Overview | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | By Instructor

Who should attend: Solaris system managers and administrators interested in learning the new administration features in Solaris 10 (and features in previous Solaris releases that they may not be using).

This tutorial covers a variety of topics concerning Solaris 10. Solaris 10 includes many new features, and there are new issues to consider when deploying, implementing, and managing Solaris 10. This will be a workshop featuring instruction and practice/exploration. Each student should have a laptop with wireless access for remote access into a provided Solaris 10 machine.

Note that, except for a few instances, Solaris 10 security is not covered in this workshop.

Topics include:

• Overview
• Solaris releases (official, Solaris Express, OpenSolaris, others)
• Installing and upgrading to Solaris 10
• Flash archives and live upgrade
• Patching
• Service Management Facility (lab)
• The kernel
• Update
• /etc/system
• Crash and core dumps
• Management and analysis
• Cool commands
• ZFS (lab)
• N1 Grid Containers (a.k.a. Zones) (lab)
• Installation
• Management
• Resource management
• Dtrace
• FMA
• Performance
• Commands
• Cachefs
• Networking
• IP multipathing
• Sysadmin best practices

Peter Baer Galvin (S1, R1) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

S2	TCP/IP WEAPONS SCHOOL (Day 1 of 2)

Who should attend: Junior and intermediate analysts and system administrators who detect and respond to security incidents.

TWS is the right way for junior and intermediate security personnel to learn the fundamentals of TCP/IP networking. Students learn how to interpret network traffic by analyzing packets generated by network security tools. Examples of normal, suspicious, and malicious traffic teach analysts how to identify security events on the wire. Students wil analyze traffic using open source tools.

The point of the class is to teach TCP/IP by looking at nontraditional TCP/IP traffic. I will make comparisons to normal TCP/IP traffic for reference purposes. The name of the course is related to the US Air Force Weapons School, which is the "Top Gun" of the Air Force.

Course plan: The class will concentrate on the protocols and services most likely to be encountered when performing system administration and security work. Students will inspect traffic such as would be seen in various malicious security events.

Topics for Day 1 include:

• Hardware and network design: Bridges, hubs, switches, routers, duplex and domains, layer-x switches, middleboxes, LANs, xANS, VPNs, WLANs, VLANs
• Layer 1: What Layer 1 is; Ethernet; raw Ethernet (Nemesis); UTP and Ethernet over UTP; fiber optics and Ethernet over fiber optics; Ethernet emulation over FireWire, IP over FireWire, and IP over wireless
• Layer 1 attack: Rogue access point
• Layer 2: What Layer 2 is; Ethernet revisited; packet delivery on the LAN; Ethernet interfaces; ARP basics, ARP request/reply, ARP cache, Arping, Arpdig, and Arpwatch; Dynamic Trunking Protocol

Want to learn more from Richard Bejtlich? Check out his extra 2-day class after LISA, December 9–10, 2006. See the PDF flyer for details.

Richard Bejtlich (S2, M2, F1) is founder of TaoSecurity LLC(http://www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He has created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001, Richard defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, he holds degrees from Harvard University and the United States Air Force Academy. Richard wrote the Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and Sys Admin Magazine. Richard holds the CISSP, CIFI, and CCNA certifications. His popular Web log resides at http://taosecurity.blogspot.com.

Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca.

Participants should expect to leave this tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.

Topics include, for each of Nagios, Cricket, MRTG, and Orca:

• Installation: Basic steps, prerequisites, common problems and solutions
• Configuration, setup options, and how to manage larger and nontrivial configurations
• Reporting and notifications, both proactive and reactive
• Special cases: How to deal with interesting problems
• Extending the tools: How to write scripts or programs to extend the functionality of the basic package
• Dealing effectively with network boundaries and remote sites
• Security concerns and access control
• Ongoing operations

John Sellens (S3, M12 ) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and the SAGE Short Topics in System Administration booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

Who should attend: Current Linux system administrators looking to learn about the latest developments and problem-solving techniques, as well as administrators from sites considering converting to Linux or adding Linux systems to their current computing resources.

This course will cover configuring and managing Linux computer systems in production environments. We will be focusing on the administrative issues that arise when Linux systems are deployed to address a variety of real-world tasks and problems arising from both commercial and research-and-development contexts.

Topics include:

• Recent kernel developments
• High-performance I/O
  • Advanced filesystems and logical volumes
  • Disk striping
  • Optimizing I/O performance
• Advanced compute-server environments
• Beowulf
• Clustering
• Parallelization environments/facilities
• CPU performance optimization
• High availability Linux: fault-tolerance options
• Enterprise-wide authentication and other security features
• Automating installations and other mass operations
• Linux performance tuning

Æleen Frisch (S4, M8) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).

S5	LINUX SERVER SECURITY HANDS-ON

Who should attend: Both Linux and UNIX system administrators. Some experience with command-line UNIX tools is required to get the most out of this class. Security analysts and managers can also take this class and learn what must be done to create secure Linux systems.

Learn how to secure Linux servers in this hands-on class. The good news is that recent Linux distros come with good default security. The bad news is that security of Linux servers can be reduced by mistakes in configuration, poor use of server features, enabling more services than are required, and use of insecure services. The security of all but the most hardened Linux servers can be increased through the application of the techniques you will learn in this course.

You will work with a Linux server running within a VMware product for Linux or Windows (Mac users: see http://www.vmware.com/macos to sign up to try a beta version for Macs). During the class, you can participate in hands-on exercises that will drive home the key points.

Topics include:

• Checking for low-hanging fruit that can aid an attacker, such as bad file permissions, dangerous SUID files, and backdoors
• Defending servers against network-based attacks via proper service configuration
• Using local firewalls to both block potential attacks and blunt successful attacks
• Running servers within a chrooted environment
• Using secure remote administration
• Running Apache securely through proper configuration and through checking CGI scripts or programs for exploitable features
• Keeping your servers properly updated and vulnerability-free
• Setting up effective logging

Rik Farrow (S5, T9) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many U.S. and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow is the editor of ;login:. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.

Who should attend: Perl programmers with at least a journeyman-level working knowledge of Perl programming and a desire to hone their skills.

