S3 Seven Habits of the Highly Effective System Administrator NEW
Mike Ciavarella, University of Melbourne, Australia; Lee Damon, University of Washington
9:00 a.m.–5:00 p.m., Hampton Room

Who should attend: Administrators who wish they could finish their work faster, get it right the first time, be granted more hours in their week, or increase their job satisfaction and confidence.

We will focus on enabling the junior system administrator to "do it right the first time." We aim to accelerate the experience curve for junior system administrators by teaching them the time-honored tricks and effective coping strategies that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.

Some topics will be UNIX-specific, but much of it will be OS-neutral. The theories translate, even if the specific tools mentioned don't.

Topics include:

• Tools you should use
• Tools you should avoid
• How to approach security
• Why syncronicity is important
• Root passwords: what not to do
• Rethinking your backup strategy
• Policies: the good, the bad, and the ugly
• Training, mentoring, planning for personal growth
• Ethical issues
• Site planning
• Budgeting
• Statistics
• Books for you/books for your users

Mike Ciavarella (S3, M9, M11) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

Lee Damon (S3) has been a UNIX systems administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of Ethics in the systems administration community, including writing it into policy documents. Lee holds a B.S. in Speech Communication from Oregon State University.

S4 Solaris Internals & Architecture: Performance and Resource Management NEW
Richard McDougall and James Mauro, Sun Microsystems
9:00 a.m.–5:00 p.m., Sheffield Room

Who should attend: System administrators, performance analysts, application architects, database administrators, software developers, and capacity planners. Anyone interested in the organization and structure of the Solaris kernel and in how to apply that knowledge to the use of performance tools and resource controls.

The installed base of Solaris systems for commercial data processing and scientific computing applications has grown dramatically over the last several years, and it continues to grow. The Solaris operating system has matured significantly, with major changes from the UNIX SVR4 source base on which the early system was built. An understanding of how the system is organized is required in order to design and develop applications that take maximum advantage of the various features of the operating system, understand the data made available via bundled system utilities, and optimally configure and tune a Solaris system for a particular application or load.

Topics include:

• The virtual memory system
• The virtual file system
• The multi-threaded process model
• The kernel dispatcher
• Scheduling classes
• File system implementation
• Resource control
• Management facilities

This course is based on Solaris 8 and Solaris 9, but has applicability to earlier releases. Networking (TCP/IP, STREAMS) facilities and performance are not covered.

Richard McDougall (S4) is an established engineer in the Performance Application Engineering group at Sun Microsystems, where he focuses on large systems performance and architecture. He has over twelve years of performance tuning, application/kernel development and capacity planning experience on many different flavours of UNIX. Richard has written a wide range of papers and tools for measurement, monitoring, tracing, and sizing UNIX systems, including the memory sizing methodology for Sun, the set of tools known as "MemTool" to allow fine-grained instrumentation of memory for Solaris, the recent "Priority Paging" memory algorithms in Solaris, and many of the unbundled tools for Solaris.

Richard, with Jim Mauro, wrote Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall) and are currently collaborating on an update of the book for Solaris 8, as well as volume II.

James Mauro (S4) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun.

S5 Architecting a Secure Infrastructure: From Networking Through Applications NEW
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–5:00 p.m., Royal Palm Salon 1/2

Who should attend: Network and system administrators who will be responsible for creating and implementing security infrastructure. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will describe how to create a baseline for policy and how to build that into a secure infrastructure. It will include case studies from several different types of business needs: commercial, government, university, and ISP. The emphasis will be on understanding what drives businesses, practical application of Infrastructure components, and case studies.

Participants should expect to leave the tutorial with the information needed to begin identifying drivers and techniques to create effective policies. In addition, participants should expect to leave the tutorial with the information needed to begin creating a secure infrastructure.

Topics include:

• Writing effective policies
• Setting standards
• Implementing procedures
• Security concepts (AAA, encryption)
• Security approaches
• Security technologies
• Drivers of business
• Infrastructure
  • Firewalls
  • Networks
  • Servers
  • Operating systems
  • Web infrastructure
• Securing applications
• Reviewing new technologies
  • XML
  • Middleware messaging
  • Portals
  • VOIP
• Entitlement
• IDS
• Logging
• Privacy
• Approaches to outsourcing/out-tasking

Steve Acheson (S5) is currently a Information Security Architect at Cisco Systems, where he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field as a system administrator, network engineer, and security analyst for over 15 years.

Laura Kuiper (S5) is currently a Computer Security Architect at Cisco Systems, where she is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a network engineer and security analyst for over 9 years.

S6 Intrusion Detection and Prevention Systems NEW
Marcus Ranum, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 3/4

Who should attend: Network or security managers responsible for an IDS roll-out, security auditors interested in assessing IDS capabilities, and security managers involved in IDS product selection.

This workshop covers the real-world issues you'll encounter as part of doing an intrusion detection roll-out or product selection. There's a lot of hype surrounding Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)--what works, and what doesn't? How do they work? Attendees will learn the advantages and disadvantages of popular approaches to IDS. Deploying an IDS is only the beginning, many users find, as they have to deal with false positives and noise. We'll discuss these issues as well as where to deploy IDSes, how to test them, how to build out-of-band IDS management networks, and how they interact with switches, routers, and firewalls.

