Check out the new USENIX Web site.
LISA '99: 13th Systems Administration Conference
Home  | At a Glance  | Register  | Tutorials  | Technical Sessions  | Workshops  | Exhibition  | Organizers  | Activities

Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

Tuesday, November 9, 1999    
Full-Day Tutorials
T1 Windows NT and UNIX Integration: Problems and Solutions - NEW
Phil Cox, Networking Technology Solutions
T2 Hot Topics in Modern System Administration--2 - NEW
Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder
T3 Auditing--An Agent of Change for the Better! - NEW
Geoff Halprin, The SysAdmin Group
T4 Computer Attacks: Trends and Countermeasures
Tina Darmohray, System Experts, Inc.
T5 UNIX Security Tools: Use and Comparison
Matt Bishop, University of California, Davis
T6 Advanced Topics in DNS and BIND
Paul Vixie, Internet Software Consortium
T7 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.
Half-Day Tutorials - Morning
T8am Web Application Security - NEW
Mark-Jason Dominus, Consultant
T9am Topics in AFS Administration - NEW
Esther Filderman, Pittsburgh Supercomputing Center; Ted McCabe, MIT
T10am Dealing with Difficult People - NEW
Steve Johnson, Transmeta; Dusty White, Consultant
Half-Day Tutorials - Afternoon
T11pm Automating/Standardizing Operating System Installations: Solaris Jumpstart, Red Hat Kickstart, and Others . . .
Greg Kulosa, GNAC, Inc.
T12pm Administering Backups with Legato NetWorker - NEW
W. Curtis Preston, Collective Technologies
T13pm Mastering an Interrupt-driven Job - NEW
Steve Johnson, Transmeta; Dusty White, Consultant


T1 Windows NT and UNIX Integration: Problems and Solutions NEW
Phil Cox, Networking Technology Solutions

Who should attend: System administrators who are responsible for heterogeneous Windows NT and UNIX-based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it's recommended they have systems administration experience in at least one.

Today's organizations choose computing solutions from a variety of vendors. Often, integration of the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This class covers specific problem areas and practical solutions for administering a mixture of UNIX and Windows NT systems. The focus will be on solutions that can be applied today to real-world administration problems in heterogeneous UNIX and Windows NT-based networks.

Topics include:

  • Overview of NT and UNIX
    • Basic homogeneous setups
    • Services: what's offered, and how
    • Similarities
    • Differences
    • Potential sticking points
  • Areas of interest
    • Electronic mail
    • Web servers
    • User authentication
    • File serving
    • Printing
    • Faxes and modems
    • Host-to-host connectivity
    • Remote administration
    • Backup and restore
For each of the areas of interest we will cover:
  • Current uses in homogeneous environments
  • Available answers--where integration can happen
  • Integration solutions and how to choose one (tools that provide the answers will be discussed)
  • Security considerations

Phil Cox (M1, T1) is a consultant for SystemExperts cox_phil Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the USENIX Association Magazine, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.



T2 Hot Topics in Modern System Administration--2 NEW
Ned McClain, XOR Network Engineering; Evi Nemeth, University of Colorado, Boulder

Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems.

Topics include:

  • Y2K compliance: The year 2000 is coming, and it's past time to make sure your site is prepared. We'll talk about the Y2K issues confronting you as an administrator in the UNIX environment, and we'll give you some tips on creating a Y2K gameplan for the UNIX hosts at your site.
  • LDAP: We'll tell you what it is and why it might be time to implement it. From client to server, we will survey how LDAP can strengthen your organization internally and externally. The major focus will be on choosing a UNIX server that's right for your organization.
  • News: Usenet news is the Internet's giant bulletin board: about half a million new articles each day require 20-50GB of disk space. We look at the administration chores and requirements of taking a full news feed, pruning it of spam, and delivering it to your users.
  • DHCP: Short on address space? Sick of configuring each and every one of your users' machines? We'll talk about making DHCP work for your organization. We will cover servers and clients, on both UNIX and NT and hosts.
  • Disaster planning: In planning for disasters, whether they are physical incidents, security incidents, or just sysadmin errors, hindsight and good backups are invaluable. We will provide some guidelines and a checklist of some of the documentation that you need to maintain to make disasters more recoverable.
  • Security tools: A new generation's worth of security management tools are on the loose, and we'll help you understand how to use them to your advantage. We'll examine new scanning tools such as Nessus and nmap, as well as looking at new tools to facilitate security forensics.

