Check out the new USENIX Web site.
LISA '03: 17th Large Installation Systems Administration Conference, October 26-31, 2003, San Diego, CA
LISA '03 Home  | USENIX Home  | Events  | Publications  | Membership

Register

overview

At a Glance

Tutorials

Technical Sessions

Guru Sessions

Workshops

WiPs

BoFs

Exhibition

Activities

services

Hotel

Students

Program PDF

Questions

Past Proceedings

Author/Speakers

Author Instructions

Speaker Instructions

Call for Papers

Register Now!     TRAINING
Overview | By day: Sunday, Monday, Tuesday | By Instructor | All in One File

Monday, October 27, 2003    

M1 LVS: Load Balancing and High Availability for Free NEW
Dustin Puryear, Windows, UNIX, and IT Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 1/2/3

Who should attend: Network administrators who need to ensure high performance and availability of services such as Apache, MySQL, DB2, and even Windows Terminal Services and who want to be able to tweak and tune a solution that is open source, stable, and flexible. Participants should be familiar with Linux and TCP/IP. Participants will leave this tutorial with a general understanding of load-balancing and high availability services and how to implement those services using the open source Linux Virtual Server (LVS).

Topics include:

  • An overview of load-balancing and high availability
  • How to configure LVS for different scenarios and goals
  • Installing LVS on your Linux server; tweaking the Linux kernel for LVS
  • Examples and considerations of LVS configuration for popular services such as Apache (HTTP) and SSL, MySQL, and Windows Terminal Services.
  • Configuring fail-over of LVS!
  • Security considerations
  • Troubleshooting

Dustin Puryear (M1) Dustin Puryear is a consultant providing expertise in managing and integrating UNIX and Windows systems and services, with a strong focus on open source, and is author of Integrate Linux Solutions into Your Windows Network. As a consultant, Dustin has worked on projects ranging from tuning and managing Linux and FreeBSD high-availability web farms to developing custom management software for qmail-based mail systems.

M2 System and Network Monitoring
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m., Windsor Room

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.

Topics include:

  • Monitoring: goals, techniques, reporting
  • SNMP: the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other non-SNMP tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
  • Special situations: remote locations, firewalls, etc.
  • Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting
John Sellens (M2, T2) has been involved in system and network John Sellens administration since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.S. in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

M3 Managing Samba 2.2 & 3.0 NEW
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m., Hampton Room

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring/managing Samba servers" listed as a desired skill on many job descriptions for network administrators.

Topics include:

  • Providing basic file and print services
  • Upgrading Samba servers from version 2.2 to 3.0
  • Integrating with Windows NT 4.0 and Active Directory authentication services
  • Centrally managing printer drivers for Windows clients
  • Managing NetBIOS network browsing
  • Implementing a Samba primary domain controller along with Samba backup domain controllers
  • Migrating from a Windows NT 4.0 domain to a Samba domain
  • Utilizing account storage alternatives to smbpasswd (such as LDAP)
  • Making use of Samba VFS modules for features such as virus scanning and a network recycle bin

Gerald Carter (S1, M3), has been a member of the SAMBA Team since 1998. Gerald Carter He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

M4 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m., Pacific Salon 2

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system, and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
    • NFS issues
    • Automounter and other tricks
  • Network performance, design, and capacity planning
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time

Marc Staveley (M4) works with Soma Networks,Marc Staveley where he is applying his many years of experience with UNIX development and administration in leading their IT group. Previously Marc has been an independent consultant and has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

M5 Hacking and Securing Web-Based Applications
David Rhoades, Maven Security Consulting
9:00 a.m.–5:00 p.m., Royal Palm Salon 5/6

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.

With numerous real-world examples, this course is based on fact and experience, not theory. The material applies to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.

Topics include:

  • Information-gathering attacks: How hackers read between the lines
  • User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
  • User sign-off process: Are users really signed off?
  • OS & Web server weaknesses: buffer overflows and default material
  • Encryption: Finding the weakest link
  • Session tracking
    • URL rewriting, basic authentication, and cookie: strengths and weaknesses
    • Session cloning, IP hopping, and other subtle dangers
    • A recipe for strong session IDs
  • Authentication: server, session, transactional
  • Transaction-level issues
    • Hidden form elements
    • Unexpected user input
    • GET vs. POST
    • JavaScript filters
    • Improper server logic

David Rhoades (M5, T6) is a principal consultant with Maven SecurityDavid Rhoades Consulting. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).

M6 Building Honey Pots for Intrusion Detection
Marcus Ranum, Consultant
9:00 a.m.–5:00 p.m., Crescent Room

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux and, while the materials may be of interest to a Windows/NT administrator, attendees will benefit if they have at least basic UNIX system administration skills.