Topics include:

• Technologies
  • IDS and IPS: what they are and how they work
  • Burglar alarms and honeypots: low-rent IDS
  • Misuse detection and anomaly detection
  • False positives, noise, and false alarms
  • Does freeware stack up to the commercial products?
• Deployment issues
  • Where to place IDS within the network
  • Alert tuning: what it is and how it works
  • How to estimate the size of an IDS deployment
  • How to size and design a logging/management architecture
  • Tools and tricks for logging and event correlation
  • A typical IDS roll-out
  • How to test an IDS for correct function
  • IDS benchmarks: bogus and bogusest
• Management issues
  • How to justify the expenditures on an IDS to management
  • Cyclical maintenance
  • Alert management procedures

S7 Mac OS X System Administration NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 5/6

Who should attend: System administrators who are or will be responsible for managing Mac OS X systems or are merely curious about it. A modest background in UNIX system administration is assumed, including familiarity with basic operating system concepts, configuring and managing network services, and host and network security.

Mac OS X is the advanced, BSD-based operating system from Apple. While many of the technologies are familiar, some aspects of this new OS make working with it quite a bit different from other UNIX systems you've managed.

This tutorial presents an overview of the design of Mac OS X and takes a practical approach to the administrative aspects of the system. By the end of the course, you'll be familiar with the fundamentals of the operating system and have a grab-bag of time-saving tips. These will give you a quick boost in administering Mac OS X.

Topics include:

• Operating system components
• Management applications
• Boot sequence
• Filesystem issues
• Software installation
• Account management
• Directory and authentication services
• Networking
• File sharing
• Print services
• Web and mail services
• Security issues
• Setup tasks

S8 Using IPsec NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.–12:30 p.m., Pacific Salon 1

Who should attend: System and network administrators responsible for network security. Participants should be familiar with basic networking, including a general understanding of TCP/IP and experience with network design and system administration. Work with IPsec is not assumed, nor is expertise in a particular operating system necessary.

Networks are a traditionally hostile medium, with packet sniffers, eavesdroppers, man-in-the-middle and replay attacks, and other ne'er-do-wells working hard to intercept, read, and modify your traffic. And that's just on your LAN! Enter IPsec. This tutorial addresses what IPsec is, how it works, and how to use it to mitigate the afore-mentioned risks, and more. Participants will gain a strong understanding of IPsec's internals, will learn to recognize when IPsec is the appropriate solution, and will be able to use it effectively to enhance their network's security.

Topics include:

• How IPsec works: tunnels, transports, encryption and authentication
• Using X.509 certificates and the Internet Keying Exchange (IKE) to automate connection management
• IPsec's strengths and weaknesses
• Debugging connections
• Taking advantage of Linux's opportunistic encryption
• Configuration walkthroughs for Linux, FreeBSD and NetBSD, OpenBSD, Windows 2000, and/or Cisco IOS (depending on audience needs)

Mike DeGraw-Bertsch (S8, M7) has been working with FreeBSD for ten years, and has been active in security for the last five years. He has written articles for the O'Reilly Network and SysAdmin Magazine and is writing UNIX Systems and Network Security for Springer-Verlag. Mike is a security and networking consultant and spends his free time as an ice hockey goalie.

S9 Enterprise Log Analysis: Tips, Tricks, and Techniques NEW
Sweth Chandramouli, Idiopathic Systems Consulting
9:00 a.m.–12:30 p.m., Pacific Salon 2

Who should attend: Intermediate to advanced systems, network, and security administrators with responsibility for analysis of large or complex amounts of log data. Familiarity with either or both of UNIX syslog and Windows EventLog is assumed.

This tutorial will provide an overview of advanced log analysis techniques, with a focus on learning how to recognize the types of data for which different techniques are appropriate, rather than on application-specific implementations of those techniques.

Topics include:

• Positive and negative filtering
• Graphical and algorithmic outlier analysis
• Historical analysis
• Procedural correlation
• Object classification analysis
• Event distillation/reduction

Sweth Chandramouli (S9) is the Founder and President of Idiopathic Systems Consulting, providing information security, UNIX and network systems design and implementation, and data analysis services for a client base ranging from sole proprietorships to Fortune 100 companies to the US government. He has previously served as CTO for Homeland Security (Justice Programs) at Lockheed Martin Information Technology, and as Director of Systems Architecture for ServerVault, Inc.

Sweth has an extensive background in the field of Log Analysis, including the development of log analysis tools for companies such as Counterpane Internet Security and agencies such as the US DHS Bureau of Immigration and Customs Enforcement. He is also an active contributor to the loganalysis mailing list, and has written about the topic extensively.

S10 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m., Pacific Salon 3

Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.

Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems.

The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.

In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."

Topics include:

• Inside the regex engine
  • Regular expressions are programs
  • Backtracking
  • NFA vs. DFA
  • POSIX and Perl
  • Quantifiers
  • Greed and anti-greed
  • Anchors and assertions
  • Backreferences
• Disasters and optimizations
  • Where machines come from
  • Disaster examples
  • Tokenizing
  • New optimizations
  • Matching strings with balanced parentheses

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

S11 Veritas Volume Manager: Beyond the GUI NEW
Douglas Hughes, Global Crossing
1:30 p.m.–5:30 p.m., Pacific Salon 1

Who should attend: Those who wish to learn how to effectively make use of the copious command line capabilities of Veritas Volume Managerm and how VxVM integrates with system startup scripts. Some familiarity with how VxVM works at a high level is helpful. Intermediate to advanced users may find the mid to end parts of the course most interesting. Beginners will receive a short introduction to volume manager terminology. There should be something for everybody.