Ned McClain (M2, T2) is a lead engineer at XOR mcclain_ned Network Engineering. He is currently helping with the 3rd edition of the UNIX System Administration Handbook (by Nemeth, Snyder, and Hein). He has a degree in computer science from Cornell University and has done research with both the CS and Engineering Physics departments at Cornell.




Evi Nemeth (M2, T2), a faculty member in computer sci nemeth_evi ence at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.





T3 Auditing--An Agent of Change for the Better!NEW
Geoff Halprin, The SysAdmin Group

Who should attend: System administrators who are responsible for developing strategy for their sites, performing system reviews, planning improvements, or proposing expenditures to improve practices, and consultants wishing to develop their skills in planning work and communicating with clients.

As a system administrator, you know when there is a problem. But how can you convince the higher-ups that something needs to be done? The audit is the most valuable tool in your arsenal when it comes to dealing with management, because it forces a rigorous assessment of the current situation, evaluates alternatives, and results in a document that cogently addresses the problems. Audits also have the side effect of uncovering problems you didn't even know existed! An audit enables you to prove your point and also cover your back. It should be your primary tool for:

  • Convincing management that a problem exists
  • Educating management as to the true nature and complexity of your role, and how much effort is involved in doing that job well
  • Planning technical improvements to a site, including obtaining management sign-off on these projects

Audits come in many shapes and sizes. They are a basic mechanism for system review and control over entropy. This workshop will introduce the concepts and principles of audits and will examine in detail how to conduct an audit, including interviews and system inspections, and how to present the results of that work to management in the form of a formal audit report.

Topics include:

  • What an audit is
  • Audit concepts and terminology
  • Three audit perspectives
  • The 4-step audit process
  • The 5-step controlled improvement process
  • A detailed look at interviews, site inspections, and tools
  • The audit report

Geoff Halprin (M13pm, T3) is the principal consultant halprin_geoff at The SysAdmin Group. He has been a system administrator for the past 15 years and a consulting system administrator for over 10. Geoff specializes in data security and systems management disciplines and in the evaluation and improvement of systems management practices. He has acted as consultant to a wide variety of organizations, including government, large corporations, and several major ISPs. Geoff is also the vice-president of the System Administrators Guild of Australia (SAGE-AU) and is a member of the SAGE Executive Committee.


T4 Computer Attacks: Trends and Countermeasures
Tina Darmohray, System Experts, Inc.

Who should attend: System and network administrators who implement or maintain networks, and site managers charged with selecting and setting site security requirements. Familiarity with TCP/IP networking is a plus.

Many classic security problems, such as perimeter and host security, have become well defined and are routinely addressed by a wide range of product offerings; however, computer and network attacks are still on the rise. Effectively combating these attacks is a network and security management discipline with emerging strategies and solutions. This tutorial will cover the latest trends in computer attacks and the security precautions you can take against them, including defensive penetration analysis, host auditing, network logging solutions, and intrusion detection.

After taking this tutorial, attendees will understand the important areas of security management. They will be able to defensively assess their system and network security. Additionally, they will have an appreciation for auditing and monitoring hosts and networks for intrusions, and for storing critical information required for network forensics.

Topics include:

  • Trends in computer attacks
  • Defensive penetration analysis
  • Host and network auditing tools
  • Intrusion detection
  • Network forensics
  • Ethics, policies, and legal concerns of auditing computer communications

Tina Darmohray (T4) is a network and security consult darmohray_tina ant with over a decade of experience in administration and programming UNIX/TCP-based computers. She specializes in firewalls, Internet connections, sendmail/DNS configurations, and defensive intrusion management. Previously Tina was the lead for the UNIX support team at Lawrence Livermore National Laboratory. She was a founding board member of SAGE. She is the author of the popular SAGE jobs booklet Job Descriptions for System Administrators, she's the editor of SAGE News and Features for ;login:, the USENIX Association magazine, and she co-chaired the USENIX LISA IX conference. Tina holds a B.S. and an M.S. from the University of California, Berkeley.


T5 UNIX Security Tools: Use and Comparison
Matt Bishop, University of California, Davis

Who should attend: UNIX system, network, and security administrators who need to understand better the various security tools currently available.

The goal of this course is to assist UNIX security administrators, and other interested users, in locating and using publicly available programs to improve the security of their systems. This course will compare the uses and drawbacks of several different programs, with an emphasis on when to use which.