This class will cover a wide variety of advanced topics in Perl, including many insights and tricks for using these features effectively. After completing this class, attendees will have a much richer understanding of Perl and will be better able to make it part of their daily routine.

Topics include:

• Symbol tables and typeglobs
  • Symbolic references
  • Useful typeglob tricks (aliasing)
• Modules
  • Autoloading
  • Overriding built-ins
  • Mechanics of exporting
  • Function prototypes
• References
  • Implications of reference counting
  • Using weak references for self-referential data structures
  • Autovivification
  • Data structure management, including serialization and persistence
  • Closures
• Fancy object-oriented programming
  • Using closures and other peculiar referents as objects
  • Overloading of operators, literals, and more
  • Tied objects
• Managing exceptions and warnings
  • When die and eval are too primitive for your taste
  • The use warnings pragma
  • Creating your own warnings classes for modules and objects
• Regular expressions
  • Debugging regexes
  • qr// operator
  • Backtracking avoidance
  • Interpolation subtleties
  • Embedding code in regexes
• Programming with multiple processes or threads
  • The thread model
  • The fork model
  • Shared memory controls
• Unicode and I/O layers
  • Named Unicode characters
  • Accessing Unicode properties
  • Unicode combined characters
  • I/O layers for encoding translation
  • Upgrading legacy text files to Unicode
  • Unicode display tips

Tom Christiansen (S6) has been involved with Perl since day zero of its initial public release in 1987. Author of several books on Perl, including The Perl Cookbook and Programming Perl from O'Reilly, Tom is also a major contributor to Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a Master's in computer science. He now lives in Boulder, Colorado.

Sunday Morning Half-Day Tutorials

Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."

Topics include:

• DNS and BIND
• The DNS name hierarchy
• The four components of the DNS protocol
• Iterative vs. recursive querying
• Essential resource records: SOA, A, PTR, CNAME, NS
• Zone transfers and secondaries
• Vendor-specific differences

William LeFebvre (S7, S10) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He wrote a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently an independent consultant. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

S8	BZR, HG, AND GIT, OH MY! DISTRIBUTED SOURCE CODE MANAGEMENT SYSTEMS

S9	SO YOU HAVE ACTIVE DIRECTORY: NOW WHAT? (A GUIDE TO AD INTEGRATION FOR UNIX SYSADMINS)

Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has been developing, writing about, and teaching on open source since the late 1990s. Currently employed by Centeris as a Samba and open source developer, Gerald has written books for SAMS Publishing and for O'Reilly Publishing.
 

Sunday Afternoon Half-Day Tutorials

Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.

Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.

Topics include:

• Subdomains and delegation
• Resource records: NS, RP, MX, TXT, AAAA
• BIND views
• DNS management tools
• DNS design
• DNS and firewalls

William LeFebvre (S7, S10) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He wrote a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently an independent consultant. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

Who should attend: Administrators who want to understand Kerberos 5 implementations on both UNIX/Linux and Windows clients and servers.

For many organizations, Kerberos is an an old technology that has been driven to the forefront by deployments of Microsoft Active Directory domains. The introduction of a standard authentication protocol into Windows domains has caused many network administrators to reexamine ways to integrate UNIX/Linux and Windows clients in a single authentication model.

Topics include:

• Key concepts of the Kerberos 5 protocol
• Related authentication interfaces such as SASL and GSSAPI
• The specifics of implementing Krb5 realms
• Implementations of Krb5 cross-realm trusts
• Integration of Windows and UNIX/Linux clients into Krb5 realms
• Possible pitfalls of using popular Krb5 implementations such as those of MIT and Windows 200x

Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has been developing, writing about, and teaching on open source since the late 1990s. Currently employed by Centeris as a Samba and open source developer, Gerald has written books for SAMS Publishing and for O'Reilly Publishing.

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore procedures and techniques for tuning systems, networks, and application code. Starting from the single system view, we will examine how the virtual memory system, the I/O system, and the filesystem can be measured and optimized. We'll extend the single host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question and analysis period for particular situations will be provided.

Topics include:

• Performance tuning strategies
• Practical goals
• Monitoring intervals
• Useful statistics
• Tools, tools, tools
• Server tuning
• Filesystem and disk tuning
• Memory consumption and swap space
• System resource monitoring
• NFS performance tuning
• NFS server constraints
• NFS client improvements
• NFS over WANs
• Automounter and other tricks
• Network performance, design, and capacity planning
• Locating bottlenecks
• Demand management
• Media choices and protocols
• Network topologies: bridges, switches, and routers
• Throughput and latency considerations
• Modeling resource usage
• Application tuning
• System resource usage
• Memory allocation
• Code profiling
• Job scheduling and queuing
• Real-time issues
• Managing response time

Marc Staveley (M1, R1) works with Soma Networks, where he is applying his many years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant and also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

M2	TCP/IP WEAPONS SCHOOL (Day 2 of 2)

See S2 for the description of the first day of this tutorial.

Who should attend: Junior and intermediate analysts and system administrators who detect and respond to security incidents.

TWS is the right way for junior and intermediate security personnel to learn the fundamentals of TCP/IP networking. Students learn how to interpret network traffic by analyzing packets generated by network security tools. Examples of normal, suspicious, and malicious traffic teach analysts how to identify security events on the wire. Students wil analyze traffic using open source tools.

The point of the class is to teach TCP/IP by looking at nontraditional TCP/IP traffic. I will make comparisons to normal TCP/IP traffic for reference purposes. The name of the course is related to the US Air Force Weapons School, which is the "Top Gun" of the Air Force.

Course plan: The class will concentrate on the protocols and services most likely to be encountered when performing system administration and security work. Students will inspect traffic such as would be seen in various malicious security events.

Topics for Day 2 include:

• Layer 2 attacks: Changing MAC addresses; MAC flooding (Macof); ARP denial of service (Arp-sk); port stealing (Ettercap); layer 2 man-in-the-middle (Ettercap); Dynamic Trunking Protocol attack (Yersinia)
• Layer 3: What Layer 3 is; Internet Protocol, raw IP (Nemesis), IP options (Fragtest), and IP time-to-live (Traceroute); Internet Control Message Protocol (Sing) and ICMP error messages (Gnetcat)
• Layer 3 attacks: IP spoofing; Gont ICMP attacks; ICMP Shell

Want to learn more from Richard Bejtlich? Check out his extra 2-day class after LISA, December 9–10, 2006. See the PDF flyer for details.

