Check out the new USENIX Web site.
Check out the new USENIX Web site.
18th Large Installation System Administration Conference, November 14-19, Atlanta, GA
LISA '04 Home            USENIX Home            Events            Publications            Membership



Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File

Tuesday, November 16, 2004
T1 Network Security Assessments Workshop—Hands-On (Day 1 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.

How do you test a network for security vulnerabilities? Just plug some IP addresses into a network-scanning tool and click SCAN, right? If only it were that easy. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are fraught with dangers: accidental denial-of-service, false positives, false negatives, and long-winded reporting, to name but a few. Performing a security assessment (a.k.a. vulnerability assessment or penetration test) against a network environment requires preparation, the right tools, methodology, knowledge, and more. This hands-on workshop will cover the essential topics for performing an effective and safe network assessment.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (, burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • Preparation: What you need before you even begin
  • Safety measures: This often-overlooked topic will cover important practical steps to minimize or eliminate adverse effects on critical networks
  • Architecture considerations: Where you scan from affects how you perform the assessment
  • Inventory: Taking an accurate inventory of active systems and protocols on the target network
  • Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
  • Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
  • Research and development: What to do when existing tools don't suffice
  • Documentation and audit trail: How to keep accurate records easily
  • How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.

Day 1

  • Lab setup and preparation
  • Security assessment overview
    • Types of assessments
    • Choosing an assessment approach
  • Assessment preparation
    • Defining the purpose
    • Rules of engagement
    • Assessment logistics
    • Open vs. closed testing
    • Passive vs. active testing; depth of testing
    • Denial of service (DoS)
    • Enumeration of target information
    • Permission
  • Assessment safety
    • Verification of tool authenticity
    • Vetting tools
    • Safety concepts
    • The dangers of automated scanners
    • Automated tool safety summary
  • Documentation and audit trail
  • Assessment phase 1: network inventory
    • Ping scanning
    • Discrete port scanning (host inventory only)
    • DNS queries
    • Traceroute
    • ARP scanning

Day 2

  • Assessment phase 2: target analysis
    • TCP port scanning
    • UDP port scanning
    • SNMP
  • Assessment phase 3: exploitation and confirmation
    • Automated vulnerability scanning tools
    • (Online) brute-force attacks
    • (Offline) password cracking
    • Manual testing
  • Special consideration testing
    • Firewalls and routers
    • Auditing email servers
    • Web servers
    • Stealth technique summary
  • Vulnerability scanning tools
    • Automated scanning tools
    • Commercial scanners
  • Nessus
    • Nessus Clients
    • Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

T2 Implementing LDAP Directories
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.

Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

Topics include:

  • Replacing NIS domains
  • Integrating Samba user accounts
  • Authenticating RADIUS clients
  • Integrating MTAs such as Sendmail, Qmail, or Postfix
  • Creating address books for mail clients
  • Managing user access to HTTP and FTP services
  • Storing DNS zone information
  • Managing printer information
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. Gerald Carter He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

T3 Administering Linux in Production Environments
Æleen Frisch, Exponential Consulting
9:00 a.m.–5:00 p.m.

Who should attend: Both current Linux system administrators and administrators from sites considering converting to Linux or adding Linux systems to their current computing resources. We will be focusing on the administrative issues that arise when Linux systems are deployed to address a variety of real-world tasks and problems arising from both commercial and research and development contexts.

Topics include:

  • Recent kernel developments
  • High-performance I/O
    • Advanced filesystems and logical volumes
    • Disk striping
    • Optimizing I/O performance
  • Advanced compute-server environments
    • Beowulf
    • Clustering
    • Parallelization environments/facilities
    • CPU performance optimization
  • High availability Linux: fault tolerance options
  • Enterprise-wide authentication
  • Fixing the security problems you didn't know you had (or, what's good enough for the researcher/hobbyist won't do for you)
  • Automating installations and other mass operations
  • Linux in the office environment

Æleen Frisch (, M12, T3) has been a system administrator for over 20 years. Aeleen Frisch She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).


T4 Advanced Technology in Sendmail NEW!
Eric Allman, Sendmail, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: System administrators who want to learn more about the Sendmail program, particularly details of configuration and operational issues. This tutorial assumes that you are already familiar with Sendmail, including installation, configuration, and operation.

In the past few years the face of email has changed dramatically. No longer is it sufficient to use the default configurations, even in single-user systems. Spam, regulation, high loads, and increased concerns about privacy and authentication have caused major changes in sendmail and in the options available to you.

After a very brief review of Sendmail functionality and terminology, we will explore some of the newer important features.