This tutorial provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar-alarming networks. Students completing this class will go away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

  • Introduction
    • IDSes
    • Fundamentals of burglar alarms
    • Fundamentals of honey pots
    • Fundamentals of log-data analysis
    • Spoofing servers
  • Overview of honey pot design
    • Tools and techniques
    • Services
    • Port listeners
    • Arpd and arp spoofing
    • Honeyd: populating the world with fake systems
    • LaBrea tarpit and tarpitting
    • Spoofing server implementation walkthrough
    • Multiway address/traffic manipulation
    • Logging architecture: syslogs, XML logs, statistical processing
    • Simple tricks for information visualization
  • Management
    • How to get help in analyzing attacks
    • Keeping up to date
  • Legal issues
    • Entrapment
    • Privacy
    • Liability
Marcus J. Ranum (S6, M6) is a world-renowned expertMarcus Ranum on security system design and implementation. He is recognized as the inventor of the proxy firewall and the implementor of the first commercial firewall product. Since the late 1980s, he has designed a number of ground-breaking security products, including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and Network Flight Recorder's intrusion detection system. He has been involved in every level of operations of a security product business, from developer to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. He holds both the TISC "Clue" award and the ISSA Hall of Fame award.

M7 Using FreeBSD's Advanced Security Features NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 4

Who should attend: System administrators and managers responsible for securing IT assets whose requirements have outgrown their existing infrastructure. Participants should be familiar with basic system security, but expertise is not required. UNIX administration experience is expected, but work with FreeBSD is not assumed. Participants will gain a general understanding of risk evaluation and threat mitigation techniques and will learn how FreeBSD's security features work, what they add and what they cost, and how to apply them.

With complex new threats, shrinking budgets, and smaller staffs, just keeping up on today's security threats sometimes seems impossible. Enter FreeBSD, a widely distributed, secure, and free derivative of BSD UNIX with powerful new functionality from the TrustedBSD project, including filesystem firewalls and Access Control Lists.

This tutorial addresses the risks companies face, discusses how to evaluate and lessen those risks, and shows how to use FreeBSD's new--and sometimes not so new--features to create cost-effective, secure computing environments. It also delves into FreeBSD's new functionality, looking at the security that's been added and the associated performance and ease-of-use costs.

Topics include:

  • Assessing risks
  • How TrustedBSD addresses the common criteria for IT security evaluation
  • Using FreeBSD's ports system to easily keep up with patches and security releases
  • Jails and virtual machines
  • Filesystem and IP firewalls
  • Mandatory access controls and discretionary access controls
  • Pluggable Authentication Modules (PAM) and One-Time Passwords In Everything (OPIE)
  • Configuration walkthroughs for a secure:
    • Firewall
    • Log host
    • Combination mail server, file server, and Kerberos server
    • Client
Mike DeGraw-Bertsch (S8, M7) has been working withMike DeGraw-Bertsch FreeBSD for ten years, and has been active in security for the last five years. He has written articles for the O'Reilly Network and SysAdmin Magazine and is writing UNIX Systems and Network Security for Springer-Verlag. Mike is a security and networking consultant and spends his free time as an ice hockey goalie.

M8 Mac OS X Security NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.–12:30 p.m., Pacific Salon 1

Who should attend: Security and system administrators who are or will be responsible for managing Mac OS X systems. A modest background in TCP/IP networking and UNIX system administration is assumed.

Although Mac OS X is largely based on BSD UNIX, the elements that make it unique lead to a host of new security considerations and opportunities. This tutorial examines Mac OS X security from a practical perspective. By the end of the course, you'll be familiar with the technologies available to help you secure your systems and will be well on your way to taking full advantage of them.

Topics include:

  • Security out of the box
  • Directory and authentication services
  • Privileged access
  • The Security Framework
  • Network security
  • Setup tasks

Leon Towns-von Stauber (S7, M8) started using UNIX systemsLeon Towns-von Stauber in 1990 and has been administering them professionally for the last nine years in service provider, corporate, and educational environments. Although he's worked extensively with Solaris, Linux, HP-UX, AIX, and too many other flavors of UNIX, the purchase of a NeXT workstation in 1991 introduced him to the operating system lineage that he would follow from NeXTstep through to Mac OS X today. Currently he is working on books for O'Reilly & Associates on Mac OS X security and system administration.

M9 Advanced Shell Programming
Mike Ciavarella, Cybersource Pty Ltd
9:00 a.m.–12:30 p.m., Sheffield Room

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

  • Common mistakes and unsafe practices
  • Modular shell script programming
  • Building blocks: awk, sed, etc.
  • Writing secure shell scripts
  • Performance tuning
  • Choosing the right utilities for the job
  • Addressing portability at the design stage< LI>When not to use shell scripts

Mike Ciavarella (S3, M9, M11) has been producing and Mike Ciavarellaediting technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

M10 Perl Program Repair Shop and Red Flags
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m., Pacific Salon 3

Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months' experience programming in Perl.

