Check out the new USENIX Web site.
2002 USENIX Annual Technical Conference, June 10-15, 2002, Monterey Conference Center, Monterey, CA
Conf Home  | Register/Hotel  | Tutorials  | Tech Sessions  | FREENIX  | Exhibition  | Activities/BoFs  | At a Glance
Register Now! Tutorials: Overview | By Day (Monday, Tuesday, Wednesday) | By Instructor | All in One File

Monday, June 10, 2002>

M1 Advanced Solaris System Administration Topics
Peter Baer Galvin, Corporate Technologies

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. Updated to include Solaris 8 and several other new topics.

Topics include:

  • Installing and upgrading
  • Architecting your facility
  • Choosing appropriate hardware
  • Planning your installation, filesystem layout, post-installation
  • Installing (and removing) patches and packages
  • Advanced features of Solaris
  • File systems and their uses
  • The /proc file system and commands
  • Useful tips and techniques
  • Networking and the kernel
  • Virtual IP: configuration and uses
  • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
  • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris

Peter Baer Galvin, (M1) is the chief technologist for Peter Galvin Corporate Technologies, Inc., and was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines, is a columnist for SunWorld, and is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. Peter has taught tutorials on security and systems administration and has given talks at many conferences and institutions.

M2 An Introduction to Computer Security NEW
Avi Rubin, AT&T Labs­Research

Who should attend: Anyone with a computer science degree or the equivalent experience who is not an expert in computer security. IT managers who need to understand how to evaluate risk, what the dangers are, and what countermeasures are available. We will emphasize issues of importance to system administrators.

As more and more of our lives move online, we are exposing more of ourselves to often untraceable, malicious, and automated attack: credit card numbers, data, a group of machines that we manage, our time, our privacy. This tutorial seeks to sweep a broad brush across the field of computer security, addressing in particular the practical aspects of the field.

Topics include:

  • Assessing risk
  • Viruses and worms
  • Cryptography
  • Secure data storage and backup
  • Secure data transfer, including SSL and IPsec
  • Public Key Infrastructure (PKI)
  • Firewalls
  • Intrusion detection
  • Network sniffing and sniff detection
  • Denial-of-service attacks
  • E-commerce and privacy
Attendees should leave with a general understanding of the field and a direction for learning more about each topic covered.

Avi Rubin (M2) is Principal Researcher at avi_rubin AT&T Labs and a member of the Board of Directors of USENIX. He has been researching issues in computer security since 1991. Rubin is the author of two books on computer security: White-Hat Security Arsenal (Addison Wesley, 2001) and Web Security Sourcebook (with Dan Geer and Marcus Ranum, John Wiley &Sons, 1997). He is the author of dozens of refereed conference and journal papers, and co-authored two chapters of Peer-to-Peer (O'Reilly,2001). Rubin is also an Associate Editor of Electronic Commerce Research Journal. His latest research project, Publius, a system for circumventing censorship on the Internet, won the Index on Censorship's Freedom of Expression Award.

M3 Inside the Linux Kernel
Ted Ts'o, IBM Linux Technology Center

Who should attend: Application programmers and kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the release version of the Linux kernel, it will also address aspects of the development kernel codebase where its substance differs. It will not contain any detailed examination of the source code but will, rather, offer an overview and roadmap of the kernel's design and functionality.

Topics include:

  • How the Linux kernel is organized: scheduler, virtual memory system, filesystem layers, device driver layers, and networking stacks
  • The interface between each module and the rest of the kernel, and the functionality provided by that interface
  • The common kernel support functions and algorithms used by that module
  • How modules provide for multiple implementations of similar functionality (network protocols, filesystem types, device drivers, and architecture-specific machine interfaces)
  • Basic ground rules of kernel programming (dealing with issues such as races and deadlock conditions)
  • Implementation of the most important kernel algorithms and their general properties (aspects of portability, performance, and functionality)
  • The main similarities and differences between Linux and traditional UNIX kernels, with attention to places where Linux implements significantly different algorithms
  • Details of the Linux scheduler, its VM system, and the ext2fs file system
  • The strict requirements for ensuring that kernel code is portable

Theodore Ts'o (M3) has been a Linux ts'o_theodore kernel developer since almost the very beginnings of Linux--he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is a Senior Technical Staff Member of IBM's Linux Technology Center.