Topics include:

  • Tool checking and analysis: what to look for, how to analyze a tool, checking downloaded tools for security problems
  • Static analysis tools (filesystem auditing tiger, COPS)
  • Network analysis and security tools: monitors (nfsbug, nfswatch), ISS, SATAN, Gabriel, Courtney
  • Tools for privilege: managing shells (lsu)
  • Tools for logging and log analysis tools (swatch, logcheck)
  • Libraries (msystem, trustfile)
  • Tools for authentication: proactive password changers (shadow, crack)

Matt Bishop (T5) began working on problems of security bishop_matt in computer systems, and UNIX systems in particular, at Purdue, where he earned his doctorate. He subsequently worked at the Research Institute for Advanced Computer Science at NASA and taught courses in operating systems, computer security, and software engineering at Dartmouth College. Matt chaired the first USENIX Security Workshop and plays an active role in identifying and thwarting security threats. Matt has been on the faculty at UC Davis since 1993.


T6 Advanced Topics in DNS and BIND
Paul Vixie, Internet Software Consortium

Who should attend: Name-server administrators and software developers who need a deeper understanding of the DNS protocol and of the internals of BIND. Participants should already be responsible for the operation of at least one name server, should be familiar with Internet protocols such as TCP and UDP, and should be able to recognize C source code when they see it (which they will).

This tutorial will survey the DNS protocol and describe upcoming extensions to it, as well as implementation considerations in BIND.

Topics include:

  • DNS message format
  • DNS resource-record format
  • Zone file format and zone transfers
  • Incremental zone transfer
  • Dynamic update and deferred update
  • Real-time change notification
  • DHCP interaction
  • BIND current status
  • DNS security
  • DNS politics
  • BIND Version 8

After completing this tutorial, participants will know what the IETF has been up to lately, and what to expect in upcoming BIND releases. A note to those who have taken Paul's tutorials before: this tutorial will not be a rehash of prior material--new subjects will be covered.

Paul Vixie (T6) is the current maintainer of the BIND vixie_paul software system. BIND, the Berkeley Internet Name Domain, includes the name server ("named") used every-where on the Internet. Paul is also a coauthor of Sendmail: Theory and Practice (Digital Press, 1995) and serves as moderator of the comp.sources.unix newsgroup.




T7 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

This course covers a variety of topics that matter to Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information a system manager/administrator needs to run a Solaris installation effectively.

Topics include:

  • Installing and upgrading
    • Architecting an appropriate facility
    • Choosing the best hardware for your needs
    • Planning your installation, filesystem layout, post-installation steps
    • Installing (and removing) patches and packages
  • Advanced features of Solaris 2
    • CacheFS: configuring and using AutoFS
    • The /proc file system and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris
    • High-availability essentials: disk failures and recovery, RAID levels, uses and performance, H-A technology and implementation
    • Performance: how to track down and break up bottlenecks
    • Tools: Useful free tools, tool use strategies
    • Security: locking down Solaris, system modifications, tools
    • Resources and references

Peter Baer Galvin (T7) is the chief technologist for galvin_peter Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is security columnist for SunWorld, and is co-author of the Operating Systems Concepts textbook. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences.



T8am Web Application Security NEW
Mark-Jason Dominus, Consultant

Who should attend: Programmers and managers involved in the development of CGI programs and other applications designed to deliver dynamic or interactive content on the Web, and system administrators of Web servers. Participants should have some experience in developing these applications.

Interactive content on the Web is the world's biggest computer security hole. Before the WWW was invented, sane system administrators would never have considered setting up a network service that allowed an anonymous user to execute a complex program on their systems. Nevertheless, this is exactly what the Web does. Programs of formidable complexity and power are executed thousands of times every day on your systems, by unknown users in unknown locations with no supervision. If these programs are not written with great care, they can be subverted and used to steal your information or vandalize your machine.

The tutorial will include a number of case studies of programs that appear safe but aren't, and will show why "eyeball" methods of program verification are ineffective. We will spend some time discussing common problems and oversights and will show how they can be avoided. The examples will be in the Perl programming language, but the problems are not language-
specific and most of the solutions apply to programs written in any language. The tutorial will, however, spend some time discussing the unique "tainting" feature of Perl, which can detect many of these problems automatically.

We will examine the common programming error of trusting the browser, including improper use of cookies and client-side data validation. Additionally, we will take a close look at the strengths and weaknesses of authentication systems commonly used on the Web. Along the way, the tutorial will present important basic principles of security, with an emphasis on developing a sound security policy that is effective for your situation.