Topics include:

  • SMTP authentication
  • TLS encryption
  • The Milter (mail filter interface)
  • Many of the newer policy control interfaces
This will be an intense, fast-paced tutorial. It is strongly recommended that you have read or are familiar with the materials in the Sendmail book published by O'Reilly and Associates, preferably the 3rd edition (but at least the 2nd edition).

Eric Allman (T4) is the original author of Sendmail, co-founder and CTO of Sendmail, Inc.,Eric Allman and co-author of Sendmail, published by O'Reilly. At U.C. Berkeley, he was the chief programmer on the INGRES database management project, leader of the Mammoth project, and an early contributer to BSD, authoring syslog, tset, the -me troff macros, and trek. Eric designed database user and application interfaces at Britton Lee (later Sharebase) and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. Eric is on the Editorial Review Board of ACM Queue magazine and is a former member of the Board of Directors of the USENIX Association.

T5 VoIP Principles and Implementation with Asterisk NEW!
Heison Chak, SOMA Networks
9:00 a.m.–5:00 p.m.

Who should attend: Managers and system administrators involved in the evaluation, design, implementation, and deployment of VoIP infrastructures. Participants do not need prior exposure to VoIP but should understand the principles of networking. Attendees will come away from this tutorial with strategies for cost -saving improvements to their existing infrastructures and practical information on deploying VoIP in a variety of environments.

This tutorial will cover VoIP principles, VoIP networks, and their interaction and interface with the traditional PSTN (Public Switched Telephone Network) and IP networks. The tutorial will compare a number of widely used codecs (voice encoders) and VoIP protocols. As well, The Asterisk open source PBX will be presented to demonstrate VoIP principles and applications.

Topics include:

  • PSTN overview
  • VoIP basics
    • Codecs (G.711, G.729, etc.)
    • Protocols (SIP, IAX, etc.)
    • Performance metrics (jitter, latency, etc.)
  • VoIP networks (FWD, IAXtel, etc.)
  • Implementation examples with Asterisk
    • Hardware
    • IVR (interactive voice response)
    • Dialplan
    • TTS (text to speech) applications
Heison Chak (T5) works for SOMA Networks as a network engineer, focusing on networkHeison Chak management and performance analysis as well as the implementation of data and voice networks. He has undertaken to design a VoIP platform and to migrate SOMA Networks to it from an existing legacy PBX system. Chak is an active member of the Asterisk community.

T6 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m.

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
    • NFS issues
    • Automounter and other tricks
  • Network performance, design, and capacity planning
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time
Marc Staveley (T6) works with Soma Networks, where he is applying his many Marc Staveley years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant and also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

T7 Advanced Shell Programming
Mike Ciavarella, University of Melbourne
9:00 a.m.–12:30 p.m.

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

  • Common mistakes and unsafe practices
  • Modular shell script programming
  • Building blocks: awk, sed, etc.
  • Writing secure shell scripts
  • Performance tuning
  • Choosing the right utilities for the job
  • Addressing portability at the design stage
  • When not to use shell scripts

Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation sinceMike Ciavarella he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching software engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

T8 Eliminating Backup System Bottlenecks Using Disk-to-Disk and Other Methods NEW!
Jacob Farmer, Cambridge Computer Corp.
9:00 a.m.–12:30 p.m.

Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use. Students will leave this lecture with immediate ideas for effective, inexpensive improvements to their backup systems.

The end may finally be in sight for the pains of backup and restore. The cost of disk storage has crossed the line: it has finally become practical to use disk to enhance or replace tape-based backup systems. In turn, software applications have come to market to facilitate the use of disk in backup systems. Now the problem is sorting out all of the options and fitting them into your existing infrastructure. This lecture identifies the major bottlenecks in conventional backup systems and explains how to address them. The emphasis is placed on the various roles inexpensive disk can play in your data protection strategy; however, attention is given to SAN-enabled backup, the current state and future of tape drives, iSCSI, and virtual tape.

Topics include:

  • Identifying and eliminating backup system bottlenecks
  • Conventional disk staging
  • Virtual tape libraries
  • Incremental forever and synthetic full backup strategies
  • Information life cycle management and nearline archiving
  • Data replication
  • Continuous backup
  • Snapshots
  • The current and future tape drives
  • Zero duplication file systems
  • iSCSCI

Jacob Farmer (T8) is the CTO of Cambridge Computer Services, a specialized integrator of Jacob Farmerbackup systems and storage networks. He has over 15 years of experience with storage technologies and writes an expert advice column for InfoStor magazine. He is currently writing a book on storage networking.

T9 Combating Spam Using Sendmail, MIMEDefang, and Perl
David Skoll, Roaring Penguin Software
9:00 a.m.–12:30 p.m.

Who should attend: System administrators, network administrators, and email administrators tackling the problem of spam in the enterprise. Participants should be familiar with Sendmail and Perl. Use of or familiarity with MIMEDefang will be helpful but not necessary to get the most out of this practical session.