M4 System and Network Monitoring NEW
John Sellens, Certainty Solutions

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

This tutorial will introduce the concepts and functions of monitoring systems and will describe the Simple Network Management Protocol (SNMP). It will review some of the most popular monitoring tools and will cover the installation and configuration of a number of freely available monitoring packages. The emphasis will be on the practical, and the tutorial will provide examples of easy-to-implement monitoring techniques.

Topics include:

  • Monitoring—goals, techniques, reporting
  • SNMP—the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other non-SNMP tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications—introductions, use, benefits and complications, installation and configuration (Big Brother, NetSaint, SNIPS, MRTG, Cricket, etc.)
  • Special situations—remote locations, firewalls, etc.
  • Monitoring implementation roadmap—policies, practices, notifications, escalations, reporting
Participants should expect to leave the tutorial with the information needed to immediately start using a number of monitoring systems and techniques to improve their ability to manage and maintain their systems and networks.

John Sellens (M4) has been sellens_john involved in system and network administration since 1986 and is the author of several related USENIX papers and a number of ;login: articles, including the "On Reliability"series and SAGE booklet. He has a Master's degree in computer science from the University of Waterloo and is a chartered accountant. He is currently the General Manager for Certainty Solutions (formerly known as GNAC) in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada, and he was a staff member in computing and information technology at the University of Waterloo for 11 years.

M5 Sendmail Configuration and Operation (Updated for Sendmail 8.12)
Eric Allman, Sendmail, Inc.

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This intense, fast-paced tutorial is aimed at people who have already been exposed to sendmail. It describes the latest release of sendmail from Berkeley, version 8.12.

Topics include:

  • The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
  • Configuring sendmail using the M4 macro package
  • Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command line flags, tuning, and security
  • How sendmail interacts with DNS
Eric Allman (M5) is the original author eric_allman of sendmail. He is the author of syslog, tset, the -me troff macros, and trek. He was the chief programmer on the INGRES database management project, designed database user and application interfaces at Britton Lee (later Sharebase), and contributed to the Ring Array Processor project at the International Computer Science Institute. He is a former member of the USENIX Board of Directors.

M6 Socket Programming NEW
George V. Neville-Neil, Neville-Neil Consulting

Who should attend: Anyone whose responsibility it is to write or maintain code that uses the sockets API. The ability to read C code is required. A basic understanding of computer networks is a plus.

The sockets API is the most widely used and accepted set of interfaces for implementing client/server network applications. It is implemented on all flavors of UNIX, the Windows platform, and many embedded operating systems (VxWorks, PSOS, etc.). Familiarity with this API set is a must for anyone who writes or maintains network applications.

This course uses working examples to teach software engineers and programmers how to use the sockets API to create their own client and server applications. The differences between the TCP and UDP transport protocols for network applications are highlighted throughout so that the student comes away with a clear understanding of when it is appropriate to use which technology.

Topics include:

  • Overview of the TCP/IP protocols
  • Implementing a network client
  • Implementing a network server
  • Debugging network applications
  • Common pitfalls in network application programming
George Neville-Neil (M6) has worked neville-neil_georgeon networking and embedded operating system software for the last five years, most recently as a Senior Member of Technical Staff and TCP/IP Architect at Wind River Systems. He presents seminars on advanced networking subjects regularly at the PerNet colloquia series at San Francisco State University. Currently he has a consulting company working on advanced frameworks for network protocol implementation.

M7 UNIX Security Threats and Solutions NEW
Matt Bishop, University of California, Davis

Who should attend: Anyone interested in threats to UNIX security and how to deal with them.

This tutorial uses case histories to show what vulnerabilities the attackers exploited, how the system administrators might have closed those loopholes, and how the intruders were discovered. Concepts and mechanisms, as well as publicly available tools, are discussed. This course focuses on non-network problems.