Topics include:

• Fundamentals of terminology and volume components (volume, plex, subdisk) (a short comparison with disksuite and LVM)
• Creating volumes
• Workhorse tools (vxassist, vxresize, vxsd, vxedit, vxmake)
• Performance tuning (vxstat, vxtrace)
• How it works at bootup
• Recovery and maintenance
• What the daemons do
• Disk and volume management (to encapsulate or not, capacity planning, naming)
• Dynamic multi-pathing

• Specifics of integration with hardware vendors

Doug Hughes (S11) is a founding member of and frequent contributor to the veritas-vx and ssa-managers mailing lists. He has been using Veritas Volume Manager since the mid 1990s. He is also the keeper of one of the tips and tricks Web pages for Veritas and related storage technologies (https://www.will.to/vxstuff). Doug has a B.E. in Computer Engineering from Pennsylvania State University and currently works for a large multinational telecommunications company.

S12 Combating Spam Using SpamAssasin, MIMEDefang, and Perl NEW
David Skoll, Roaring Penguin Software
1:30 p.m.–5:30 p.m., Pacific Salon 2

Who should attend: System administrators, network administrators, and email administrators tackling the problem of spam in the enterprise. Participants should have a basic familiarity with SMTP and Perl.

The course will feature a high-speed introduction to SpamAssassin on UNIX/Linux and MIMEDefang and will describe concrete steps administrators can take to reduce spam. It will then zero in on MIMEDefang (created by David Skoll) and Sendmail. Participants will have ample opportunity to ask about the application of MIMEDefang and Perl modules in their particular environment.

Topics include:

• Introduction to mail filtering
  • Why filter?
  • What are we filtering?
  • Where to filter: on server, or on client?
• Introduction to Sendmail's Milter API
• Introduction to MIMEDefang
• Writing MIMEDefang filters
• Advanced filter writing
  • Information to use: HELO, relay address, envelope addresses, message content
  • Receive-only addresses and bounces
  • To bounce, or not to bounce?
  • Attachment stripping
• Common spam techniques and how to fight them
• SpamAssassin integration
• Advanced topics
  • Tuning MIMEDefang to handle huge loads
  • Preserving relay information across a chain of MX hosts
  • Recipient-verification on the final MX host before accepting mail

David Skoll (S12) is founder and president of Roaring Penguin Software, Inc., a consulting firm focused on deploying intelligent computing infrastructures for businesses of all sizes and incorporating Linux into heterogeneous environments. Skoll is the developer of MIMEDefang, the acclaimed open-source email inspection software, and creator of RP-PPPoE, deployed across Linux servers and clients worldwide. He is author of Caldera's OpenLinux Unleashed and frequently writes and presents for the Linux and open source communities. More information can be found at https://www.roaringpenguin.com.

S13 Perl Programming: Tricks of the Wizards UPDATED
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:30 p.m., Pacific Salon 3

Who should attend: Anyone who has a basic familiarity with Perl's packages, references, modules, and objects, and wants to become a wizard.

This class will explore Perl's most unusual features. We'll look at some of the standard modules written by famous wizards such as Tom Christiansen, Damian Conway, and Larry Wall, and learn what they're for and how they work.

Topics include:

• Perl's remarkable "glob" feature
  • An assortment of uses of globs
  • The much-used and mysterious Exporter module
  • How to do globby magic with Perl 6, which won't have globs
• Unusual uses of the "tie" function, including:
  • Hashes with case-insensitive keys
  • Arrays that mirror the contents of a file
  • Filehandles that suppress annoying output
• "AUTOLOAD," the Function of Last Resort
• The new "source filter" feature, which allows you to program in any language and translate to Perl at the last moment
• How to add a switch statement to Perl
• How to make Perl 5 emulate the variable syntax of Perl 6
• Last but not least: Nine useful enchantments that take only 30 seconds each

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

Monday, October 17, 2003

M1 LVS: Load Balancing and High Availability for Free NEW
Dustin Puryear, Windows, UNIX, and IT Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 1/2/3

Who should attend: Network administrators who need to ensure high performance and availability of services such as Apache, MySQL, DB2, and even Windows Terminal Services and who want to be able to tweak and tune a solution that is open source, stable, and flexible. Participants should be familiar with Linux and TCP/IP. Participants will leave this tutorial with a general understanding of load-balancing and high availability services and how to implement those services using the open source Linux Virtual Server (LVS).

Topics include:

• An overview of load-balancing and high availability
• How to configure LVS for different scenarios and goals
• Installing LVS on your Linux server; tweaking the Linux kernel for LVS
• Examples and considerations of LVS configuration for popular services such as Apache (HTTP) and SSL, MySQL, and Windows Terminal Services.
• Configuring fail-over of LVS!
• Security considerations
• Troubleshooting

Dustin Puryear (M1) is a consultant providing expertise in managing and integrating UNIX and Windows systems and services, with a strong focus on open source, and is author of Integrate Linux Solutions into Your Windows Network. As a consultant, Dustin has worked on projects ranging from tuning and managing Linux and FreeBSD high-availability web farms to developing custom management software for qmail-based mail systems.

M2 System and Network Monitoring
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m., Windsor Room

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.

Topics include:

• Monitoring: goals, techniques, reporting
• SNMP: the protocol, reference materials, relevant RFCs
• Introduction to SNMP MIBs (Management Information Bases)
• SNMP tools and libraries
• Other non-SNMP tools
• Security concerns when using SNMP and other tools on the network
• Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
• Special situations: remote locations, firewalls, etc.
• Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting

M3 Managing Samba 2.2 & 3.0 NEW
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m., Hampton Room

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring/managing Samba servers" listed as a desired skill on many job descriptions for network administrators.