Richard Bejtlich (S2, M2, F1) is founder of TaoSecurity LLC(http://www.taosecurity.com), a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He has created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001, Richard defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real-time intrusion detection mission. Formally trained as an intelligence officer, he holds degrees from Harvard University and the United States Air Force Academy. Richard wrote the Tao of Network Security Monitoring: Beyond Intrusion Detection and the forthcoming Extrusion Detection: Security Monitoring for Internal Intrusions and Real Digital Forensics. He also wrote original material for Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and Sys Admin Magazine. Richard holds the CISSP, CIFI, and CCNA certifications. His popular Web log resides at http://taosecurity.blogspot.com.

Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This intermediate class will examine many of the background issues that need to be considered during the design and implementation of a mixed-architecture or single-architecture UNIX environment. It will cover issues from authentication (single sign-on) to the Holy Grail of single system images.

This class won't implement a "perfect solution," as each site has different needs. It will try to raise all the questions you should ask (and answer) while designing the solution that will meet your needs. We will look at some freeware and some commercial solutions, as well as many of the tools that exist to make a workable environment possible.

Topics include:

• Administrative domains: Who is responsible for what, and what can users do for themselves?
• Desktop services vs. farming: Do you do serious computation on the desktop, or do you build a compute farm?
• Disk layout: How do you plan for an upgrade? Where do things go?
• Free vs. purchased solutions: Should you write your own, or hire a consultant or company?
• Homogeneous vs. heterogeneous: Homogeneous is easier, but will it do what your users need?
• The essential master database: How can you keep track of what you have?
• Policies to make life easier
• Push vs. pull
• Getting the user back online in 5 minutes
• Remote administration: Lights-out operation; remote user sites; keeping up with vendor patches, etc.
• Scaling and sizing: How do you plan on scaling?
• Security vs. sharing: Your users want access to everything. So do the crackers . . .
• Single sign-on: How can you do it securely?
• Single system images: Can users see just one environment, no matter how many OSes there are?
• Tools: The free, the purchased, the homegrown

Lee Damon (M3, T3) has a B.S. in Speech Communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. Among other professional activities, he is a charter member of LOPSA and SAGE and past chair of the SAGE Ethics and Policies working groups, and he was the chair of LISA '04.

Who should attend: Anyone looking to learn more about OpenAFS and how to set up and administer an OpenAFS cell.

AFS is a global distributed file system which works on many different operating systems (UNIX, Windows, Mac OS). It is ideal for sharing data and software in a heterogeneous distributed computing environment. Now that AFS has become available through an open source license, it is available to sites and IT groups of all sizes. Although the use of AFS is simple, setting up your own AFS servers can be a rather daunting task.

Topics include:

• Overview of AFS concepts and semantics
• Setting up and managing the AFS client (even without your own servers)
• A working outline of the AFS server processes and how they play together
• How to set up a new AFS cell: design decisions, initial setup, planning for the future
• Authentication issues: Native KAS vs. Kerberos5
• Backups: How and what to choose to use
• AFS tools to make everything from maintenance to monitoring easier

Esther Filderman (M4) has been working with AFS since its infancy at CMU, before it was called AFS, and is currently Senior Operations Specialist and AFS administrator for the Pittsburgh Supercomputing Center. She has been working to bring AFS content to LISA conferences since 1999. She is also coordinating documentation efforts for the OpenAFS project.
 

Alf Wachsmann (M4) is working at the Stanford Linear Accelerator Center (SLAC) in the Computing Services' High-Performance Computing Group, where he is an infrastructure designer and automation specialist. He has a doctor's degree in natural sciences obtained in Computer Science at the University of Paderborn (Germany). He worked as a post-doc in the computing center of DESY Zeuthen (Germany) before he came to SLAC in 1999.

Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND 9. Attendees should have some experience of running a name server and be familiar with DNS jargon, resource records, and the syntax of zone files and named.conf.

This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"

Topics include:

• The BIND 9 logging subsystem
  • Getting the most from the name server's logs
  • Running the name server in debugging mode
• Managing the name server with rndc
• Configuring split DNS: internal and external versions of a domain
  • Using the views mechanism of BIND 9 to implement split DNS
• Securing the name server
  • Running it chroot()ed
  • Using access control lists
  • Preventing unwanted access
• Security
  • DNS vulnerability overview
  • Using Transaction Signatures (TSIG) to protect messages: cases and tools
  • Using DNSSEC to protect DNS data: cases, tools, implications
• Dynamic DNS (DDNS)
  • Secure dynamic updates with nsupdate: policies and usage models
• IPv6
  • Resolving and answering queries over IPv6 transport
  • Setting up AAAA records to resolve IPv6 addresses

Matt Larson (M5) works in the Advanced Products and Research Group of VeriSign Information Services as a specialist in DNS protocol and operational issues. He is the co-author of the O'Reilly & Associates Nutshell Handbooks DNS on Windows Server 2003, DNS on Windows 2000, and DNS on Windows NT. Matt joined VeriSign in June 2000 from Acme Byte & Wire, a company he started in 1997 with co-author Cricket Liu. Acme Byte & Wire specialized in DNS consulting and training, and its customers included more than 10% of the Fortune 100. Prior to Acme Byte & Wire, Matt worked for five years at Hewlett-Packard, first in the Corporate Network Services group, where he ran hp.com, one of the largest corporate domains in the world. He later joined HP's professional services organization.

Monday Morning Half-Day Tutorials

Who should attend: Anyone who is interested in how hackers work these days, and what system and network administrators can do to defend themselves.

This presentation will examine recent developments in hacker tools and techniques. Live demos of tools will be given as time permits, and defenses against the tools will be discussed. Bonus: A look at some recently headlined cybercrimes, with an emphasis on the techniques used.