  • Security policies vs. security mechanisms
  • Password security and cracking
  • Files and auditing
  • Access control mechanisms
  • Management of privileges
  • Malicious logic and the UNIX system
  • Basic vulnerabilities analysis
  • Basic incident management
  • Security holes past and current
  • Managing the humans
  • Where to get help
Matt Bishop (M7) began working on bishop_matt.gifproblems of computer security, including the security of the UNIX operating system, at Purdue, where he earned his doctorate in 1984. He worked in industry and at NASA before becoming a professor, teaching courses in computer security, cryptography, operating systems, and software engineering at both Dartmouth College and the University of California at Davis, where he teaches now. Matt's current research interests are analyzing vulnerabilities in operating systems, protocols, and software in general; denial of service; intrusion detection; and formal models of access control.

M8 FreeBSD Kernel Internals: Data Structures, Algorithms, and Networking—Part 1
Marshall Kirk McKusick, Author and Consultant

Who should attend: This two-day course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using a UNIX-like system and the C programming language. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays). Students will not need to prove relationship with a source license holder, as source code examples will be taken from the freely distributable FreeBSD system.

This course will provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces will be used as examples where they are defined. Where they are not defined, the FreeBSD interfaces will be described. The course will cover basic kernel services, process structure, virtual and physical memory management, scheduling, paging and swapping. The kernel I/O structure will be described showing how I/O is multiplexed, special devices are handled, character processing is done, and the buffer pool is managed. The implementation of the filesystem and its capabilities including updates will be described. The filesystem interface will then be generalized to show how to support multiple filesystem types such as Sun Microsystem's Network File System (NFS). The course will also cover the FreeBSD socket-based network architecture, layering, and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues will be included. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as device drivers.

Topics include:

  • Day 1 morning: Kernel Resource Management
    • Basic kernel services
    • Process structure
    • Scheduling
    • Signals
    • Virtual memory management
  • Day 1 afternoon: Kernel I/O structure
    • Special files
    • Terminal handling
    • Multiplexing I/O
    • Autoconfiguration strategy
    • Structure of a disk device driver
  • Day 2 morning: Filesystems
    • Filesystem services
    • Block I/O system (buffer cache)
    • Filesystem implementation
    • Soft Updates and Snapshots
    • Support for multiple filesystems
    • Network File System (NFS)
  • Day 2 afternoon: Networking Implementation
    • Concepts and terminology
    • Basic IPC services
    • System layers and interfaces
    • Routing issues
    • Internet protocols (TCP/IP)
Course text: Marshall Kirk McKusick, Keith Bostic, Michael J Karels, and John S. Quarterman, The Design and Implementation of the 4.4BSD Operating System (Addison-Wesley, 1996).

Marshall Kirk McKusick (M8, T8) writes books and mckusick_kirk articles, consults, and teaches classes on UNIX- and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast filesystem and oversaw the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned a B.S. in Electrical Engineering from Cornell University. At the University of California at Berkeley, he received Master's degrees in computer science and business administration, and a doctoral degree in computer science. He is past president and a current member of the USENIX Board of Directors and is a member of AAAS, ACM, and IEEE.

Tuesday, June 11, 2002    

T1 Building Secure Software NEW
Gary McGraw, Cigital

Who should attend: Developers, architects, and managers charged with developing code for security-critical and mission-critical projects (e.g., code that is intended to live on the Net), and security practitioners who must grapple with software security issues such as code review and risk analysis. Participants should have some familiarity with software development. Code examples include C, Java, and Python. This tutorial is based on material found in the book Building Secure Software, published by Addison-Wesley in their Professional Computing series.

What do wireless devices, cell phones, PDAs, browsers, operating systems, network services, public key infrastructure, and firewalls have in common? The answer is "software." Software is everywhere, and it is not usually built to be secure. This tutorial explains why the key to proactive computer security is making software behave. With software complexity growing alarmingly--the source code base for Windows XP is 40 million lines--we have our work cut out for us. Clearly, the penetrate-and-patch approach is non-optimal. Even worse is bolting security mechanisms on as an afterthought. Building software properly, both at the design and the implementation level, is a much better approach. This tutorial takes an in-depth look at some common software security risks, including buffer overflows, race conditions, and random number generation, and goes on to discuss essential guidelines for building secure software. A risk-driven approach to software security which integrates analysis and risk management throughout the software lifecycle is the key to better computer security.