Topics include:

• Providing basic file and print services
• Upgrading Samba servers from version 2.2 to 3.0
• Integrating with Windows NT 4.0 and Active Directory authentication services
• Centrally managing printer drivers for Windows clients
• Managing NetBIOS network browsing
• Implementing a Samba primary domain controller along with Samba backup domain controllers
• Migrating from a Windows NT 4.0 domain to a Samba domain
• Utilizing account storage alternatives to smbpasswd (such as LDAP)
• Making use of Samba VFS modules for features such as virus scanning and a network recycle bin

Gerald Carter (S1, M3), has been a member of the SAMBA Team since 1998. He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

M4 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m., Pacific Salon 2

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system, and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

• Performance tuning strategies
• Server tuning
  • Filesystem and disk tuning
  • Memory consumption and swap space
  • System resource monitoring
  • NFS issues
  • Automounter and other tricks
• Network performance, design, and capacity planning
• Application tuning
  • System resource usage
  • Memory allocation
  • Code profiling
  • Job scheduling and queuing
  • Real-time issues
  • Managing response time

Marc Staveley (M4) works with Soma Networks, where he is applying his many years of experience with UNIX development and administration in leading their IT group. Previously Marc has been an independent consultant and has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

M5 Hacking and Securing Web-Based Applications
David Rhoades, Maven Security Consulting
9:00 a.m.–5:00 p.m., Royal Palm Salon 5/6

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.

With numerous real-world examples, this course is based on fact and experience, not theory. The material applies to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.

Topics include:

• Information-gathering attacks: How hackers read between the lines
• User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
• User sign-off process: Are users really signed off?
• OS & Web server weaknesses: buffer overflows and default material
• Encryption: Finding the weakest link
• Session tracking
  • URL rewriting, basic authentication, and cookie: strengths and weaknesses
  • Session cloning, IP hopping, and other subtle dangers
  • A recipe for strong session IDs
• Authentication: server, session, transactional
• Transaction-level issues
  • Hidden form elements
  • Unexpected user input
  • GET vs. POST
  • JavaScript filters
  • Improper server logic

David Rhoades (M5, T6) is a principal consultant with Maven Security Consulting. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).

M6 Building Honey Pots for Intrusion Detection
Marcus Ranum, Consultant
9:00 a.m.–5:00 p.m., Crescent Room

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux and, while the materials may be of interest to a Windows/NT administrator, attendees will benefit if they have at least basic UNIX system administration skills.

This tutorial provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar-alarming networks. Students completing this class will go away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

• Introduction
  • IDSes
  • Fundamentals of burglar alarms
  • Fundamentals of honey pots
  • Fundamentals of log-data analysis
  • Spoofing servers
• Overview of honey pot design
  • Tools and techniques
  • Services
  • Port listeners
  • Arpd and arp spoofing
  • Honeyd: populating the world with fake systems
  • LaBrea tarpit and tarpitting
  • Spoofing server implementation walkthrough
  • Multiway address/traffic manipulation
  • Logging architecture: syslogs, XML logs, statistical processing
  • Simple tricks for information visualization
• Management
  • How to get help in analyzing attacks
  • Keeping up to date
• Legal issues
  • Entrapment
  • Privacy
  • Liability

M7 Using FreeBSD's Advanced Security Features NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 4

Who should attend: System administrators and managers responsible for securing IT assets whose requirements have outgrown their existing infrastructure. Participants should be familiar with basic system security, but expertise is not required. UNIX administration experience is expected, but work with FreeBSD is not assumed. Participants will gain a general understanding of risk evaluation and threat mitigation techniques and will learn how FreeBSD's security features work, what they add and what they cost, and how to apply them.

With complex new threats, shrinking budgets, and smaller staffs, just keeping up on today's security threats sometimes seems impossible. Enter FreeBSD, a widely distributed, secure, and free derivative of BSD UNIX with powerful new functionality from the TrustedBSD project, including filesystem firewalls and Access Control Lists.

This tutorial addresses the risks companies face, discusses how to evaluate and lessen those risks, and shows how to use FreeBSD's new--and sometimes not so new--features to create cost-effective, secure computing environments. It also delves into FreeBSD's new functionality, looking at the security that's been added and the associated performance and ease-of-use costs.

Topics include:

• Assessing risks
• How TrustedBSD addresses the common criteria for IT security evaluation
• Using FreeBSD's ports system to easily keep up with patches and security releases
• Jails and virtual machines
• Filesystem and IP firewalls
• Mandatory access controls and discretionary access controls
• Pluggable Authentication Modules (PAM) and One-Time Passwords In Everything (OPIE)
• Configuration walkthroughs for a secure:
  • Firewall
  • Log host
  • Combination mail server, file server, and Kerberos server
  • Client

M8 Mac OS X Security NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.–12:30 p.m., Pacific Salon 1

Who should attend: Security and system administrators who are or will be responsible for managing Mac OS X systems. A modest background in TCP/IP networking and UNIX system administration is assumed.

Although Mac OS X is largely based on BSD UNIX, the elements that make it unique lead to a host of new security considerations and opportunities. This tutorial examines Mac OS X security from a practical perspective. By the end of the course, you'll be familiar with the technologies available to help you secure your systems and will be well on your way to taking full advantage of them.

Topics include:

• Security out of the box
• Directory and authentication services
• Privileged access
• The Security Framework
• Network security
• Setup tasks

Leon Towns-von Stauber (S7, M8) started using UNIX systems in 1990 and has been administering them professionally for the last nine years in service provider, corporate, and educational environments. Although he's worked extensively with Solaris, Linux, HP-UX, AIX, and too many other flavors of UNIX, the purchase of a NeXT workstation in 1991 introduced him to the operating system lineage that he would follow from NeXTstep through to Mac OS X today. Currently he is working on books for O'Reilly & Associates on Mac OS X security and system administration.