Topics may include:

• VoIP security
• Phishing
• Reverse engineering
• Anti-forensics
• Wi-Fi and Bluetooth
• Web application attacks
• Spyware and malware
• Network tools
• Denial of service attacks

David Rhoades (M6) is a principal consultant with Maven Security Consulting, Inc. Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the U.S. and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

M7	BLOGS AND SPAM: LEGAL ISSUES FOR THE SYSTEM ADMINISTRATOR

Who should attend: System administrators at all levels of experience and seniority, and others who are facing legal and ethical issues about blogs and spam.

Blogs and spam have both proliferated tremendously in the past few years. Weak federal legislation has preempted much stronger state attempts to control spam. The Federal Trade Commission has enacted new rules that clarify some of the ambiguities in the CAN-SPAM Act. System administrators need to understand the requirements of the law and the new regulations.

Blogging raises many legal issues, including the scope of intellectual property rights, content regulation, and labor and employment issues. Several important recent cases highlight how existing laws are being applied to this new form of communication. Employees use company facilities and company time to post entries to their personal blogs and to read and comment on the blogs of others. These postings may include comments critical of their employers, or information their employers consider to be confidential and proprietary, or material created by others the use of which may not be authorized. Employers are increasingly using blogs to market and promote their company's products and services and also as a communications tool within the company. System administrators need to understand the legal issues that arise from blogging in the workplace.

This session will provide system administrators with a clear understanding of the new spam laws and the legal issues that need to be addressed when employees' right to free expression by blogging collides with employers' right to control the workplace. We will define the duties and responsibilities of system administrators when faced with spam campaigns and the use of their company's facilities for personal communication in the blogosphere. Finally, we will suggest guidelines for meeting the challenges presented by both of these popular technologies.

Topics include:

• CAN-SPAM and what it means for the system administrator
• New FTC rules implementing CAN-SPAM
• Blogging issues for the system administrator
• Use of company facilities for personal purposes: what are the limits?
• Who owns the blog?
• First Amendment rights and employer workplace rights: which prevail?
• When intellectual property rights conflict with free expression
• Blogging and trade secrets
• The fair use doctrine and blogging
• The role of company policies with respect to spam and blogging
• Recommendations for the system administrator

Daniel L. Appelman (M7) is a lawyer in the Silicon Valley office of a major international law firm. He has been practicing in the areas of cyberspace and software law for many years. He was the lawyer for Berkeley Software Design in the BSDi/UNIX System Laboratories (AT&T) case. Dan is the attorney for the USENIX Association and for many tech companies. He is also founding chair of his firm's Information Technology practice group, is the former chair of the California Bar's Standing Committee on Cyberspace Law, and is a current member of the California Bar Business Law Section's Executive Committee, the Computer Law Association, and the American Bar Association's Cyberspace Committee.

M8	BEYOND SHELL SCRIPTS: 21ST-CENTURY AUTOMATION TOOLS AND TECHNIQUES

Æleen Frisch (S4, M8) has been a system administrator for over 20 years. She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).

Who should attend: System and network administrators who are interested in learning more about the TCP/IP protocol and how network traffic monitoring and analysis can be used as a debugging, auditing, and security tool.

The focus of this course is using the Ethereal protocol analyzer as a debugging and auditing tool for TCP/IP networks. System logs can turn out to be incomplete or incorrect when you're trying to track down network application failures. Sometimes the quickest, or the only, way to find the cause is to look at the raw data on the wire. This course is designed to help you make sense of that data.

Topics include:

• Introduction to Ethereal for local and remote network tracing
• TCP/IP protocol basics
• Analysis of popular application protocols such as DNS, DHCP, HTTP, NFS, CIFS, and LDAP
• How some kinds of TCP/IP network attacks can be recognized

Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has been developing, writing about, and teaching on open source since the late 1990s. Currently employed by Centeris as a Samba and open source developer, Gerald has written books for SAMS Publishing and for O'Reilly Publishing.
 

Monday Afternoon Half-Day Tutorials

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Topics include:

• Why system administrators need to document
• The document life cycle
• Targeting your audience
• An adaptable document framework
• Common mistakes
• Tools to assist the documentation process

Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching software engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

M11	HOW TO INTERVIEW A SYSTEM ADMINISTRATOR

Who should attend: System administrators of all levels of experience, as well as managers of system administrators. The course will focus on techniques for interviewers, but even sysadmins who are just starting out will learn some things to use as an interviewee. Managers of system administrators and junior sysadmins will learn, among other things, how to interview someone who knows more than you do. Junior administrators will also learn how to respond (as an interviewee) when asked a bad question—in particular, how to turn it into a better question.

Do you know how to interview a system administrator? Do the questions you ask elicit specific, narrowly focused information, or do they show you both the depth and breadth of a candidate's knowledge of a particular subject or technology? Do you know how to distinguish between a candidate who is just trying to bluff through the interview and one who has some knowledge of the field but hasn't yet become an expert? Are trick questions ever appropriate, and, if so, when and why? Some questions shouldn't be asked, and some would even land you in hot water with your company's HR or legal department: do you know what those questions are? Finally, have you figured out how to help a candidate do well in an interview while still getting an objective and fair assesment of their skills?

If you answered "no" or even "I'm not sure" to any of these questions, this course is for you.

Topics include:

• Purposes of an interview
• To assess the candidate's technical skills
• To get a feel for the candidate's personality and interpersonal skills
• To learn whether a candidate is likely to be a good fit with the company and with the IT group
• To help the candidate figure out whether he wants this job and whether he is likely to do well in the position
• Maybe even to teach the candidate something new about system administration
• Basic questions to bear in mind
• Is the candidate comfortable?
• Does he need a drink or a bathroom break?
• Does she know who you are and what your role in the company is?
• Preparatory questions
• What are you really trying to learn about the candidate's skills, and why?
• What makes a good question good?
• What makes a bad question bad?
• How can you turn bad questions into good ones?
• When is it appropriate to ask a trick question, and why?
• What questions can't or shouldn't you ask?

