S3 Seven Habits of the Highly Effective System Administrator NEW
Mike Ciavarella, University of Melbourne, Australia ; Lee Damon, University of Washington
9:00 a.m.–5:00 p.m., Hampton Room

Who should attend: Administrators who wish they could finish their work faster, get it right the first time, be granted more hours in their week, or increase their job satisfaction and confidence.

We will focus on enabling the junior system administrator to "do it right the first time." We aim to accelerate the experience curve for junior system administrators by teaching them the time-honored tricks and effective coping strategies that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.

Some topics will be UNIX-specific, but much of it will be OS-neutral. The theories translate, even if the specific tools mentioned don't.

Topics include:

• Tools you should use
• Tools you should avoid
• How to approach security
• Why syncronicity is important
• Root passwords: what not to do
• Rethinking your backup strategy
• Policies: the good, the bad, and the ugly
• Training, mentoring, planning for personal growth
• Ethical issues
• Site planning
• Budgeting
• Statistics
• Books for you/books for your users

Mike Ciavarella (S3, M9, M11) has been producing and editing technical documentation since he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past four years. Mike has an Honours Degree in Science from the University of Melbourne and is currently a Senior Partner with Cybersource Pty Ltd, where he heads Cybersource's Security Practice. In his spare time, Mike is a caffeine addict and photographer.

Lee Damon (S3) has been a UNIX systems administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of Ethics in the systems administration community, including writing it into policy documents. Lee holds a B.S. in Speech Communication from Oregon State University.

S4 Solaris Internals & Architecture: Performance and Resource Management NEW
Richard McDougall and James Mauro, Sun Microsystems
9:00 a.m.–5:00 p.m., Sheffield Room

Who should attend: System administrators, performance analysts, application architects, database administrators, software developers, and capacity planners. Anyone interested in the organization and structure of the Solaris kernel and in how to apply that knowledge to the use of performance tools and resource controls.

The installed base of Solaris systems for commercial data processing and scientific computing applications has grown dramatically over the last several years, and it continues to grow. The Solaris operating system has matured significantly, with major changes from the UNIX SVR4 source base on which the early system was built. An understanding of how the system is organized is required in order to design and develop applications that take maximum advantage of the various features of the operating system, understand the data made available via bundled system utilities, and optimally configure and tune a Solaris system for a particular application or load.

Topics include:

• The virtual memory system
• The virtual file system
• The multi-threaded process model
• The kernel dispatcher
• Scheduling classes
• File system implementation
• Resource control
• Management facilities

This course is based on Solaris 8 and Solaris 9, but has applicability to earlier releases. Networking (TCP/IP, STREAMS) facilities and performance are not covered.

Richard McDougall (S4) is an established engineer in the Performance Application Engineering group at Sun Microsystems, where he focuses on large systems performance and architecture. He has over twelve years of performance tuning, application/kernel development and capacity planning experience on many different flavours of UNIX. Richard has written a wide range of papers and tools for measurement, monitoring, tracing, and sizing UNIX systems, including the memory sizing methodology for Sun, the set of tools known as "MemTool" to allow fine-grained instrumentation of memory for Solaris, the recent "Priority Paging" memory algorithms in Solaris, and many of the unbundled tools for Solaris.

Richard, with Jim Mauro, wrote Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall) and are currently collaborating on an update of the book for Solaris 8, as well as volume II.

James Mauro (S4) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun.

S5 Architecting a Secure Infrastructure: From Networking Through Applications NEW
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–5:00 p.m., Royal Palm Salon 1/2

Who should attend: Network and system administrators who will be responsible for creating and implementing security infrastructure. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will describe how to create a baseline for policy and how to build that into a secure infrastructure. It will include case studies from several different types of business needs: commercial, government, university, and ISP. The emphasis will be on understanding what drives businesses, practical application of Infrastructure components, and case studies.

Participants should expect to leave the tutorial with the information needed to begin identifying drivers and techniques to create effective policies. In addition, participants should expect to leave the tutorial with the information needed to begin creating a secure infrastructure.

Topics include:

• Writing effective policies
• Setting standards
• Implementing procedures
• Security concepts (AAA, encryption)
• Security approaches
• Security technologies
• Drivers of business
• Infrastructure
  • Firewalls
  • Networks
  • Servers
  • Operating systems
  • Web infrastructure
• Securing applications
• Reviewing new technologies
  • XML
  • Middleware messaging
  • Portals
  • VOIP
• Entitlement
• IDS
• Logging
• Privacy
• Approaches to outsourcing/out-tasking

Steve Acheson (S5) is currently a Information Security Architect at Cisco Systems, where he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field as a system administrator, network engineer, and security analyst for over 15 years.

Laura Kuiper (S5) is currently a Computer Security Architect at Cisco Systems, where she is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a network engineer and security analyst for over 9 years.

S6 Intrusion Detection and Prevention Systems NEW
Marcus Ranum, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 3/4

Who should attend: Network or security managers responsible for an IDS roll-out, security auditors interested in assessing IDS capabilities, and security managers involved in IDS product selection.