You've probably been working too hard when you program, writing twenty lines of code when you only needed ten. But there is a better way, and I will show it to you. You'll learn how to improve your own code and the code of others, making it cleaner, more readable, more reusable, and more efficient, while at the same time making it 30-50% smaller. Smaller code contains fewer bugs and takes less time to maintain.

We will examine several real code examples in detail and see how to improve them. We'll focus on red flags--warning signs in your code that are plainly visible once you know what to look for--and on techniques that require little complex thought or ingenuity. All the bad code in this class is guaranteed 100% genuine and typical.

Participants are encouraged to submit their own code for anonymous review in the class. (Send it to mjd-lisa-2003+@plover.com.) Class content varies depending on submissions, but is sure to include some of the topics listed below.

Topics include:

  • Families of variables
  • Making relationships explicit
  • Refactoring
  • Programming by convention
  • The Flesh Blanket
  • Conciseness
  • Why you should avoid the "." operator
  • Elimination of global variables
  • Superstition
  • The "use strict" zombies
  • Repressed subconscious urges
  • The cardinal rule of computer programming
  • The psychology of repeated code
  • Techniques for eliminating repeated code
  • What can go wrong with "if" and "else"
  • The Condition That Ate Michigan
  • Resisting "Holy Doctrine"
  • Trying it both ways
  • Structural vs. functional code
  • Elimination of structure
  • Boolean values
  • Programs that take two steps forward and one step back
  • Programs that are 10% backslashes
  • 'print print print print print '
  • C-style "for" loops
  • Loop counter variables
  • Array length variables
  • Unnecessary shell calls
  • How (and why) to let "undef" be the special value
  • Confusion of internal and external representations of data
  • Tool use
  • Elimination of repeated code with higher-order functions
  • Learning to use a hammer
  • The "swswsw" problem
  • Avoiding special cases
  • Using uniform data representations

Mark-Jason Dominus (S10, S13, M10, M13) has been programmingMark-Jason Dominus in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

M11 Documentation Techniques for SysAdmins
Mike Ciavarella, Cybersource Pty Ltd
1:30 p.m.–5:30 p.m., Pacific Salon 1

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Topics include:

  • Why system administrators need to document
  • The document life cycle
  • Targeting your audience
  • An adaptable document framework
  • Common mistakes
  • Tools to assist the documentation process

Mike Ciavarella (S3, M9, M11) has been producing and Mike Ciavarellaediting technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

M12 Introduction to Host Configuration and Maintenance with Cfengine NEW
Mark Burgess, Oslo University College
1:30 p.m.–5:30 p.m., Sheffield Room

Who should attend: System administrators with a minimal knowledge of a scripting language who wish to start using cfengine to automate the maintenance and security of their systems. UNIX administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.

Cfengine is a tool for setting up and maintaining a configuration across a network of hosts. It is sometimes called a tool for "Computer Immunology"--your computer's own immune system. You can think of cfengine as a very high level language, much higher-level than Perl or shell, together with a smart agent. The idea behind cfengine is to create a single "policy" or set of configuration files that describes the setup of every host on your network, without sacrificing their autonomy.

Cfengine runs on every host and makes sure that it is in a policy-conformant state; if necessary, any deviations from policy rules are fixed automatically. Unlike tools such as rdist, cfengine does not require hosts to open themselves to any central authority, nor to subscribe to a fixed image of files. It is a modern tool, supporting state-of-the-art encryption and IPv6 transport, that can handle distribution and customization of system resources in huge networks (tens of thousands of hosts). Cfengine runs on hundreds of thousands of computers all over the world.

Topics include:

  • The components of cfengine and how they are used
  • How to get the system running
  • How to develop a suitable policy, step by step
  • Security
  • Examples
  • How to customize cfengine for special tasks

Mark Burgess (M12) is a professor atMark Burgess Oslo University College and is the author of cfengine. He has been researching the principles of network and system administration for over ten years and is the author of Principles of Network and System Administration (John Wiley & Sons). He is frequently invited to speak at conferences.

M13 Perl Programming: Making Programs Faster (Benchmarking, Profiling, and Performance Tuning) NEW
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:30 p.m., Pacific Salon 3

Who should attend: Students should have at least six months' experience programming in Perl.

Almost every application must be made to run faster; some sooner, some later. Performance tuning of applications has long been a dark art, understood by few and riddled with terrible pitfalls. Stories abound of optimization projects that took weeks but yielded a pathetic 2% decrease in total run time. Don't let this happen to you.

Throughout, the class will emphasize both high- and low-level approaches to performance tuning: when to tune and when to try something different; if tuning is necessary, how to focus your efforts where they will do the most good. We'll learn how to rationally evaluate programming situations and when to try alternative approaches.

Topics include:

  • The basic concepts of performance tuning
  • Modules for benchmarking and profiling
  • Common blunders even experts commit
  • Especially important optimizations

Mark-Jason Dominus (S10, S13, M10, M13) has been programmingMark-Jason Dominus in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

?Need help? Use our Contacts page.

Last changed: 16 Oct. 2003 ch