Topics include:

  • Aligning security goals and software project goals
  • Software risk management
  • Performing risk analysis
  • Integrating securing into the software lifecycle
  • Code-scanning technology
  • Common software security risks
  • Design versus implementation risks
  • Building software security capability
  • Open source and security
  • Guidelines for building secure software
Upon completion of this tutorial, participants will understand why software security is essential to any organization building Net-enabled software, how to avoid common security problems, and how to design more secure software.

Gary McGraw (T1) Cigital Inc.'s mcgraw_gary CTO, researches soft ware security and sets technical vision in the area of software risk management. Dr. McGraw is co-author of four popular books: Java Security (Wiley, 1996), Securing Java (Wiley, 1999), Software Fault Injection (Wiley 1998), and Building Secure Software (Addison-Wesley, 2001). He consults with major e-commerce vendors, including Visa, MasterCard, and the Federal Reserve, functions as principal investigator on several government grants, and serves on commercial and academic advisory boards. Dr. McGraw holds a dual Ph.D. in cognitive science and computer science from Indiana University and a B.A. in philosophy from UVa.

T2 Issues in UNIX Infrastructure Design
Lee Damon, University of Washington

Who should attend: Anyone who is designing, implementing, or maintaining a UNIX environment with 2 to 20,000+ hosts. System administrators, architects, and managers who need to maintain multiple hosts with few admins.

This tutorial won't propose one "perfect solution." Instead, it will try to raise all the questions you should ask in order to design the right solution for your needs.

Topics include:

  • Administrative domains: Who is responsible for what? What can users do for themselves?
  • Desktop services vs. farming
  • Disk layout
  • Free vs. purchased solutions: Do you write your own, or do you outsource?
  • Homogeneous vs. heterogeneous
  • Master database: What do you need to track, and how?
  • Policies to make your life easier
  • Push vs. pull: Do you force data to each host, or wait for a client request?
  • Quick replacement techniques: How to get the user back up in 5 minutes
  • Remote install/upgrade/patching: How can you implement lights-out operation? Handle remote user sites? Keep up with vendor patches?
  • Scaling and sizing: How do you plan?
  • Security vs. sharing
  • Single sign-on: Can one-password access to multiple services be secure?
  • Single system images: Should each user see everything the same way, or should each user's access to each service be consistent with his/her own environment?
  • Tools: What's free? What should you buy? What can you write yourself?

Lee Damon (T2) holds a B.S. damon_lee in speech communication from Oregon State University. He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He has developed several large-scale mixed environments. He is a member of the SAGE Ethics Working Group and was one of the commentators on the SAGE Ethics document. He has championed awareness of ethics in the system administration community, including writing ethics concerns into policy documents.

T3 Solaris Internals: Architecture, Tips, and Tidbits
James Mauro and Richard McDougall, Sun Microsystems, Inc.

Who should attend: Software engineers, application architects and developers, kernel developers, device driver writers, system administrators, performance analysts, capacity planners, Solaris users who wish to know more about the system they're using and the information available from bundled and unbundled tools, and anyone interested in operating system internals.

The installed base of Solaris systems being used for various commercial data-processing applications across all market segments and scientific computing applications has grown dramatically over the last several years, and it continues to grow. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system works is required in order to design and develop applications that take maximum advantage of the various features of the operating system, to understand the data made available via bundled system utilities, and to optimally configure and tune a Solaris system for a particular application or load.

Topics include the major subsystems of the Solaris 8 kernel. We review the major features of the release and take a look at how the major subsystems are tied together. We cover in detail the implementation of Solaris services (e.g. system calls) and low-level functions, such as synchronization primitives, clocks and timers, and trap and interrupt handling. We discuss the system's memory architecture; the virtual memory model, process address space and kernel address space, and memory allocation. The Solaris process/thread model is discussed, along with the kernel dispatcher and the various scheduling classes implemented and supported. We cover the Virtual File System (VFS) subsystem, the implementation of the Unix File System (UFS), and file IO-related topics.

