunnel

Please see the description under M8.

Marshall Kirk McKusick (M8, T8) writes books and articles, consults, and teaches classes on UNIX- and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast filesystem and oversaw the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned a B.S. in Electrical Engineering from Cornell University. At the University of California at Berkeley, he received Master's degrees in computer science and business administration, and a doctoral degree in computer science. He is past president and a current member of the USENIX Board of Directors and is a member of AAAS, ACM, and IEEE.