Check out the new USENIX Web site.
Check out the new USENIX Web site.
18th Large Installation System Administration Conference, November 14-19, Atlanta, GA
LISA '04 Home            USENIX Home            Events            Publications            Membership



Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File

Thursday, November 18, 2004
R1 Hacking & Securing Web-based Applications—Hands-On (Day 1 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Is your Web application secure? CD Universe,, and others have found out the hard way: encryption and firewalls are not enough. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are incapable of locating security issues for Web-based applications.

With numerous real-world examples from the instructor's years of experience with security assessments, this informative and entertaining course is based on fact, not theory. The course material is presented in a step-by-step approach, and will apply to Web portals, e-commerce (B2B or B2C), online banking, shopping, subscription-based services, or any Web-enabled application.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (, burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • The primary risks facing Web applications
  • Exposures and vulnerabilities in HTML and JavaScript, authentication, and session tracking
  • Tools, techniques, and methodologies required to locate weaknesses
  • Recommendations for mitigating exposures found
  • Best practices for Web application security
Students will be provided access to several target Web applications. Some of these applications are real applications with known security issues. Others are mock applications designed by Maven Security to simulate real security issues. At each step, the instructor will supply the tools needed and demonstrate the required techniques. All software provided will be publicly available freeware.

Day 1

  • Introduction
    • The problem and root causes
    • Web primer: HTTP and HTML
  • Foundational security
    • OS vulnerabilities
    • Web server security highlights
  • Web server and Web application output
    • HTTP headers
    • HTML and JavaScript
    • Encryption ciphers
    • Error messages
    • Caching
  • Authentication
    • Authentication: digital certificates; form-based; HTTP basic
    • Threats to authentication
  • Sign-on
    • User name harvesting
    • Brute-force password guessing
    • Password harvesting
    • Resource exhaustion
Day 2
  • Session issues
    • Session tracking mechanisms
    • Session ID best practices
    • Session cloning
  • Transaction issues
    • Malicious user input
    • Hidden form elements
    • GET vs. POST
    • JavaScript filters
    • Improper application logic
    • Cross-site scripting (XSS)
  • Third-party products
  • Testing procedures
  • Methodology and safety
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

R2 Managing Samba 2.2 & 3.0
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Topics include:

  • Providing basic file and print services
  • Upgrading a Samba server from version 2.2 to 3.0
  • Integrating with Windows NT 4.0 and Active Directory authentication services
  • Centrally managing printer drivers for Windows clients
  • Managing NetBIOS network browsing
  • Implementing a Samba primary domain controller along with Samba backup domain controllers
  • Migrating from a Windows NT 4.0 domain to a Samba domain
  • Utilizing account storage alternatives to smbpasswd such as LDAP
  • Making use of Samba VFS modules for features such as virus scanning and a network recycle bin
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. Gerald Carter He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

R3 Perl for System Administration NEW!
David N. Blank-Edelman, Northeastern University
9:00 a.m.–12:30 p.m.

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills, who would like a clearer understanding of how Perl can make their jobs easier.

Perl was originally created to help with system administration, so it is a wonder that there isn't more instructional material available to help people in our field use Perl to their advantage. This tutorial hopes to begin to remedy this situation by presenting a solid three hours of instruction on using Perl for system administration. You are also likely to deepen your knowledge of Perl.

Based on the instructor's upcoming O'Reilly book, this tutorial will take a multi-platform approach to the subject. We'll be exploring cutting-edge and old standby system administration topics as they manifest themselves on both UNIX and Windows NT/2000.

Topics include:

  • Secure Perl scripting
  • Dealing with files and filesystems
    • Source control
    • XML
    • Databases
    • Log files
  • Dealing with SQL databases via DBI and ODBC
  • Email as a sysadmin tool (including spam analysis)
  • Network directory services: NIS, DNS, LDAP, ADSI
  • Network management: SNMP and WBEM
David N. Blank-Edelman (M10, R3, R6) is the Director of Technology at the Northeastern University College of David N. Blank-EdelmanComputer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 19 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has given several successful invited talks off the beaten path at LISA.

R4 Next-Generation Security Tools NEW!
Peter Baer Galvin, Corporate Technologies
9:00 a.m.–12:30 p.m.

Who should attend: Systems managers and security managers interested in current security problems and the new generation of tools designed to solve those problems.

This course covers a variety of topics of importance to those designing or implementing security solutions for their installations. It starts with the nasty world of current security threats and the problems sites have to solve. It then talks about what is solvable and what still has no solution. Finally, it covers each of the possible solutions in detail. (Note: Most of these solutions are commercial products.)