All topics are covered with an eye to the practical application of the information, such as for performance tuning or software development. Solaris networking (topics related to TCP/IP and STREAMS) is not covered in this course.

After completing this course, participants will have a solid understanding of the internals of the major areas of the Solaris kernel that they will be able to apply to systems performance analysis, tuning, load/ behavior analysis, and application development.

James Mauro (T3) is a Senior Staff Engineer mauro_james in the Performance and Availability Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. He co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun. Jim co-authored Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, 2000).

T4 Topics in UNIX and Linux Administration, Part 1 NEW
Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics.

Topics include:

  • Logical Volume Management for Linux: Logical volume support for Linux has brought storage flexibility and high availability to the masses. By abstracting physical storage devices, logical volumes let you grow and shrink partitions, efficiently back up databases, and much more. We'll talk about Linux LVM, what you need to get it up and running, and how to take advantage of its many features.
  • Security Packet Filtering Primer: What does the word "firewall" really mean, and how do you set up a packet filter list to implement a basic one? We'll teach you the dos and don'ts of creating a tough packet filter, and talk specifically about capabilities of packages available for Linux.
  • What's New in BIND9? BINDv9 includes a long laundry list of features needed for modern architectures, huge zones, machines serving a zillion zones, co-existence with PCs, security, and IPv6--specifically, dynamic update, incremental zone transfers, DNS security via DNSSEC and TSIG, A6, and DNAME records. We'll talk about the gory details of these new features.
  • Network Server Performance Tuning: Instead of throwing expensive hardware at a performance problem, consider that many performance problems are really due to misconfigured networks, systems, and applications. We'll focus on Linux and UNIX performance tuning, with an emphasis on low-cost, high-impact strategies and solutions.
  • Security Crisis Case Studies: Before your very eyes, we'll dissect a set of security incident case studies using many tools available on your system or from the Net. We'll specifically describe how to avoid common security-incident pitfalls.
  • Policy and Politics: Many of the policies and procedures followed at a site are carefully filed in the sysadmin's head. With the worldwide Net invading your local site, these secrets need to be written down, run by lawyers, and followed by your sysadmin staff. We will discuss approaches to these tasks, both good and bad, and illustrate with war stories, sample policy agreements, and procedure checklists.

Trent Hein (T4, W4) is co-founder hein_trent of Applied Trust Engineering. Previously, he was the CTO at XOR Inc., where he focused on using UNIX and Linux in production-grade commercial environments.Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado. Email him at

T5 Perl for System Administration—The Power and the Praxis
David N. Blank-Edelman, Northeastern University CCS

Who should attend: People with system administration duties, advanced-beginner to intermediate Perl experience, and a desire to make their jobs easier and less stressful in times of sysadmin crises.

Perl was originally created to help with system administration, so it is a wonder that there isn't more instructional material devoted to helping people use Perl for this purpose. This tutorial hopes to begin to remedy this situation by giving you six solid hours of instruction geared towards putting your existing Perl knowledge to practice in the system administration realm.

The morning section will concentrate on the power of Perl in this context. Based on the instructor's O'Reilly book, we'll take a multi-platform look at using Perl in cutting-edge and old-standby system administration domains. This jam-packed survey will include:

  • Secure Perl scripting
  • Dealing with files and file systems (including source control, XML, databases, and log files)
  • Dealing with SQL databases via DBI and ODBC
  • Email as a system administration tool (including spam analysis)
  • Network directory services (including NIS, DNS, LDAP, and ADSI)
  • Network management (including SNMP and WBEM)
In the afternoon, we will look at putting our Perl knowledge to work for us to solve time-critical system administration problems using short Perl programs. Centered around a set of "battle stories" and the Perl source code used to deal with them, we'll discuss different approaches to dealing with crises using Perl.

At the end of the day, you'll walk away from this class with Perl approaches and techniques that can help you solve your daily system administration problems. You'll have new ideas in hand for writing small Perl programs to get you out of big sysadmin pinches. And on top of all this, you are also likely to deepen your Perl knowledge.