M9 Advanced Shell Programming
Mike Ciavarella, Cybersource Pty Ltd
9:00 a.m.–12:30 p.m., Sheffield Room

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

• Common mistakes and unsafe practices
• Modular shell script programming
• Building blocks: awk, sed, etc.
• Writing secure shell scripts
• Performance tuning
• Choosing the right utilities for the job
• Addressing portability at the design stage< LI>When not to use shell scripts

Mike Ciavarella (S3, M9, M11) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

M10 Perl Program Repair Shop and Red Flags
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m., Pacific Salon 3

Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months' experience programming in Perl.

You've probably been working too hard when you program, writing twenty lines of code when you only needed ten. But there is a better way, and I will show it to you. You'll learn how to improve your own code and the code of others, making it cleaner, more readable, more reusable, and more efficient, while at the same time making it 30-50% smaller. Smaller code contains fewer bugs and takes less time to maintain.

We will examine several real code examples in detail and see how to improve them. We'll focus on red flags--warning signs in your code that are plainly visible once you know what to look for--and on techniques that require little complex thought or ingenuity. All the bad code in this class is guaranteed 100% genuine and typical.

Participants are encouraged to submit their own code for anonymous review in the class. (Send it to mjd-lisa-2003+@plover.com.) Class content varies depending on submissions, but is sure to include some of the topics listed below.

Topics include:

• Families of variables
• Making relationships explicit
• Refactoring
• Programming by convention
• The Flesh Blanket
• Conciseness
• Why you should avoid the "." operator
• Elimination of global variables
• Superstition
• The "use strict" zombies
• Repressed subconscious urges
• The cardinal rule of computer programming
• The psychology of repeated code
• Techniques for eliminating repeated code
• What can go wrong with "if" and "else"
• The Condition That Ate Michigan
• Resisting "Holy Doctrine"
• Trying it both ways
• Structural vs. functional code
• Elimination of structure
• Boolean values
• Programs that take two steps forward and one step back
• Programs that are 10% backslashes
• 'print print print print print '
• C-style "for" loops
• Loop counter variables
• Array length variables
• Unnecessary shell calls
• How (and why) to let "undef" be the special value
• Confusion of internal and external representations of data
• Tool use
• Elimination of repeated code with higher-order functions
• Learning to use a hammer
• The "swswsw" problem
• Avoiding special cases
• Using uniform data representations

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

M11 Documentation Techniques for SysAdmins
Mike Ciavarella, Cybersource Pty Ltd
1:30 p.m.–5:30 p.m., Pacific Salon 1

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Topics include:

• Why system administrators need to document
• The document life cycle
• Targeting your audience
• An adaptable document framework
• Common mistakes
• Tools to assist the documentation process

Mike Ciavarella (S3, M9, M11) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

M12 Introduction to Host Configuration and Maintenance with Cfengine NEW
Mark Burgess, Oslo University College
1:30 p.m.–5:30 p.m., Sheffield Room

Who should attend: System administrators with a minimal knowledge of a scripting language who wish to start using cfengine to automate the maintenance and security of their systems. UNIX administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.

Cfengine is a tool for setting up and maintaining a configuration across a network of hosts. It is sometimes called a tool for "Computer Immunology"--your computer's own immune system. You can think of cfengine as a very high level language, much higher-level than Perl or shell, together with a smart agent. The idea behind cfengine is to create a single "policy" or set of configuration files that describes the setup of every host on your network, without sacrificing their autonomy.

Cfengine runs on every host and makes sure that it is in a policy-conformant state; if necessary, any deviations from policy rules are fixed automatically. Unlike tools such as rdist, cfengine does not require hosts to open themselves to any central authority, nor to subscribe to a fixed image of files. It is a modern tool, supporting state-of-the-art encryption and IPv6 transport, that can handle distribution and customization of system resources in huge networks (tens of thousands of hosts). Cfengine runs on hundreds of thousands of computers all over the world.

Topics include:

• The components of cfengine and how they are used
• How to get the system running
• How to develop a suitable policy, step by step
• Security
• Examples
• How to customize cfengine for special tasks

Mark Burgess (M12) is a professor at Oslo University College and is the author of cfengine. He has been researching the principles of network and system administration for over ten years and is the author of Principles of Network and System Administration (John Wiley & Sons). He is frequently invited to speak at conferences.

M13 Perl Programming: Making Programs Faster (Benchmarking, Profiling, and Performance Tuning) NEW
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:30 p.m., Pacific Salon 3

Who should attend: Students should have at least six months' experience programming in Perl.

Almost every application must be made to run faster; some sooner, some later. Performance tuning of applications has long been a dark art, understood by few and riddled with terrible pitfalls. Stories abound of optimization projects that took weeks but yielded a pathetic 2% decrease in total run time. Don't let this happen to you.

Throughout, the class will emphasize both high- and low-level approaches to performance tuning: when to tune and when to try something different; if tuning is necessary, how to focus your efforts where they will do the most good. We'll learn how to rationally evaluate programming situations and when to try alternative approaches.

Topics include:

• The basic concepts of performance tuning
• Modules for benchmarking and profiling
• Common blunders even experts commit
• Especially important optimizations

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

Tuesday, October 28, 2003

T1 Advanced Topics in System Administration and Security
Trent Hein and Ned McClain, Applied Trust
9:00 a.m.–5:00 p.m., Windsor Room

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner.

This tutorial covers six topics of critical importance to all system administrators and power users.