Adam Moskowitz (M11), in his roles as IT manager and senior system administrator, and on behalf of several of his consulting clients, has interviewed more candidates for system administration positions than he can remember. By virtue of having worked for a lot of companies that are no longer in business, he has been a candidate for almost that many system administration positions. Over the years he's been asked good questions, bad questions, and horrible questions, and has seen candidates become flummoxed when asked what seemed like rather simple questions. All this plus his almost 30 years of experience in the field (not to mention a darned good ratio of interviews to job offers) have given Adam considerable field experience to draw on for this tutorial.

When he's not in an interview, Adam works as a system administrator—but only to support his hobby of judging barbecue contests and to keep food in his puppy's bowl.

Who should attend: System and application administrators who need to support databases and database-backed applications.

Databases used to run almost exclusively on dedicated database servers, with one or more database administrators (DBAs) dedicated to their care. These days, with the easy availability of database software such as MySQL and PostgreSQL, databases are popping up in many more places, and are used by many more applications.

As a system administrator you need to understand databases, their care and feeding.

Attendees will leave the tutorial with a better understanding of databases and their use and will be ready to deploy and support common database software and database-backed applications.

Topics include:

• An introduction to database concepts
• The basics of SQL (Structured Query Language)
• Common applications of databases
• Berkeley DB and its applications
• MySQL installation, configuration, and management
• PostgreSQL installation, configuration, and management
• Security, user management, and access controls
• Ad-hoc queries with standard interfaces
• ODBC and other access methods
• Database access from other tools (Perl, PHP, sqsh, etc.)

John Sellens (S3, M12) has been involved in system and network administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and the SAGE Short Topics in System Administration booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

Who should attend: Anyone with an existing project that isn't going well, and they're not sure why, or with a big initiative at work that they'd like to turn into a project but can't seem to get beyond a certain point with it; anyone who's been getting involved with open source software development, and things have gotten complex now that more folks are on board. If you've been thinking, "Hey, if we had a little more structure, we could get a lot more accomplished," this tutorial is for you. It's likely, but not strictly required, that you've taken some kind of project management training or done some reading on your own.

As for me: I've been pulling clients' projects out of the fire for years. As a career consultant, I'm constantly running into the "When all else fails, hire a consultant" syndrome. I've seen projects without a plan, plans without a project, and just about everything in between—including a lot of busy people who don't seem to know what the common goal is, or even whether there is one!

So come on down, bring your laptop, your notes, and your questions, and get your project back on track.

Strata Rose Chalup (M13, W8, R4) began as a fledgling sysadmin in 1983 and has been leading and managing complex IT projects for many years, serving in roles ranging from Project Manager to Director of Network Operations. She has written a number of articles on management and working with teams and has applied her management skills on various volunteer boards, including BayLISA and SAGE. Strata has a keen interest in network information systems and new publishing technologies and built a successful consulting practice around being an avid early adopter of new tools, starting with ncsa_httpd and C-based CGI libraries in 1993 and moving on to wikis, RSS readers, and blogging. Another MIT dropout, Strata founded VirtualNet Consulting in 1993.

Who should attend: Anyone who supports or may support Solaris 10 machines.

This one-day tutorial will cover the tools and utilities available in Solaris 10 for understanding system and application behavior. An overview of the various tools will be followed by a drill-down on the uses of and methodology for applying the tools to resolve performance issues and pathological behavior, or simply to understand the system and workload better.

Topics include:

• Solaris 10 features overview
• Solaris 10 tools and utilities
  • The conventional stat tools (mpstat, vmstat, etc.)
  • The procfs tools (ps, prstat, map, pfiles, etc.)
  • lockstat and plockstat
  • Using kstat
  • Dtrace, the Solaris dynamic tracing facility
  • Using mdb in a live system
• Understanding memory use and performance
• Understanding thread execution flow and profiling
• Understanding I/O flow and performance
• Looking at network traffic and performance
• Application and kernel interaction
• Putting it all together

James Mauro (T1) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current interests and activities are centered on benchmarking Solaris 10 performance, workload analysis, and tool development. This work includes Sun's new Opteron-based systems and multicore performance on Sun's Chip Multithreading (CMT) Niagara processor. Jim resides in Green Brook, New Jersey, with his wife and two sons. He spent most of his spare time in the past year working on the second edition of Solaris Internals. Jim co-authored the first edition of Solaris Internals with Richard McDougall and has been writing about Solaris in various forums for the past eight years.

Richard McDougall (T1), had he lived 100 years ago, would have had the hood open on the first four-stroke internal combustion gasoline-powered vehicle, exploring new techniques for making improvements. He would be looking for simple ways to solve complex problems and helping pioneering owners understand how the technology works to get the most from their new experience. These days, McDougall uses technology to satisfy his curiosity. He is a Distinguished Engineer at Sun Microsystems, specializing in operating systems technology and system performance. He is co-author of Solaris Internals (Prentice Hall PTR, 2000) and Resource Management (Sun Microsystems Press, 1999).

Who should attend: System, network, and security administrators who want to be able to separate the wheat of warning information from the chaff of normal activity in their log files.

This tutorial will show the importance of log files for maintaining system security and general well-being, offer some strategies for building a centralized logging infrastructure, explain some of the types of information that can be obtained for both real-time monitoring and forensics, and teach techniques for analyzing log data to obtain useful information.

The devices on a medium-sized network can generate millions of lines of log messages a day. Although much of the information is normal activity, hidden within that data can be the first signs of an intrusion, denial of service, worms/viruses, and system failures. Why should you attend? Getting a handle on your log files can help you run your systems and networks more effectively and can provide forensic information for post-incident investigation.

Topics include:

• Problems, issues, and scale of handling log information
• Generating useful log information: improving the quality of your logs
• Collecting log information
  • syslog and friends
  • Building a log host
  • Integrating MS Windows into a UNIX log architecture
• Storing log information
  • Centralized log architectures
  • Log file archiving
• Log analysis
  • Log file parsing tools
  • Data analysis of log files (e.g., baselining)
  • Attack signatures and other interesting things to look for in your logs
• How to handle and preserve log files for HR and legal folks

Abe Singer (T2, W6) is a Computer Security Researcher in the Security Technologies Group at the San Diego Supercomputer Center. In his operational security responsibilities, he participates in incident response and forensics and in improving the SDSC logging infrastructure. His research is in pattern analysis of syslog data for data mining. He is co-author of of the SAGE booklet Building a Logging Infrastructure and author of a forthcoming O'Reilly book on log analysis.

Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching software engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

Lee Damon (M3, T3) has a B.S. in Speech Communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. Among other professional activities, he is a charter member of LOPSA and SAGE and past chair of the SAGE Ethics and Policies working groups, and he was the chair of LISA '04.

Gerald Carter, Centeris
9:00 a.m.–5:00 p.m.

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Topics include:

• Providing basic file and print services
• Centrally managing printer drivers for Windows clients
• Cofiguring Samba's support for Access Control Lists and the Microsoft Distributed File System
• Making use of Samba VFS modules for features such as virus scanning and a network recycle bin
• Integrating with Windows NT 4.0 and Active Directory authentication services
• Implementing a Samba primary domain controller along with Samba backup domain controllers
• Migrating from a Windows NT 4.0 domain to a Samba domain
• Utilizing account storage alternatives to smbpasswd such as LDAP

Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has published articles with various Web-based magazines and teaches courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration for O'Reilly Publishing.

T5	INTRODUCTION TO VMWARE ESX SERVER

John Arrasjid and Stephen Sorota, VMware
9:00 a.m.–5:00 p.m.

Who should attend: System administrators and architects who are interested in deploying VMware ESX Server in a production environment. No prior experience with VMware products is required. Knowledge of Linux is helpful; basic knowledge of SANs is useful but not required.

VMware ESX Server is virtual infrastructure software for partitioning, consolidating, and managing systems in mission-critical Intel environments. In this tutorial, we will provide an overview of virtual machine technology as well as the features and functionality of ESX Server. Installation, configuration, and best practices will be the focus of the session.

Topics include:

• Virtual infrastructure overview
• ESX Server overview
• Installation and configuration
• Virtual Machine (VM) creation and operation
• Operations and administration best practices
• Advanced configuration (SAN and networking)

John Arrasjid (T5) has 20 years of experience in the computer science field. His experience includes work with companies such as AT&T, Amdahl, 3Dfx Interactive, Kubota Graphics, Roxio, and his own company, WebNexus Communications, where he developed consulting practices and built a cross-platform IT team. John is currently a senior member of the VMware Professional Services Organization as a Consulting Architect. John has developed a number of PSO engagements, including Performance, Security, and Disaster Recovery and Backup.

Tuesday Morning Half-Day Tutorials

T6	HITCHHIKER'S GUIDE TO EMAIL SENDER AUTHENTICATION

Murray Kucherawy, Sendmail, Inc.
9:00 a.m.–12:30 p.m.

Who should attend: System administrators familiar with email concepts who want to get their feet wet in the emerging area of email sender authentication.

Spam and phishing cost industry millions of dollars per year in lost productivity and fraud claims. Email sender authentication is a concerted, multi-fronted attempt to add technology to stem this tide of fraudulent and annoying email.

Some well-established methods, as well as some of the more nascent ones, will be covered. The components of each protocol, as well as the impact of bringing them into your environment, will be addressed. References will be provided to existing as well as upcoming implementations of several of these proposals (with an emphasis on the free ones, of course). We will discuss the technologies themselves while remaining as MTA-agnostic as possible, so that what you learn can be applied in whatever your home environment may be.

Topics include:

• Introduction
• Why sender authentication is necessary
• Why not PGP or S/MIME?
• Past
• Simple client checks: RMX, MTAMark
• Present
• Path-based methods: SPF, Sender-ID
• Crypto-based methods: DomainKeys, IIM, DKIM
• Best common practices
• Future
• Reputation: Realtime Blackhole Lists (RBLs), Collaborative (Vipul's Razor)

Murray Kucherawy (T6, T10) has been actively involved in email system administration and software development since 1990 and has been awarded two related patents, with a third pending. He holds a Bachelor of Mathematics degree from the University of Waterloo and has been with Sendmail, Inc., for seven years as a senior software engineer. Prior to that he completed a six-year tour of duty in the Internet Service Provider industry in both Canada and the United States, and also worked for three terms as a staff member in computing and information technology at the University of Waterloo. He is currently working with the IETF to advance the progress of sender authentication issues through the standards process.

T7	DISK-TO-DISK BACKUP AND ELIMINATING BACKUP SYSTEM BOTTLENECKS

Jacob Farmer, Cambridge Computer
9:00 a.m.–12:30 p.m.

Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use. Students will leave this lecture with immediate ideas for effective, inexpensive improvements to their backup systems.

The data protection industry is going through a mini-renaissance. In the past few years, the cost of disk media has dropped to the point where it is practical to use disk arrays in backup systems, thus minimizing and sometimes eliminating the need for tape. In the first incarnations of disk-to-disk backup—disk staging and virtual tape libraries—disk has been used as a direct replacement for tape media. While this compensates for the mechanical shortcomings of tape drives, it fails to address other critical bottlenecks in the backup system, and thus many disk-to-disk backup projects fall short of expectations. Meanwhile, many early adopters of disk-to-disk backup are discovering that the longterm costs of disk staging and virtual tape libraries are prohibitive.

The good news is that the next generation of disk-enabled data protection solutions have reached a level of maturity where they can assist—and sometimes even replace—conventional enterprise backup systems. These new D2D solutions leverage the random access properties of disk devices to use capacity much more efficiently and to obviate many of the hidden backup system bottlenecks that are not addressed by first-generation solutions. The challenge to the backup system architect is to cut through the industry hype, sort out all of these new technologies, and figure out how to integrate them into an existing backup system.

This tutorial identifies the major bottlenecks in conventional backup systems and explains how to address them. The emphasis is placed on the various roles for inexpensive disk in your data protection strategy; however, attention is given to SAN-enabled backup, the current state and future of tape drives, and iSCSI.

