Wednesday, June 12, 2002

Full-Day Tutorials W1 Blueprints for High Availability: Designing Resilient Distributed Systems Evan Marcus, VERITAS Software Corporation W2 Practical Wireless IP: Concepts, Administration, and Security Philip Cox and Brad C. Johnson, SystemExperts Corporation W3 Building Honey Pots for Intrusion Detection NEW Marcus Ranum, NFR Security, Inc. W4 Topics in UNIX and Linux Administration, Part 2 NEW Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado W5 Exploring the Potential of LDAP Gerald Carter, Hewlett Packard W6 System and Network Performance Tuning Marc Staveley, Soma Networks W7 Cisco's Security Features: What They Are, Where to Use Them, How to Configure Them NEW John Stewart, Digital Island, Inc. W8 Scripting the Web NEW Rasmus Lerdorf, Consultant

Evan Marcus (W1), who has 14 years of experience in UNIX systems administration, is now a Senior Systems Engineer and High Availability Specialist with VERITAS Software Corporation. At Fusion Systems and OpenVision Software, Evan worked to bring the first high-availability software application for SunOS and Solaris to market. He is the author of several articles and talks on the design of high availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).


W2 Practical Wireless IP: Concepts, Administration, and Security
Philip Cox and Brad C. Johnson, SystemExperts Corporation

Who should attend: Users, administrators, managers, and others interested in learning about some of the fundamental security and usage issues around wireless IP services. This tutorial assumes some knowledge of TCP/IP networking and client/server computing, the ability or willingness to use administrative GUIs to set up a device, and a general knowledge of common laptop environments.

Whether you like it or not, wireless services are popping up everywhere. And you and your organization will be responsible for understanding and managing the devices you possess. Since the purpose of wireless is to share data when you aren't directly attached to a wired resource, you need to understand the fundamental security and usage options. In this tutorial we will cover a number of topics that affect you in managing and using wireless services. Some of the topics will be demonstrated live using popular wireless devices.

Topics include:

• Cellular services basics
  • What's out there?
  • Who's using what?
  • What really matters?
  • Wireless LAN fundamentals
  • Architecture
  • Threats
  • 802.11b
  • Configuration examples
  • Antennas
• Access points
  • Channels, placement
  • Bandwidth, aggregation
  • Congestion
  • Roaming, signals
  • General issues
  • Sniffers
  • Building your own access point
  • 802.11a

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux. While the materials may be of interest to a Windows/NT administrator, attendees will benefit most if they have at least basic UNIX system administration skills.

This class provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar-alarming networks. Students completing this class will come away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

• Introduction
  • IDSes
  • Fundamentals of burglar alarms
  • Fundamentals of honey pots
  • Fundamentals of log-data analysis
  • Spoofing servers
• Overview of our honey pot's design
  • System initialization
  • Services
  • Spoofing server implementation walkthrough
  • Multiway address/traffic manipulation
  • Logging architecture: syslogs, XML logs, statistical processing
  • Simple tricks for information visualization
• Crunchy implementation details
  • How to write spoofing rules
  • How to write log filtering rules
• Management
  • How to get help in analyzing attacks
  • Keeping up to date

Marcus Ranum (T8, W3) is founder and CTO of NFR Security, Inc. He has been working in the computer/network security field for over 14 years and is credited with designing and implementing the first commercial Internet firewall product. Marcus also designed and implemented other significant security technologies, including the TIS firewall toolkit and the TIS Gauntlet firewall. As a researcher for ARPA, Marcus set up and managed the Whitehouse.gov email server. Widely known as a teacher and industry visionary, he has been the recipient of both the TISC Clue award and the ISSA lifetime achievement award. Marcus lives in Woodbine, Maryland, with his wife, Katrina, and a small herd of cats.

W4 Topics in UNIX and Linux Administration, Part 2 NEW
Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics.

Topics include:

• Efficient Server Log Management: Server and network device logs are one of the most useful sources of performance and security information. Unfortunately, system logs are often overlooked by organizations, out of either a lack of time or a preference for information from fancier intrusion detection systems. We present a set of open source tools and a unified strategy for securely managing centralized system logs.
• What's New with Sendmail: Newer versions of sendmail ship with a wealth of features every system administrator should know about. From advanced virus and spam filtering (Milter), to IPv6, to improved LDAP and mailbox abstraction support, we discuss sendmail's hot new features, quirks, and tricks.
• Performance Crisis Case Studies: Trying to squeeze more performance out of your existing environment? We'll walk you through the pathology of actual performance crisis situations we've encountered, and talk not only about how to fix them but also how to avoid them altogether. There's nothing like learning from real-world situations!
• Security Tools: A new generation's worth of security management tools are on the loose. We'll help you understand how to use them to your advantage. We'll examine network scanning tools such as Nessus and nmap, as well as new tools to facilitate security forensics.
• Site Localization and Management: Wouldn't it be nice if new system arrivals meant pushing a button and watching the localization work happen magically before your eyes? Imagine if systems at your site all shared a consistent configuration! We'll talk about modern tools for localization and mass deployment of systems, and how to keep systems up-to-date on a going forward basis.
• Security Incident Recovery: You've been vigilant about your site's security, but the day still comes when you detect an intruder. How do you handle the situation, analyze the intrusion, and restore both security and confidence to your environment? This crash course in incident handling will give you the skills you need to deal with the unthinkable.