Topics include:

• Digital forensics tools and techniques: Investigating computer security incidents has become a necessary skill for all system administrators. We'll discuss the secrets of digital forensics, including how to find out what happened without destroying possible evidence. This section will highlight several incident investigation tools and give examples of their use in real-life scenarios.
• Linux kernel tuning: As Linux's popularity in production environments increases, the need for knowledge on tuning a Linux kernel becomes ever so important. Whether it's performance, security, or functionality you're looking to cajole your system into, we'll give you the what to's and the how to's, and even the what you can'ts of this rare art.
• Handling digital forensic evidence: Information collected from a digital crime scene must be handled according to a strict set of rules. We'll talk about what you should do with log files, filesystems, and other digital evidence that might be used in court. This section will get you comfortable with all aspects of evidence handling, from secure evidence collection to the chain of custody.
• Stateful firewalls: Keeping up with the latest security technology can be a challenge, but it is essential to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering using iptables.
• Network intrusion detection systems: New NIDS products are appearing every day. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. Leave this section with the information you need to select and implement a NIDS solution that's right for you.
• Performance crisis case studies #3: Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you might someday face. This is a great way to gain practical knowledge in the performance arena.

T2 System and Network Monitoring: Tools in Depth NEW
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m., Pacific Salon 2

Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca. It will build on the background provided by the introductory "System and Network Monitoring" tutorial, so participants should be familiar with the topics covered in that tutorial.

Participants should expect to leave the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.

Topics include for Nagios, Cricket, MRTG, and Orca:

• Installation
• Configuration, options, how to manage larger and non-trivial configurations
• Reporting and notifications, proactive and reactive
• Special cases: interesting problems
• How to write scripts or programs to extend functionality
• Dealing effectively with network boundaries and remote sites
• Security concerns, access control
• Ongoing operations

John Sellens (M2, T2) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

T3 WiFi Security: The Trials and Tribulations of Designing, Deploying, and Using WiFi Networks Securely NEW
William A. Arbaugh, University of Maryland, College Park
9:00 a.m.–5:00 p.m., Royal Palm Salon 1/2/3

Who should attend: Designers, administrators, and power users of WiFi networks who need to design, deploy, and/or operate a WiFi network. Previous experience with or knowledge of wireless networking is helpful but not required.

This tutorial will present the security problems with current and legacy WiFi equipment, and then explain the more recent and proposed standard changes designed to mitigate and in some cases eliminate those problems, e.g., WiFi Protected Access (WPA) and Robust Security Network (RSN). Following the explanations, a detailed design example will be presented and the participants will be shown how to design, deploy, and test wireless architectures using legacy, WPA, and RSN equipment.

Finally, participants will be shown how to build and test an architecture using open source software.

Topics include:

• Known attacks against legacy WiFi equipment and the open source tools used for the attacks
• WiFi Protected Access and RSN: what are the changes, and what do they mean?
• Designing a secure WiFi network
• Deploying a secure WiFi network using open source tools
• Testing your WiFi network using open source tools

William Arbaugh (T3) has spent over 15 years performing security research and engineering. Arbaugh and his students were among the first to identify security flaws in the IEEE 802.11 standard, as well as several proposed fixes to the standard. He and his students are actively involved in the IEEE and the IETF standards processes, doing their best to ensure that future standards are more robust. He and Jon Edney are the authors of a forthcoming book (Addison-Wesley, Fall 2003) entitled Wi-Fi Protected Access: Wireless Security and 802.11.

T4 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies
9:00 a.m.–5:00 p.m., Pacific Salon 1

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

This course covers a variety of topics that are of importance to Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 9 features and functions.

Topics include:

• Installing and upgrading
  • Architecting your facility
  • Choosing appropriate hardware
  • Planning your installation, filesystem layout, post-installation steps
  • Installing (and removing) patches and packages
• Advanced features of Solaris 2
  • Filesystems and their uses
  • The /proc filesystem and commands
  • Useful tips and techniques
• Networking and the kernel
  • Virtual IP: configuration and uses
  • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
  • Devices: naming conventions, drivers, gotchas
• Enhancing Solaris
  • High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
  • Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
  • Tools: useful free tools, tool use strategies
  • Security: locking down Solaris, system modifications, tools, SunScreen
  • Resources and references

Peter Baer Galvin (T4) is the Chief Technologist for Corporate Technologies and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a contributing editor for SysAdmin Magazine, and is coauthor of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

T5 Deploying and Debugging DHCP NEW
George Neville-Neil, Nominum
9:00 a.m.–5:00 p.m., Royal Palm Salon 4

Who should attend: System administrators and other IT professionals involved in deploying the DHCP protocol. Participants should already have experience working with and managing TCP/IP networks. After completing this tutorial, participants will be well versed in the language and internals of DHCP and will be able to deploy and debug the protocol in a variety of environments, from SOHO to large institutions.

This tutorial covers deploying DHCP and debugging common problems observed in day-to-day operation. Packet traces, drawn from a production network, are used throughout the course to illustrate particular points.

Topics include:

• Deployment
• Debugging tools and strategies
• Protocol internals
• Working with DNS
• Relay agents
• Providing for legacy (BOOTP) clients
• Working with failover

T6 Network Security Assessments Workshop NEW
David Rhoades, Maven Security
9:00 a.m.–5:00 p.m., Crescent Room

Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.

How do you test a network for security vulnerabilities? Just plug some IP addresses into a network-scanning tool and click SCAN, right? Not quite. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are fraught with dangers: accidental denial-of-service, false positives, false negatives, and long-winded reporting, to name but a few. Performing a security assessment (a.k.a. vulnerability assessment or penetration test) against a network environment requires preparation, the right tools, methodology, knowledge, and more.