Topics include:

  • A security methodology
    • Determining the state of your world
    • Determining the problems to solve
    • Policy and procedure
    • Risk assessment, security audit, and penetration testing
  • Firewalls: Why don't they work?
  • Protecting Web servers
  • Reducing spam
  • Patch management and avoiding patching
  • Network snooping
  • Gaining status knowledge of your facility
  • Content filtering and antivirus software
  • Weak and strong authentication
  • Spyware and peer-to-peer networks
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, Peter Baer Galvin and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

R5 Introduction to Domain Name System Administration
William LeFebvre, CNN Internet Technologies
9:00 a.m.–12:30 p.m.

Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

DNS, the primary method the Internet uses to name and number machines, is used to translate names like "" into addresses like Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."

Topics include:

  • DNS and BIND
  • The DNS name hierarchy
  • The four components of DNS
  • Iterative vs. recursive querying
  • Essential resource records: SOA, A, PTR, CNAME, NS
  • Zone transfers and secondaries
  • Vendor-specific differences
William LeFebvre (R5, F5) is an author, programmer, teacher, and sysadmin expert who has beenWilliam LeFebvre using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

R6 Perl Saves the Day: Writing Small Perl Programs to Get You Out of Big Sysadmin Pinches NEW!
David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.

Who should attend: System administrators with at least advanced-beginner to intermediate Perl skills. This tutorial will show them how to get themselves out of a jam using Perl.

Perl is an excellent language for rapid development and prototyping. Thanks to the power of the core language and the large body of additional modules, it is often possible to write quick programs to solve pressing problems. System administrators have no shortage of pressing problems, so knowing how to wield this "swiss-army chain saw" can be a lifesaver.

Centering on battle stories and the Perl source code used to deal with them, we'll discuss approaches to system administration crises using Perl. The code presented in this class will be mostly UNIX-related, with a sprinkling of Windows NT/2000 examples, but the approaches we'll talk about will not be operating-system specific. Students are welcome to bring their own pressure-cooker problems (solved or not) for class discussion.

David N. Blank-Edelman (M10, R3, R6) is the Director of Technology at the Northeastern University College of David N. Blank-EdelmanComputer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 19 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has given several successful invited talks off the beaten path at LISA.

R7 Recovering from Linux Hard Drive Disasters NEW!
Theodore Ts'o, IBM Linux Technology Center
1:30 p.m.–5:00 p.m.

Who should attend: Linux system administrators and users.

Ever had a hard drive fail? Ever kick yourself because you didn't keep backups of critical files, or you discovered that your regularly nightly backup didn't succeed?

Of course not: you keep regular backups and verify them frequently to make sure they are successful, right? But for those of you who think you might nevertheless someday need this information, this tutorial will discuss ways of recovering from hardware or software disasters.

Topics include:

  • Low-level techniques to recover data from a corrupted ext2/ext3 filesystem when backups aren't available
  • Recovering from a corrupted partition table
  • Using e2image to back up critical ext2/3 filesystem metadata
  • Using e2fsck and debugfs to sift through a corrupted filesystem
  • Some measures to avoid needing to use heroic measures

Theodore Ts'o (R7) has been a Linux kernel developer since almost the very beginnings of Linux: heTheodore Ts'o implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author of the Linux COM serial port driver and the Comtrol Rocketport driver, and he architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is currently employed by IBM Linux Technology Center.

R8 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Cibernet
1:30 p.m.–5:00 p.m.

Who should attend: Sysadmins from environments where upgrading a single large server, or hundreds of individual hosts, is common. Although the focus will be on UNIX and IP networks, all sysadmins will benefit from this tutorial. Examples include situations found both in small and in large sites.

Imagine a project that involves renumbering the IP addresses on thousands of hosts, none of which sees more than one interruption. Imagine upgrading a large server that provides dozens of critical services with confidence that it will be done on time and with all services working. Imagine performing one or more changes on 1,000 individual hosts without fear that you've installed the same typo on each. Imagine a tutorial that teaches the disciplines involved in making those things happen.

This tutorial will include a mix of theory and case studies of real events. Case studies will include success stories as well as disasters—there's much to be learned from both.

Topics include:

  • A sample "change management" policy you can start using right away
  • The network life cycle: birth, certification, decommission
  • Case study: network change management (avoiding outages, managing risk)
  • The project everyone hates: moving your data center
  • Surviving weekend-long maintenance windows with no major problems
  • The secret to successful server upgrades
  • Case study: upgrading a major application server
  • Case study: upgrading a multi-purpose server
  • Service conversions (it's more than just upgrading the software)
  • Case study: IP renumbering and reorganization

Tom Limoncelli (R8, F3) co-author of The Practice of System and Network AdministrationTom Limoncelli (Addison-Wesley), is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he has worked at Dean for America, Lumeta, Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.

?Need help? Use our Contacts page.

Last changed: 11 Aug. 2004 jel
Events Calendar