This workshop covers the real-world issues you'll encounter as part of doing an intrusion detection roll-out or product selection. There's a lot of hype surrounding Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)--what works, and what doesn't? How do they work? Attendees will learn the advantages and disadvantages of popular approaches to IDS. Deploying an IDS is only the beginning, many users find, as they have to deal with false positives and noise. We'll discuss these issues as well as where to deploy IDSes, how to test them, how to build out-of-band IDS management networks, and how they interact with switches, routers, and firewalls.

Topics include:

• Technologies
  • IDS and IPS: what they are and how they work
  • Burglar alarms and honeypots: low-rent IDS
  • Misuse detection and anomaly detection
  • False positives, noise, and false alarms
  • Does freeware stack up to the commercial products?
• Deployment issues
  • Where to place IDS within the network
  • Alert tuning: what it is and how it works
  • How to estimate the size of an IDS deployment
  • How to size and design a logging/management architecture
  • Tools and tricks for logging and event correlation
  • A typical IDS roll-out
  • How to test an IDS for correct function
  • IDS benchmarks: bogus and bogusest
• Management issues
  • How to justify the expenditures on an IDS to management
  • Cyclical maintenance
  • Alert management procedures

S7 Mac OS X System Administration NEW
Leon Towns-von Stauber, Consultant
9:00 a.m.–5:00 p.m., Royal Palm Salon 5/6

Who should attend: System administrators who are or will be responsible for managing Mac OS X systems or are merely curious about it. A modest background in UNIX system administration is assumed, including familiarity with basic operating system concepts, configuring and managing network services, and host and network security.

Mac OS X is the advanced, BSD-based operating system from Apple. While many of the technologies are familiar, some aspects of this new OS make working with it quite a bit different from other UNIX systems you've managed.

This tutorial presents an overview of the design of Mac OS X and takes a practical approach to the administrative aspects of the system. By the end of the course, you'll be familiar with the fundamentals of the operating system and have a grab-bag of time-saving tips. These will give you a quick boost in administering Mac OS X.

Topics include:

• Operating system components
• Management applications
• Boot sequence
• Filesystem issues
• Software installation
• Account management
• Directory and authentication services
• Networking
• File sharing
• Print services
• Web and mail services
• Security issues
• Setup tasks

S8 Using IPsec NEW
Mike DeGraw-Bertsch, Consultant
9:00 a.m.–12:30 p.m., Pacific Salon 1

Who should attend: System and network administrators responsible for network security. Participants should be familiar with basic networking, including a general understanding of TCP/IP and experience with network design and system administration. Work with IPsec is not assumed, nor is expertise in a particular operating system necessary.

Networks are a traditionally hostile medium, with packet sniffers, eavesdroppers, man-in-the-middle and replay attacks, and other ne'er-do-wells working hard to intercept, read, and modify your traffic. And that's just on your LAN! Enter IPsec. This tutorial addresses what IPsec is, how it works, and how to use it to mitigate the afore-mentioned risks, and more. Participants will gain a strong understanding of IPsec's internals, will learn to recognize when IPsec is the appropriate solution, and will be able to use it effectively to enhance their network's security.

Topics include:

• How IPsec works: tunnels, transports, encryption and authentication
• Using X.509 certificates and the Internet Keying Exchange (IKE) to automate connection management
• IPsec's strengths and weaknesses
• Debugging connections
• Taking advantage of Linux's opportunistic encryption
• Configuration walkthroughs for Linux, FreeBSD and NetBSD, OpenBSD, Windows 2000, and/or Cisco IOS (depending on audience needs)

Mike DeGraw-Bertsch (S8, M7) has been working with FreeBSD for ten years, and has been active in security for the last five years. He has written articles for the O'Reilly Network and SysAdmin Magazine and is writing UNIX Systems and Network Security for Springer-Verlag. Mike is a security and networking consultant and spends his free time as an ice hockey goalie.

S9 Enterprise Log Analysis: Tips, Tricks, and Techniques NEW
Sweth Chandramouli, Idiopathic Systems Consulting
9:00 a.m.–12:30 p.m., Pacific Salon 2

Who should attend: Intermediate to advanced systems, network, and security administrators with responsibility for analysis of large or complex amounts of log data. Familiarity with either or both of UNIX syslog and Windows EventLog is assumed.

This tutorial will provide an overview of advanced log analysis techniques, with a focus on learning how to recognize the types of data for which different techniques are appropriate, rather than on application-specific implementations of those techniques.

Topics include:

• Positive and negative filtering
• Graphical and algorithmic outlier analysis
• Historical analysis
• Procedural correlation
• Object classification analysis
• Event distillation/reduction

Sweth Chandramouli (S9) is the Founder and President of Idiopathic Systems Consulting, providing information security, UNIX and network systems design and implementation, and data analysis services for a client base ranging from sole proprietorships to Fortune 100 companies to the US government. He has previously served as CTO for Homeland Security (Justice Programs) at Lockheed Martin Information Technology, and as Director of Systems Architecture for ServerVault, Inc.