This tutorial will suggest concrete steps administrators can take to reduce spam using open-source tools for UNIX and Linux.

Topics include:

  • Introduction to mail filtering
  • Introduction to Milter
  • MIMEDefang architecture
  • Writing MIMEDefang filters
  • SpamAssassin integration
  • Virus scanner integration
  • Checking address existence at the periphery
  • Streaming mail for different recipients
  • Greylisting
  • Sendmail's SOCKETMAP feature and MIMEDefang
  • Performance tuning
  • Gathering statistics
  • MIMEDefang's notification facility
The spam problem will be outlined briefly, with a focus on main techniques used by spammers. Attendees will then be shown how to use MIMEDefang Perl code to detect and combat some of those techniques. Attendees will also have the opportunity to discuss the use of MIMEDefang and Perl to achieve their specific goals.

After completing this tutorial, participants will be aware not only of top spamming techniques, but of concrete methods for combating the problem using open-source tools.

David Skoll (T9) is founder and president of Roaring Penguin Software, Inc.,David Skoll a firm specializing in email filtering. Skoll is the developer of MIMEDefang, the acclaimed open-source email inspection software, and the primary developer of CanIt and CanIt-PRO, commercial anti-spam systems based on MIMEDefang. He is author of Caldera's OpenLinux Unleashed and frequently writes and presents for the Linux and open source communities. More information can be found at

T10 Documentation Techniques for SysAdmins
Mike Ciavarella, University of Melbourne
1:30 p.m.–5:00 p.m.

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Topics include:

  • Why system administrators need to document
  • The document life cycle
  • Targeting your audience
  • An adaptable document framework
  • Common mistakes
  • Tools to assist the documentation process

Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation sinceMike Ciavarella he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching software engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

T11 Solaris 10 Security Features NEW!
Peter Baer Galvin, Corporate Technologies
1:30 p.m.–5:00 p.m.

Who should attend: Solaris systems managers and administrators interested in the new security features in Solaris 10 (and features in previous Solaris releases that they may not be using).

This course covers a variety of topics surrounding Solaris 10 and security. Solaris 10 includes many new features, and there are new issues to consider when deploying, implementing, and managing Solaris 10.

Topics include:

  • Solaris cryptographic framework
  • NFS V4
  • Solaris privileges
  • Solaris Flash archives and live upgrade
  • Moving from NIS to LDAP
  • Dtrace
  • WBEM
  • Smartcard interfaces and APIs
  • Kerberos enhancements
  • FTP client and server enhancements
  • PAM enhancements
  • Auditing enhancements
  • Password history checking

Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, Peter Baer Galvin and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

T12 Administering NetBackup
W. Curtis Preston, Glasshouse Technologies
1:30 p.m.–5:00 p.m.

Who should attend: Administrators and operators of medium to large NetBackup systems.

Although NetBackup can be administered relatively easily, it can also be misconfigured relatively easily. Misconfigurations can cause failed, slow, unnecessary, and unreliable backups. In addition, they can result in some filesystems or databases accidentally being excluded from the backup. This tutorial will explain in detail best practices designed to give you optimum efficiency with minimal risk, including the recent trend of using disk in your backup system. NetBackup comes with a dizzying number of options costing from hundreds to tens of thousands of dollars each. Making sense of these options can be a difficult and expensive task.

This tutorial will explain the major new features and options in NetBackup releases 4.5 and 5.x. More important, it will cover which of these features and options give you the most bang for the buck.

Topics include:

  • NetBackup architecture
    • Understanding multistreaming & multiplexing
    • Relationship between the Media Manager and NetBackup
  • Command line interface
    • Important commands to know, including some undocumented commands and options
    • bpgetconfig & bpsetconfig, my two new favorite commands
    • bpgp: the beauty and the danger
    • bppl*: configure all your policies and schedules on the command line
    • bpimagelist & bpimmedia: find those backups
    • vmquery: find those tapes
    • vmchange: move those tapes around
  • Designing a NetBackup system
    • Sizing the server
    • System architecture: what kind of servers and how many of them
    • Integrating disk into the mix

W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse Technologies, the global leader in W. Curtis Prestonindependent storage services. Curtis has ten years' experience designing storage systems for many environments, both large and small. As a recognized expert in the field, Curtis has advised the major product vendors regarding product features and implementation methods. Curtis is the administrator of the NetBackup and NetWorker FAQs and answers the "Ask The Experts" backup forum on He is also the author of O'Reilly's UNIX Backup & Recovery and Using SANs & NAS, as well as a monthly column in Storage Magazine.

?Need help? Use our Contacts page.

Last changed: 16 Aug. 2004 jel
Events Calendar