David N. Blank-Edelman (T5) blank_edelman is the Director of Technology at the Northeastern University College of Computer Science and the author of Perl for System Administration (O'Reilly). He has spent the last 15 years as a system/network administrator in large multi-platform environments and has served as Senior Technical Editor for the Perl Journal. He has also written many magazine articles on world music.

T6 Real-World Intrusion Detection: Problems and Solutions
Phil Cox and Mark Mellis, SystemExperts Corporation

Who should attend: System and network administrators who implement or maintain intrusion detection systems, managers charged with selecting and setting intrusion detection requirements, and anyone who wants to know the details of how to make intrusion detection work. Familiarity with TCP/IP networking is a plus.

In today's increasingly networked world, intrusion detection is essential for protecting resources, data, and reputation. It's a rapidly evolving field with several models and deployment methods from which to choose.

After taking this tutorial, attendees will understand the fundamental concepts of intrusion detection and will gain practical insights into designing, deploying, and managing intrusion detection systems in the real world.

Topics include:

  • Why intrusion detection?
  • ID and the organization
  • Intrusion detection basics
    • Terms and definitions
    • Host-based systems
    • Network-based systems
    • Hybrid systems
  • How attackers attempt to bypass IDS systems
  • Case studies for small, medium, and large deployments
Philip Cox (T6, W2) is a consultant cox_philwith SystemExperts Corporation. Phil frequently writes and lectures on issues of UNIX and Windows NT integration and on information security. He is the lead author of Windows 2000 Security Handbook, 2nd Edition (Osborne McGraw-Hill), a contributing author of Windows NT/2000 Network Security (Macmillan Technical Publishing), and a featured columnist in ;login: The Magazine of USENIX & SAGE. He has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.

Mark Mellis (T6) is a consultant mark_melliswith SystemExperts Corporation. Over the past two years, Mark has assisted several premier Internet companies in responding to major network attacks and has designed and implemented robust infrastructure to limit future exposure. Mark was the Principal of Mellis and Associates, where he provided network consulting services to various high-tech firms. Mark attended the University of Washington, where he studied physics.

T7 Practical UNIX Cryptography NEW
Craig Hunt,

Who should attend: System administrators interested in using the cryptographic tools that are now available for UNIX. System administrators interested in practical configuration examples will benefit the most. Attendees need basic system administration skills and knowledge of UNIX configuration to reap the greatest benefit from this course.

Export restrictions have eased, and the RSA patent has expired, removing legal barriers to strong encryption. Soon all Linux and UNIX systems will ship with built-in cryptographic capabilities. System administrators need to understand what those tools can and cannot do for them and how to use the tools. This course outlines the current state of cryptographic support in UNIX and shows attendees how to make use of SSL and SASL services. The network protocols that underlie these cryptographic services are described. Practical advice about using strong authentication and encrypted data streams is given. This tutorial provides detailed, practical examples of installing, configuring, and using OpenSSL and SASL to support encryption for applications such as Apache. Installation, configuration and use of encryption tools such as SSH and GPG are also covered.

  • The basics
    • Threats to data
    • Types of encryption and their roles
  • Simple Authentication and Security Layer (SASL)
    • The role of SASL
    • Terminology
    • Supported authentication techniques
    • Installation, configuration, and use
  • GNU Privacy Guard (GPG)
    • The role of GPG
    • Obtaining and installing GPG
    • Encrypting and protecting email
  • Secure Shell (SSH)
    • The role of SSH
    • SSH protocol
    • Obtaining and installing SSH
    • Client and server configuration
    • Key distribution issues
  • Secure Sockets Layer (SSL)
    • The role of SSL
    • TLS protocol
    • Certificates
    • Obtaining, configuring, and using OpenSSL
    • Using OpenSSL with Apache
    • Securing services with stunnel
Craig Hunt (T7) is the author of the hunt_craig best-sellers TCP/IP Network Administration (O'Reilly) and Linux Network Servers 24seven (Sybex). Craig is also the series editor for the Craig Hunt Linux Library from Sybex, a library of advanced system administration books. He has more than 20 years of computer experience and more than 10 years experience in training computer science professionals. He is a well-known lecturer, who speaks about networking and Linux at USENIX, LinuxWorld, Networld+Interop, COMDEX, ComNet, and the Open Source Software Convention.