Topics include:

• Identifying and eliminating backup system bottlenecks
• Conventional disk staging
• Virtual tape libraries
• Removable disk media
• Incremental forever and synthetic full backup strategies
• Block- and object-level incremental backups
• Information lifecycle management and nearline archiving
• Data replication
• CDP (Continuous Data Protection)
• Snapshots
• Current and future tape drives
• Capacity Optimization (Single-Instance File Systems)
• Minimizing and even eliminating tape drives
• iSCSI

Jacob Farmer (T7, T11) is a well-known figure in the data storage industry. He has authored numerous papers and articles and is a regular speaker at trade shows and conferences. In addition to his regular expert advice column in the "Reader I/O" section of InfoStor Magazine, the leading trade magazine of the data storage industry, Jacob also serves as the publication's senior technical advisor. Jacob has over 18 years of experience with storage technologies and is the CTO of Cambridge Computer Services, a national integrator of data storage and data protection solutions.

T8	OVER THE EDGE SYSTEM ADMINISTRATION, VOLUME 1

David N. Blank-Edelman, Northeastern University
9:00 a.m.–12:30 p.m.

Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different.

It's time to learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out. This class is a cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed.

Note: The teacher takes no responsibility should your head explode during this class.

Topics include:

• How to (ab)use perfectly good network transports by using them for purposes never dreamed of by their authors
• How to increase user satisfaction during downtimes with 6 lines of Perl
• How to improve your network services by intentionally throwing away data
• How to drive annoying Web-only applications that don't have a command line interface—without lifting a finger
• How to use ordinary objects you have lying around the house, such as Silly Putty, to make your life easier (seriously!)

David N. Blank-Edelman (T8, T12, W5) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the past 20+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and is one of the LISA '06 Invited Talks co-chairs.

T9	FIREWALLS AND INTERNET SECURITY FOR MAC OS X

Rik Farrow, Security Consultant
9:00 a.m.–12:30 p.m.

Who should attend: Mac OS X users and administrators. Some experience with command-line UNIX tools is required to get the most out of this class. Security analysts and managers can also take this class and learn what must be done to create secure Mac OS X systems.

Mac OS X includes a firewall that you can enable with one click via a GUI interface. And if all you want to do is block most incoming network access, that's all you need to know. But if you need to know more, this class is for you.

Mac OS X uses ipfw, one of the firewalls available in FreeBSD. You can use the GUI to manage ipfw and do simple things such as allow SSH connections through. Under the covers, Mac OS X is storing your firewall configuration in two formats, both editable, and using the ipfw commandline tool. Ipfw provides a lot more flexibility than you can get from using the GUI tool, and a little knowledge permits you to install new rules on the fly or add rules that will be installed with every restart.

Bring your Apple laptop so that you can participate in class exercises. If you don't have a laptop, there should be enough people who do have one that you can comfortably shoulder surf.

Topics include:

• Configuring ipfw using the GUI and understanding what this actually does
• Understanding IP as it applies to firewalls and Internet security
• Using ipfw firewalls to both block potential attacks and blunt successful attacks
• Recognizing IP protocols that are peculiar to Mac OS X and may or may not be welcome in networks where you use just a few Macs
• Using ipfw to control network access to your Mac OS X systems

Rik Farrow (S5, T9) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many U.S. and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow is the editor of ;login:. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.

Tuesday Afternoon Half-Day Tutorials

T10	WRITING FILTERS USING "MILTER"

Murray Kucherawy, Sendmail, Inc.
1:30 p.m.–5:00 p.m.

Who should attend: System administrators and software developers familiar with email concepts who want to write applications that can plug into the sendmail MTA to monitor and control the flow and content of email.

Email is critical infrastructure. In the past few years there have been huge changes: growth in mail volume, new regulations, sender authentication, and an increasing variety of filtering needs. Wouldn't it be great if you didn't need to be a full-blown MTA developer to write your own customized filters, or integrate your own local applications into your email stream?

Well, you can! A few years ago, Sendmail introduced a generic programming interface called milter that allows exactly this. After this course you will be able to write and debug your own mail filtering applications that plug directly into Sendmail, and understand how all the parts fit together. Examples in both C and Perl will be offered. Sample programs will also be shown.

If you've ever hacked your own database queries or other site-specific changes into Sendmail and then had to deal with carrying your patches forward from one version to the next, this could be the tutorial you've been waiting for.

Topics include:

• Phases of SMTP and how they relate to your filter
• The callbacks milter offers
• How threads are used in milter
• Writing a basic filter using the milter API
• Registering the filter with Sendmail
• Handling failures
• Related known limitations in various environments
• Examples of applications
• Future development

Murray Kucherawy (T6, T10) has been actively involved in email system administration and software development since 1990 and has been awarded two related patents, with a third pending. He holds a Bachelor of Mathematics degree from the University of Waterloo and has been with Sendmail, Inc., for seven years as a senior software engineer. Prior to that he completed a six-year tour of duty in the Internet Service Provider industry in both Canada and the United States, and also worked for three terms as a staff member in computing and information technology at the University of Waterloo. He is currently working with the IETF to advance the progress of sender authentication issues through the standards process.

T11	NEXT GENERATION STORAGE NETWORKING

Jacob Farmer, Cambridge Computer
1:30 p.m.–5:00 p.m.

Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This tutorial is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures and various approaches to scaling in both performance and capacity. Since storage networking technologies tend to be costly, there is some discussion of the relative cost of different technologies and of strategies for managing cost and achieving results on a limited budget.

There has been tremendous innovation in the data storage industry over the past few years. Proprietary, monolithic SAN and NAS solutions are beginning to give way to open-system solutions and distributed architectures. Traditional storage interfaces such as parallel SCSI and Fibre Channel are being challenged by iSCSI (SCSI over TCP/IP), SATA (serial ATA), SAS (serial attached SCSI), and even Infiniband. New filesystem designs and alternatives to NFS and CIFS are enabling high-performance filesharing measured in gigabytes (yes, "bytes," not "bits") per second. New spindle management techniques are enabling higher-performance and lower-cost disk storage. Meanwhile, a whole new set of efficiency technologies are allowing storage protocols to flow over the WAN with unprecedented performance. This tutorial is a survey of the latest storage networking technologies, with commentary on where and when these technologies are most suitably deployed.