Sweth has an extensive background in the field of Log Analysis, including the development of log analysis tools for companies such as Counterpane Internet Security and agencies such as the US DHS Bureau of Immigration and Customs Enforcement. He is also an active contributor to the loganalysis mailing list, and has written about the topic extensively.

S10 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m., Pacific Salon 3

Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.

Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems.

The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.

In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."

Topics include:

• Inside the regex engine
  • Regular expressions are programs
  • Backtracking
  • NFA vs. DFA
  • POSIX and Perl
  • Quantifiers
  • Greed and anti-greed
  • Anchors and assertions
  • Backreferences
• Disasters and optimizations
  • Where machines come from
  • Disaster examples
  • Tokenizing
  • New optimizations
  • Matching strings with balanced parentheses

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

S11 Veritas Volume Manager: Beyond the GUI NEW
Douglas Hughes, Global Crossing
1:30 p.m.–5:30 p.m., Pacific Salon 1

Who should attend: Those who wish to learn how to effectively make use of the copious command line capabilities of Veritas Volume Managerm and how VxVM integrates with system startup scripts. Some familiarity with how VxVM works at a high level is helpful. Intermediate to advanced users may find the mid to end parts of the course most interesting. Beginners will receive a short introduction to volume manager terminology. There should be something for everybody.

Topics include:

• Fundamentals of terminology and volume components (volume, plex, subdisk) (a short comparison with disksuite and LVM)
• Creating volumes
• Workhorse tools (vxassist, vxresize, vxsd, vxedit, vxmake)
• Performance tuning (vxstat, vxtrace)
• How it works at bootup
• Recovery and maintenance
• What the daemons do
• Disk and volume management (to encapsulate or not, capacity planning, naming)
• Dynamic multi-pathing

• Specifics of integration with hardware vendors

Doug Hughes (S11) is a founding member of and frequent contributor to the veritas-vx and ssa-managers mailing lists. He has been using Veritas Volume Manager since the mid 1990s. He is also the keeper of one of the tips and tricks Web pages for Veritas and related storage technologies (https://www.will.to/vxstuff). Doug has a B.E. in Computer Engineering from Pennsylvania State University and currently works for a large multinational telecommunications company.

S12 Combating Spam Using SpamAssassin, MIMEDefang, and Perl NEW
David Skoll, Roaring Penguin Software
1:30 p.m.–5:30 p.m., Pacific Salon 2

Who should attend: System administrators, network administrators, and email administrators tackling the problem of spam in the enterprise. Participants should have a basic familiarity with SMTP and Perl.

The course will feature a high-speed introduction to SpamAssassin on UNIX/Linux and MIMEDefang and will describe concrete steps administrators can take to reduce spam. It will then zero in on MIMEDefang (created by David Skoll) and Sendmail. Participants will have ample opportunity to ask about the application of MIMEDefang and Perl modules in their particular environment.

Topics include:

• Introduction to mail filtering
  • Why filter?
  • What are we filtering?
  • Where to filter: on server, or on client?
• Introduction to Sendmail's Milter API
• Introduction to MIMEDefang
• Writing MIMEDefang filters
• Advanced filter writing
  • Information to use: HELO, relay address, envelope addresses, message content
  • Receive-only addresses and bounces
  • To bounce, or not to bounce?
  • Attachment stripping
• Common spam techniques and how to fight them
• SpamAssassin integration
• Advanced topics
  • Tuning MIMEDefang to handle huge loads
  • Preserving relay information across a chain of MX hosts
  • Recipient-verification on the final MX host before accepting mail

David Skoll (S12) is founder and president of Roaring Penguin Software, Inc., a consulting firm focused on deploying intelligent computing infrastructures for businesses of all sizes and incorporating Linux into heterogeneous environments. Skoll is the developer of MIMEDefang, the acclaimed open-source email inspection software, and creator of RP-PPPoE, deployed across Linux servers and clients worldwide. He is author of Caldera's OpenLinux Unleashed and frequently writes and presents for the Linux and open source communities. More information can be found at https://www.roaringpenguin.com.

S13 Perl Programming: Tricks of the Wizards UPDATED
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:30 p.m., Pacific Salon 3

Who should attend: Anyone who has a basic familiarity with Perl's packages, references, modules, and objects, and wants to become a wizard.

This class will explore Perl's most unusual features. We'll look at some of the standard modules written by famous wizards such as Tom Christiansen, Damian Conway, and Larry Wall, and learn what they're for and how they work.

Topics include:

• Perl's remarkable "glob" feature
  • An assortment of uses of globs
  • The much-used and mysterious Exporter module
  • How to do globby magic with Perl 6, which won't have globs
• Unusual uses of the "tie" function, including:
  • Hashes with case-insensitive keys
  • Arrays that mirror the contents of a file
  • Filehandles that suppress annoying output
• "AUTOLOAD," the Function of Last Resort
• The new "source filter" feature, which allows you to program in any language and translate to Perl at the last moment
• How to add a switch statement to Perl
• How to make Perl 5 emulate the variable syntax of Perl 6
• Last but not least: Nine useful enchantments that take only 30 seconds each

Mark-Jason Dominus (S10, S13, M10, M13) has been programming in Perl since 1992. He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.