T8 FreeBSD Kernel Internals: Data Structures, Algorithms, and Networking—Part 2
Marshall Kirk McKusick, Author and Consultant

Please see the description under M8.

Marshall Kirk McKusick (M8, T8) writes books and mckusick_kirk articles, consults, and teaches classes on UNIX- and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast filesystem and oversaw the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned a B.S. in Electrical Engineering from Cornell University. At the University of California at Berkeley, he received Master's degrees in computer science and business administration, and a doctoral degree in computer science. He is past president and a current member of the USENIX Board of Directors and is a member of AAAS, ACM, and IEEE.

Wednesday, June 12, 2002    

W1 Blueprints for High Availability: Designing Resilient Distributed Systems
Evan Marcus, VERITAS Software Corporation

Who should attend: Beginning and intermediate UNIX system and network administrators, and UNIX developers concerned with building applications that can be deployed and managed in a highly resilient manner. A basic understanding of UNIX system programming, UNIX shell programming, and network environments is required.

This tutorial will explore procedures and techniques for designing, building, and managing predictable, resilient UNIX-based systems in a distributed environment. We will discuss the trade-offs among cost, reliability, and complexity.

Topics include:

  • What is high availability? Who needs it?
  • Defining uptime and cost; "big rules" of system design
  • Disk and data redundancy; RAID and SCSI arrays
  • Host redundancy in HA configs
  • Network dependencies
  • Application system programming concerns
  • Anatomy of failovers: applications, systems, management tools
  • Planning disaster recovery sites and data updates
  • Security implications
  • Upgrade and patch strategies
  • Backup systems: off-site storage, redundancy, and disaster recovery
  • Managing the system: managers, processes, verification

Evan Marcus (W1), who has 14 years marcus_evan of experience in UNIX systems administration, is now a Senior Systems Engineer and High Availability Specialist with VERITAS Software Corporation. At Fusion Systems and OpenVision Software, Evan worked to bring the first high-availability software application for SunOS and Solaris to market. He is the author of several articles and talks on the design of high availability systems and is the co-author, with Hal Stern, of Blueprints for High Availability: Designing Resilient Distributed Systems (John Wiley & Sons, 2000).

W2 Practical Wireless IP: Concepts, Administration, and Security
Philip Cox and Brad C. Johnson, SystemExperts Corporation

Who should attend: Users, administrators, managers, and others interested in learning about some of the fundamental security and usage issues around wireless IP services. This tutorial assumes some knowledge of TCP/IP networking and client/server computing, the ability or willingness to use administrative GUIs to set up a device, and a general knowledge of common laptop environments.

Whether you like it or not, wireless services are popping up everywhere. And you and your organization will be responsible for understanding and managing the devices you possess. Since the purpose of wireless is to share data when you aren't directly attached to a wired resource, you need to understand the fundamental security and usage options. In this tutorial we will cover a number of topics that affect you in managing and using wireless services. Some of the topics will be demonstrated live using popular wireless devices.

Topics include:

  • Cellular services basics
    • What's out there?
    • Who's using what?
    • What really matters?
    • Wireless LAN fundamentals
    • Architecture
    • Threats
    • 802.11b
    • Configuration examples
    • Antennas
  • Access points
    • Channels, placement
    • Bandwidth, aggregation
    • Congestion
    • Roaming, signals
    • General issues
    • Sniffers
    • Building your own access point
    • 802.11a
Philip Cox (T6, W2) is a consultant cox_philwith SystemExperts Corporation. Phil frequently writes and lectures on issues of UNIX and Windows NT integration and on information security. He is the lead author of Windows 2000 Security Handbook, 2nd Edition (Osborne McGraw-Hill), a contributing author of Windows NT/2000 Network Security (Macmillan Technical Publishing), and a featured columnist in ;login: The Magazine of USENIX & SAGE. He has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.