Topics include:

• Fundamentals of storage virtualization: the storage I/O path
• Shortcomings of conventional SAN and NAS architectures
• In-band and out-of-band virtualization architectures
• The latest storage interfaces: SATA (serial ATA), SAS (serial attached SCSI), 4Gb Fibre Channel, Infiniband, iSCSI
• Content-Addressable Storage (CAS)
• Information Life Cycle Management (ILM) and Hierarchical Storage Management (HSM)
• The convergence of SAN and NAS
• High-performance file sharing
• Parallel file systems
• SAN-enabled file systems
• Wide-area file systems (WAFS)

Jacob Farmer (T7, T11) is a well-known figure in the data storage industry. He has authored numerous papers and articles and is a regular speaker at trade shows and conferences. In addition to his regular expert advice column in the "Reader I/O" section of InfoStor Magazine, the leading trade magazine of the data storage industry, Jacob also serves as the publication's senior technical advisor. Jacob has over 18 years of experience with storage technologies and is the CTO of Cambridge Computer Services, a national integrator of data storage and data protection solutions.

T12	OVER THE EDGE SYSTEM ADMINISTRATION, VOLUME 2

David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.

Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different. Previous attendance at Volume 1 of the series is recommended but not required.

Join us for volume two of the wildly successful Over the Edge System Administration class series. Once again we'll learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out with the help of a whole new set of examples. This class is a second cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed. This class will take some of the concepts from the first installment and develop them even further.

Once again, we feel it is important to remind you: The teacher takes no responsibility should your head explode during this class.

Topics include:

• How to exploit side effects to your benefit
• Applying the arts and crafts you learned in camp to system administration
• Pressing Web apps from places like Google and Yahoo! into service as sysadmin tools
• How to perform SQL queries on your network equipment
• How to use even more ordinary objects you have lying around the house to make your life easier (seriously!)

David N. Blank-Edelman (T8, T12, W5) is the Director of Technology at the Northeastern University College of Computer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the past 20+ years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He was the program chair of LISA '05 and is one of the LISA '06 Invited Talks co-chairs.

T13	ENTERPRISE WIRELESS NETWORK SETUP

Rudi van Drunen, Competa IT/Xlexit
1:30 p.m.–5:00 p.m.

Who should attend: Network professionals and system administrators deploying and managing wireless networks in an enterprise setting who want to use the new encryption/authentication/authorization protocols.

Wireless networks are becoming ready for the enterprise. Serious flaws in the encryption are being solved with new protocols on top of 802.11. This tutorial describes setting up a wireless network in an enterprise environment using the latest protocols for authentication, authorization, and encryption, and it explains how to choose and set up your access points, antennas, and accompanying infrastructure.

After supplying some background in radio technology and antennas and showing ways to deploy your access points, we will describe the newer higher-level protocols. This tutorial will provide answers to key questions: What are the strong points? the weak points? How should you implement an enterprise structure using a RADIUS back end? Now you have it, how can you manage it?

Topics include:

• Making a radio plan
• Selecting and placing access points
• Determining your cabling and antennae needs
• Designing the authentication/authorization infrastructure
• WPA
• WPA2
• LEAP
• EAP
• RADIUS
• Setting up hardware and software (including clients)

Topics do not include:

• Cryptanalysis of protocols
• Details of vendor-specific software

Rudi van Drunen (T13) met UNIX about 25 years ago at the University of Groningen (NL). Nowadays he is employed as a senior infrastructure and UNIX consultant. Before that, he was head of IT for a medical lab in Leiden, The Netherlands, where he did A.O. UNIX system administration and applied research in image analysis and neural networks. He is one of the tech gurus and a board member of Wireless Leiden, the leading wireless community in the Netherlands. Rudi has his own small open source and hardware design company, Xlexit. He has taught a number of classes and given invited talks on wireless topics at SANE and for the Dutch UNIX community (NLUUG).

W1	RESOURCE MANAGEMENT WITH SOLARIS CONTAINERS

Who should attend: System administrators who want to improve resource utilization of their Solaris (SPARC, x64, x86) systems.

This tutorial covers the facilities available in Solaris for managing system resources. These facilities enable you to perform workload management and service-level management, leverage available capacity, and manage system utilization. Controls for CPUs, processes and threads, CPU affinity, scheduling classes, memory, partitioning facilities, and network bandwidth management are explained and demonstrated.

At the conclusion of this session, the student will have a solid understanding of the facilities and commands available for maximizing utilization of the Solaris systems in their data center.

Topics include:

• What are resources?
• Why would you want to manage them?
• How do you use these Solaris features?
• Projects and Tasks
• Resource Controls
• Dynamic Resource Pools, including processor sets
• Physical Memory management with Resource Capping and Memory Sets
• Network bandwidth management with IPQoS
• Schedulers
• Application isolation with Zones

Jeff Victor (W1) has been using UNIX systems since 1984. His two-decade career has included software design and development, network and telecomm administration, and nine years as a Systems Engineer at Sun Microsystems. Recently Jeff wrote the Sun BluePrint "Solaris Containers Technology Architecture Guide" and the "How to Move a Container" guide, both available at www.sun.com. He also maintains the Solaris Zones and Containers FAQ at opensolaris.org. Jeff holds a B.S. in Computer Science from Rensselaer Polytechnic Institute.

Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the successor to the X.500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

Topics include:

• Replacing NIS domains
• Integration with Samba file and print servers
• Integrating MTAs such as Sendmail and Postfix
• Creating address books for mail clients
• Managing user access to HTTP and FTP services
• Integrating with DHCP and DNS servers
• Scripting with the Net::LDAP Perl module
• Defining custom attributes and object classes

Gerald Carter (S9, S12, M9, T4, W2, R7) has been a member of the Samba Development Team since 1998. He has been developing, writing about, and teaching on open source since the late 1990s. Currently employed by Centeris as a Samba and open source developer, Gerald has written books for SAMS Publishing and for O'Reilly Publishing.
 

Wednesday Morning Half-Day Tutorials

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

• Common mistakes and unsafe practices
• Modular shell script programming
• Building blocks: awk, sed, etc.
• Writing secure shell scripts
• Performance tuning
• Choosing the right utilities for the job
• Addressing portability at the design stage
• When not to use shell scripts

Mike Ciavarella (M10, T3, W3) has been producing and editing technical documentation since