Topics include:

• Preparation: What you need before you even begin
• Safety measures
• Architecture considerations: Where you scan from affects how you perform the assessment
• Inventory
• Tools of the trade
• Common pitfalls
• Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
• Research and development: What to do when existing tools don't suffice
• Documentation and audit trail
• How to compile useful reports

T7 Disaster Planning and Recovery: How to Keep Your Company (and Your Job) Alive NEW
Evan Marcus, Veritas Software
9:00 a.m.–5:00 p.m., Royal Palm Salon 5/6

Who should attend: Anyone responsible for their organization's data. Disaster planning is like insurance: nobody wants to talk about it, and everyone runs from the salesmen. But when you need it, you are very glad to have it! And if you don't have it when you need it, it is too late to do anything about it. Have you ever been robbed or had an accident or a medical emergency? If you had insurance, you did personal disaster planning.

After 9/11, the companies that survived were those that had disaster plans in place. This tutorial will show you what you need to think about, what you need to plan for (and what you can safely avoid), and how you can put a plan into effect if (God forbid!) you ever need to use it.

We will explore the key aspects of developing a disaster recovery plan, including the key components, testing the plan, and some of the technology that can speed recovery, with an eye toward balancing cost and benefit. We will also take a close look at one organization that recovered completely very quickly after 9/11.

Topics include:

• What a DR plan should contain
• The costs of developing a DR plan
• Do you need a DR plan at all?
• The legal and civil liabilities of not having a plan
• Downtime and data loss as two sides of the same coin
• Four different methods for testing your DR plan
• DR as a subset of high availability
• Methods and technologies for protecting data through a disaster
• How disasters might affect the people who are responsible for recovery
• Building and staffing DR teams
• The role of senior management in DR
• Convincing management that a DR plan is necessary
• A real-life case study of a company that survived the 9/11 disaster

Evan Marcus (T7) is a Principal Engineer and Data Availability Maven with VERITAS Software Corporation. Evan has more than 15 years of experience in UNIX system administration. While working at Fusion Systems and OpenVision Software, Evan worked to bring to market the first high-availability software application for SunOS and Solaris. He is the author of several articles and talks on the design of high-availability systems and is the co-author, with Hal Stern, of the new second edition of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2003). Evan also co-edited and contributed to The Resilient Enterprise, VERITAS Publishing's disaster recovery book.

T8 Next Generation Backup Systems NEW
Jacob Farmer, Cambridge Computer Services
9:00 a.m.–12:30 p.m., Sheffield Room

Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use. Students will leave this lecture with immediate ideas for effective, inexpensive improvements to their backup systems. They will also walk away with a model for defining their requirements and identifying vulnerabilities.

Backup and restore is still the greatest point of pain in the data center. After years of relatively little technology innovation, a flurry of new technologies have arrrived on the scene. Many of these technologies are affordable add-ons to existing backup systems. Others are point solutions that work independently. This tutorial will set the new technologies into context and provide a framework for formulating and fulfilling data protection policies.

Topics include:

• A model for defining backup/restore requirements
• Switching the focus from backup to restore
• Applying inexpensive SAN technology to existing backup systems
• Hybrid SAN/LAN backup systems
• Interfacing with third-party snapshots
• Real-time replication
• Block-level incremental backups
• Using disk in the backup system
  • Disk-to-disk backup architectures
  • Staging tape backups to disk
  • Virtual tape systems
• Backing up email systems
• Bare metal restore
• Managing backup and restore for remote sites
• The latest tape drive hardware: LTO-2, S-AIT

Jacob Farmer (T8, T11) is the CTO of Cambridge Computer Services, a specialized integrator of backup systems and storage networks. He has over 15 years' experience with storage technologies and writes an expert advice column for InfoStor magazine. He is currently writing a book on storage networking which is scheduled to be completed toward the end of 2003.

T9 Time Management for System Administrators: Getting It All Done and Not Going (More) Crazy! NEW
Tom Limoncelli, Lumeta
9:00 a.m.–12:30 p.m., Hampton Room

Who should attend: Sysadmins who want to improve their time-management skills, who want to have more control over their time and better follow-through on assignments. If you feel overloaded, miss appointments, and forget deadlines and tasks, this class is for you.

Do any of these statements sound like you?

• I don't have enough time to get all my work done.
• I don't have control over my schedule
• I'm spending all my time mopping the floor; I don't have time to fix the leaking pipe.
• My boss says I don't work hard enough, but I'm always working my —— off!

Tom Limoncelli used to be a time-management disaster. He reformed himself and offers his insights in this tutorial. Tom currently has two job functions at an understaffed startup, chairs conferences, writes books, maintains 4 personal Web sites, serves on the boards of two nonprofits, and has a very full social life. Yet he keeps it all together and has time for himself. If you think you don't have time to take this tutorial, you really need to take this tutorial!

Topics include:

• Why typical "time management" books don't work for sysadmins
• How to delegate tasks effectively
• How to use RT and other request tracking tools
• A way to keep from ever forgetting a user's request
• Why "to do" lists fail and how to make them work
• Managing your boss
• Managing email more effectively with procmail
• Prioritizing tasks so that users think you're a genius
• Getting more out of your Palm Pilot
• Having more time for fun (for people with a social life)
• Tips on automating sysadmin processes
• Efficient phone calls: how to avoid major time wasters
• How to leave the office every day with a smile on your face

Tom Limoncelli (T9, T12) co-author of The Practice of System and Network Administration (Addison-Wesley), is Director of Network Operations at Lumeta Corporation, where he is responsible for building and scaling the network. A sysadmin and network wonk since 1987, he has worked at Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.