Mark-Jason Dominus (M7, T8am) has been involved in dominus_mark-jason computer security since 1988 and has been developing interactive Web applications since 1994. He was a system administrator and the first Webmaster at the University of Pennsylvania's Department of Computer and Information Sciences, and then became a founding staff member of Pathfinder, Time-Warner's Internet Web service, where he was the leader of the system administration and network security group. He is now an independent consultant working in the area of dynamic application development and systems and security analysis. He writes a regular column for The Perl Journal.


T9am Topics in AFS Administration NEW
Esther Filderman, Pittsburgh Supercomputing Center; Ted McCabe, MIT

Who should attend: Newer administrators of AFS, a distributed filesystem product of the Transarc corporation, who wish to further their knowledge. Working knowledge of AFS administration is required. This is not an advanced class; programming knowledge is not required, nor is access to AFS source.

This tutorial will offer both information and methods for a more efficient Cell. Participants will be walked through various parts of AFS and shown some of the internal workings.

Topics include:

  • Methods for tuning and administering AFS clients, both UNIX and NT, and the NFS/AFS translator
  • Maintaining AFS server machines: how the various server processes work together, protocols, authentication issues, and Ubik DB quorums
  • Management issues, from attaining stability through ensuring security, all while keeping track of volumes
  • Transarc's AFS Backup system, and other alternatives
  • Time-saving tricks
  • Alternatives to pure Transarc AFS, such as ARLA and DFS
  • The future of AFS

After completing this tutorial, participants will be aware of a number of ways to make their AFS administration tasks more trouble-free and efficient.

Esther Filderman (T9am) has been administrating AFS filderman_esther since its first incarnation as the file system behind the Andrew system, which was originally designed as part of an experiment by Carnegie Mellon University and IBM. She has been a system administrator for nearly 10 years. Once the 24x7 on-call person for the Andrew system, Esther is currently the senior operations specialist for the Pittsburgh Supercomputing Center, the site that, in a moment of insanity, ported AFS to Unicos.


Ted McCabe (T9am) has been administrating AFS since mccabe_ted_BW its first incarnation as the file system behind the Andrew system, which was originally designed as part of an experiment by Carnegie Mellon University and IBM. He was a system administrator at Carnegie Mellon for three years, maintaining and improving the backup system, known as Stage, that was initially developed with AFS. In 1996 Ted received an M.A. in mathematics from Boston University. Ted then returned to systems administration at Massachusetts Institute of Technology, where he has been wrestling with Transarc's backup system ever since.


T10am Dealing with Difficult People NEW
Steve Johnson, Transmeta; Dusty White, Consultant

Who should attend: Anyone who needs to deal with difficult people on the job; it will be especially useful to manager, and those who deal with difficult clients.

Do you work with some difficult people? They may be clients, employees, peers, or managers. This tutorial will discuss what makes people difficult, and how you can deal more easily with them without knuckling under.

Topics include:

  • Reaching agreement with negative people
  • Fitting loners into your group
  • Dealing with people who do not like to plan or attend meetings
  • Giving feedback constructively
  • Dealing with difficult bosses
  • How to know when to disengage from difficult people

Steve Johnson (T10am, T13pm) has been a technical johnson_steve_BW manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs. He has also been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk on management at LISA two years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at Transmeta.

Dusty White (T10am, T13pm) was an early employee of dusty_white Adobe, where she served in a variety of managerial positions. She now works as a management consultant in Silicon Valley, where she acts as a trainer, coach, and troubleshooter for technical companies.





T11pm Automating/Standardizing Operating System Installations: Solaris Jumpstart, Red Hat Kickstart, and Others . . .
Greg Kulosa, GNAC, Inc.

Who should attend: System administrators and managers responsible for multiple machines, who are charged with performing consistent and reliable operating system installs.

Installing the "MIS approved" operating system on lots of incoming hardware can become a chore at any site. It's boring for one person to do all the installs, but if you farm it out to lots of staff, how do you guarantee that all machines have identical set-ups?

Using an automated system can solve both these problems at once. We will cover the most popular methods vendors provide to automate this process, and we'll mention some home-grown and free solutions.

Topics include:

  • Why should I automate and standardize installs?
  • Using Solaris Jumpstart
    • Jumpstart overview
    • Setting up the server
    • Rules files
    • Finish script
    • Booting clients
  • Using Red Hat Linux Kickstart
    • Kickstart file
    • Creating a boot floppy
  • Brief overview of other methods
    • Norton Ghost
    • MOSIP
    • The old "clone-disk" trick

Greg Kulosa (M11pm, T11pm) has been a UNIX system kulosa_greg administrator for over eight years. He is currently a senior consultant, solving a myriad of host and networking problems for a variety of clients. In his spare time, he trains and grooms his American Quarter Horse, Jane, and goes on regular trail rides in the hills around San Francisco Bay.