Evi Nemeth (T4, W4), a faculty member in computer sci ence at the University of Colorado, has managed UNIX systems for the past 25 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook. Evi is about to get out of the UNIX and networking worlds and explore the real world on a sailboat.



W5 Exploring the Potential of LDAP
Gerald Carter, Hewlett Packard

Who should attend: Administrators and programmers interested in the potential of the Lightweight Directory Access Protocol (LDAP) and in exploring issues related to deploying an LDAP infrastructure. This tutorial is not a how-to for a specific LDAP server, nor is it an LDAP developers' course. Rather, it is an evaluation of the potential of LDAP to allow the consolidation of existing deployed directories. No familiarity with LDAP or other Directory Access Protocols will be assumed.

System administrators today run many directory services, though they may be called by such names as DNS and NIS. LDAP, the up-and-coming successor to the X500 directory, promises to allow administrators to consolidate multiple existing directories into one. Vendors across operating-system platforms are lending support. Topics include:

• The basics of LDAP
• Current technologies employing LDAP services
• Replacing NIS using LDAP
• Integrating authentication mechanisms for other services (e.g., Apache, Sendmail, Samba) with LDAP
• LDAP interoperability with other proprietary directory services, such as Novell's NDS and Microsoft's Active Directory
• Programming tools and languages available for implementing LDAP support in applications

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore techniques for tuning systems, networks, and application code. Starting from a single-system view, we'll examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll move on to Network File System tuning and performance strategies. Detailed treatment of network performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and controlling response time will be covered. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided. Topics include:

• Performance tuning strategies
  • Practical goals
  • Monitoring intervals
  • Useful statistics
  • Tools, tools, tools
• Server tuning
  • Filesystem and disk tuning
  • Memory consumption and swap space
  • System resource monitoring
• NFS performance tuning
  • NFS server constraints
  • NFS client improvements
  • NFS over WANs
  • Automounter and other tricks
• Network performance, design, and capacity planning
  • Locating bottlenecks
  • Demand management
  • Media choices and protocols
  • Network topologies: bridges, switches, routers
  • Throughput and latency
  • Modeling resource usage
• Application tuning
  • System resource usage
  • Memory allocation
  • Code profiling
  • Job scheduling and queuing
  • Real-time issues
  • Managing response time

Who should attend: Network and system administrators running Cisco networks, and security professionals.

It's common knowledge that over 85% of all Internet traffic crosses a Cisco product at one time or another. Given this fact, it is obvious that improving security on Cisco products can improve the overall security of your site as well as the overall security of the Internet. However, the security features available in Cisco products can be a discipline in themselves. This class takes a nuts-and-bolts approach to deciding which Cisco security features to use, and when and where to use them. A sample network is used as the basis for the class. For each area, sample uses and actual configuration techniques are discussed. Topics include:

• Perimeter Security
  • Cisco Access Control Lists (ACLs)
  • Lock and key
  • TCP intercept
  • Context-Based Access Control (CBAC)
  • Firewalling technologies compared and contrasted
  • PIX
  • IOS
• Access Lists revealed
  • Basic vs. extended
  • Where and how to use ACLs
  • Event logging
  • Per-user ACLs on dial-up ports
• Router-to-router security
  • Shared symmetrical application keys
  • Distributed Director
  • Remote access
  • Route authentication
• User security
  • Authentication, Authorization, Accounting (AAA)
  • TACACS
  • Fixed, OTP, SecureCard
  • RADIUS
  • Kerberos
• IPSec
  • Current standards update
  • Deploying IPSec with other technologies
  • ISAKMP/Oakley
  • Availability
  • Configuring and using IPSec
• Network Address Translation (NAT)
  • Hiding your company
  • Hiding your Web servers
  • Using NAT over dial-up
• VPN
  • VPDNs
  • GRE tunnels
  • Layer 2 Forwarding (L2F)
  • L2TP tunnels

Who should attend: Web site designers or programmers working on Web-related projects. No programming background is required, but a basic understanding of HTML and HTTP is assumed.

PHP is a popular scripting language used for creating dynamic Web sites. This tutorial, taught by the original developer of the language, will cover all the main features of the language.

Topics include:

• History
• Language overview
• Sessions
• Error handling
• Database examples
• Creating graphics on the fly
• Creating PDF and Flash on the fly
• XML/XSLT
• Caching, content compression, and other tips
• Content management
• Extending PHP

Rasmus Lerdorf (W8) has been designing large-scale UNIX-based solutions since 1989. In the Open Source community, he is known mostly as the creator of the PHP scripting language. Rasmus has contributed to a number of Apache-related projects and is a member of the Apache core team. He currently lives in the San Francisco Bay Area with his wife, Christine. He can be reached at rasmus@php.net.