T10 Perl for System Administration: The Networking Power Hours, Part 1
David N. Blank-Edelman, Northeastern University CCS
9:00 a.m.–12:30 p.m., Pacific Salon 3

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite).

After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.

Topics include:

• SNMP: The Simple Network Management Protocol isn't always so simple to use or understand, but it is ubiquitous. We'll learn how to use Perl to query and configure SNMP versions 1- and 3-capable devices such as switches, routers, and workstations.
• Packet play: It is not uncommon to have to sniff a network looking for specific packets (or sometimes even produce them yourself). Maybe you're debugging a network service or performing a penetration test. We'll look at both sniffing for specific packets and creating them ourselves from Perl.
• Network monitoring and mapping: With SNMP and packet skills under our belt, we can begin to approach the hard topic of continuously monitoring a network and displaying the results. This module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already built to solve this problem.

David N. Blank-Edelman (T10, T13) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.

T11 iSCSI and IP Storage Networking NEW
Jacob Farmer, Cambridge Computer Services
1:30 p.m.–5:30 p.m., Sheffield Room

Who should attend: System administrators involved in the design and management of storage and backup systems. A general familiarity with SCSI, storage devices, and Ethernet switching is assumed. Experience with storage area networks is helpful but not required. After completing this tutorial, students will know enough about the various technologies to make purchasing decisions and to design and configure IP and hybrid storage networks.

Storage area networks (SANs) have traditionally been built on fibre channel, a relatively expensive and inflexible interface. In the past two years, products have come to market that allow storage area networks to leverage Ethernet for less expensive host connections, for bridging remote SANs, and even for core switching. In early 2003, the IETF ratified the iSCSI specification, ushering in a new class of affordable SAN products that leverage your existing Ethernet and IP infrastructure. This tutorial explains how to design and configure storage area networks using various Ethernet and IP-based technologies. In addition, it covers next-generation file systems that can leverage an Ethernet SAN.

Topics include:

• A crash course on storage area networks
• The shortcomings of SCSI and the advent of fibre channel
• The shortcomings of fibre channel and the need for IP SANs
• iSCSI host connections: configuration options
• iSCSI targets: configuration and alternative architectures
• Three ways to mix iSCSI, fibre channel, and parallel SCSI
  • Storage routers
  • Storage virtualization
  • Multi-protocol switches
• Bridging SANs with IP (FC-IP)
• Core switching with IP (iFCP and mFCP)
• High-performance, SAN-enabled file systems

Jacob Farmer (T8, T11) is the CTO of Cambridge Computer Services, a specialized integrator of backup systems and storage networks. He has over 15 years' experience with storage technologies and writes an expert advice column for InfoStor magazine. He is currently writing a book on storage networking which is scheduled to be completed toward the end of 2003.

T12 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Lumeta
1:30 p.m.–5:30 p.m., Hampton Room

Who should attend: Sysadmins from environments where upgrading a single large server, or hundreds of individual hosts, is common. Although the focus will be on UNIX and IP networks, all sysadmins will benefit from this tutorial. Examples include situations found both in small and in large sites.

Imagine a project that involves renumbering the IP addresses on thousands of hosts, none of which sees more than one interruption. Imagine upgrading a large server that provides dozens of critical services with confidence that it will be done on time and with all services working. Imagine performing one or more changes on 1,000 individual hosts without fear that you've installed the same typo on each. Imagine a tutorial that teaches the disciplines involved in making those things happen.

This tutorial will include a mix of theory and case studies of real events. Case studies will include success stories as well as disasters—there's much to be learned from both.

Topics include:

• A sample "change management" policy you can start using right away
• The network life cycle: birth, certification, decommission
• Case study: network change management (avoiding outages, managing risk)
• The project everyone hates: moving your data center
• Surviving weekend-long maintenance windows with no major problems
• The secret to successful server upgrades
• Case study: upgrading a major application server
• Case study: upgrading a multi-purpose server
• Service conversions (it's more than just upgrading the software)
• Building and staffing DR teams
• Case study: IP renumbering and reorganization

Tom Limoncelli (T9, T12) co-author of The Practice of System and Network Administration (Addison-Wesley), is Director of Network Operations at Lumeta Corporation, where he is responsible for building and scaling the network. A sysadmin and network wonk since 1987, he has worked at Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.

T13 Perl for System Administration: The Networking Power Hours, Part 2
David N. Blank-Edelman, Northeastern University CCS
1:30 p.m.–5:30 p.m., Pacific Salon 3

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite). Part 1 (T10) is not a prerequisite for this class.

After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools, and methods you need to use your existing Perl skills to tame these areas.

Topics include:

• LDAP: If you don't already have a directory service running in your environment, chances are you will soon. It is equally likely that this directory service will be built on or be accessible by the Lightweight Directory Access Protocol. We'll see how to use Perl to perform common LDAP operations.
• Mail: Perl is an excellent tool for speaking different mail protocols. We'll learn how to use it to send mail with SMTP and perform different mail operations using POP3 and IMAP. Once we know how to receive mail, we'll look at the process of parsing the mail to help us deal with it.
• Potpourri: There are so many topics in the networking arena that we bend the one-topic-per-hour rule for the last hour. In this module we'll look at how to parse logs efficiently and effectively, roll your own daemons, and use encrypted transports from Perl.

David N. Blank-Edelman (T10, T13) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.