T12pm Administering Backups with Legato NetWorker NEW
W. Curtis Preston, Collective Technologies

Who should attend: System administrators involved in the design, implementation, and administration of Legato NetWorker. Participants should be familiar with basic NetWorker installation and administration. Participants who are planning to use, but are not yet using, NetWorker should review the NetWorker documentation before attending this session.

Anyone who has implemented a medium to large installation of any commercial backup software package understands the challenges such a project will face. This tutorial will focus on the challenges unique to Legato NetWorker, with a heavy emphasis on automation, monitoring, and reporting. The tutorial will also answer questions all NetWorker administrators find themselves asking, and it will provide scripts that can be used to automate NetWorker.

Topics include:

  • Legato architecture
    • Master servers and storage nodes
    • Media and browse index
    • How NetWorker's dynamic parallelism works
  • System design
    • Setting client, server, and device parallelism for optimal performance
    • Determining the future size of your Networker client indexes
    • Deciding whether a client should back up to its own library or to a remote library
    • Setting up storage node fail-over
    • Determining the number of clients to put in a class
    • Deciding how many pools to use, and why
    • Designing the bootstrap backup to reduce disaster recovery time
  • System automation and Frequently Asked Questions
    • How does cloning really work? How do I clone just my full backups, or clone backups that take longer than a day to clone?
    • Why does my index get corrupted, and how can I protect against it?
    • How can I improve NetWorker's email capabilities to send my bootstrap reports somewhere other than my printer? to use a different subject line when the backup fails? to send the report to my pager if the backup fails?
    • Can NetWorker tell me when I'm LOW on volumes, instead of waiting until I'm OUT?
    • How do I automate the importing, exporting, and labeling of library volumes?
    • Can NetWorker back up a Veritas snapshoted file system?
    • How do I back up Network Appliance and Auspex systems?
    • What is the Tower of Hanoi, and what does it have to do with backups?
    • How can I get NetWorker to automatically retry failed backup jobs?
    • Is there a better way than mmrecov to recover my NetWorker server?

After completing this tutorial, participants will be able to answer all of these questions and will have the tools necessary to completely automate their NetWorker installation. They will also be aware of common pitfalls and how to avoid them.

W. Curtis Preston (T12pm), a principal consultant for preston_curtis-bw Collective Technologies, has been specializing in backup and recovery for over six years. He has designed and implemented many large Legato NetWorker installations and is also an accomplished author and speaker. (This will be his third time speaking at LISA.) Curtis has just completed work on his upcoming O'Reilly & Associates book, UNIX Backup & Recovery, which will be on the shelves this fall. Curtis's Web site is http://www.backupcentral.com/, and he can be reached at curtis@colltech.com.


T13pm Mastering an Interrupt-driven Job NEW
Steve Johnson, Transmeta; Dusty White, Consultant

Who should attend: Anyone who wants to feel more in control of the "uncontrollable" part of their job, or who manages people with interrupt-driven jobs.

How can you have an interrupt-driven job and still feel in control? The source of interruption may be your manager, or customer needs. Most people try some kind of time management, and this is surely part of the answer. However, time management alone will not allow you to avoid stress and overload. We will teach you some additional techniques.

Topics include:

  • Setting expectations realistically
  • Helping your interrupter feel heard
  • Building trust
  • Defusing irritation
  • Negotiating compromises
  • Saying no so that it will be understood and stick

Many examples will be taken from systems administration, but they can be applied much more broadly.

Steve Johnson (T10am, T13pm) has been a technical johnson_steve_BW manager on and off for nearly two decades, in both large and small companies. At AT&T, he is best known for writing Yacc, Lint, and the Portable C Compiler. He served as the head of the UNIX Languages Department at AT&T's Summit Labs. He has also been involved in a number of Silicon Valley startup companies. He served for ten years on the USENIX Board of Directors, four of them as president. He presented an invited talk on management at LISA two years ago, he has taught USENIX tutorials on technical subjects, and he has led management training seminars at Transmeta.

Dusty White (T10am, T13pm) was an early employee of dusty_white Adobe, where she served in a variety of managerial positions. She now works as a management consultant in Silicon Valley, where she acts as a trainer, coach, and troubleshooter for technical companies.



?Need help? Use our Contacts page.
Last changed: 11 Aug. 1999 mc
Conference index
Events Calendar
USENIX home