Brad C. Johnson (W2) is vice johnson_brad president of SystemExperts Corporation. He has participated in the Open Software Foundation, X/Open, and the IETF, and has often published about open systems. Brad has served as a security advisor to organizations such as Dateline NBC and CNN. He is a frequent tutorial instructor and conference speaker on network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

W3 Building Honey Pots for Intrusion Detection NEW
Marcus Ranum, NFR Security, Inc.

Who should attend: System and network managers with administrative skills and a security background. The tutorial examples will be based on UNIX/Linux. While the materials may be of interest to a Windows/NT administrator, attendees will benefit most if they have at least basic UNIX system administration skills.

This class provides a technical introduction to the art of building honey pot systems for intrusion detection and burglar-alarming networks. Students completing this class will come away armed with the knowledge that will enable them to easily assemble their own honey pot, install it, maintain it, keep it secure, and analyze the data from it.

Topics include:

  • Introduction
    • IDSes
    • Fundamentals of burglar alarms
    • Fundamentals of honey pots
    • Fundamentals of log-data analysis
    • Spoofing servers
  • Overview of our honey pot's design
    • System initialization
    • Services
    • Spoofing server implementation walkthrough
    • Multiway address/traffic manipulation
    • Logging architecture: syslogs, XML logs, statistical processing
    • Simple tricks for information visualization
  • Crunchy implementation details
    • How to write spoofing rules
    • How to write log filtering rules
  • Management
    • How to get help in analyzing attacks
    • Keeping up to date
Auxiliary materials: Attendees will receive a bootable CD-ROM containing a mini UNIX kernel and preconfigured software, and will also have source-code access to the honey pot building toolkit. Attendees may also wish to review The Honeynet Project, eds., Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (Addison-Wesley, 2001).

Marcus Ranum (W3) is founder ranum_marcus and CTO of NFR Security, Inc. He has been working in the computer/network security field for over 14 years and is credited with designing and implementing the first commercial Internet firewall product. Marcus also designed and implemented other significant security technologies, including the TIS firewall toolkit and the TIS Gauntlet firewall. As a researcher for ARPA, Marcus set up and managed the email server. Widely known as a teacher and industry visionary, he has been the recipient of both the TISC Clue award and the ISSA lifetime achievement award. Marcus lives in Woodbine, Maryland, with his wife, Katrina, and a small herd of cats.

W4 Topics in UNIX and Linux Administration, Part 2 NEW
Trent Hein and Ned McClain, Applied Trust; Evi Nemeth, University of Colorado

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner. The format consists of six topics.

Topics include:

  • Efficient Server Log Management: Server and network device logs are one of the most useful sources of performance and security information. Unfortunately, system logs are often overlooked by organizations, out of either a lack of time or a preference for information from fancier intrusion detection systems. We present a set of open source tools and a unified strategy for securely managing centralized system logs.
  • What's New with Sendmail: Newer versions of sendmail ship with a wealth of features every system administrator should know about. From advanced virus and spam filtering (Milter), to IPv6, to improved LDAP and mailbox abstraction support, we discuss sendmail's hot new features, quirks, and tricks.
  • Performance Crisis Case Studies: Trying to squeeze more performance out of your existing environment? We'll walk you through the pathology of actual performance crisis situations we've encountered, and talk not only about how to fix them but also how to avoid them altogether. There's nothing like learning from real-world situations!
  • Security Tools: A new generation's worth of security management tools are on the loose. We'll help you understand how to use them to your advantage. We'll examine network scanning tools such as Nessus and nmap, as well as new tools to facilitate security forensics.
  • Site Localization and Management: Wouldn't it be nice if new system arrivals meant pushing a button and watching the localization work happen magically before your eyes? Imagine if systems at your site all shared a consistent configuration! We'll talk about modern tools for localization and mass deployment of systems, and how to keep systems up-to-date on a going forward basis.
  • Security Incident Recovery: You've been vigilant about your site's security, but the day still comes when you detect an intruder. How do you handle the situation, analyze the intrusion, and restore both security and confidence to your environment? This crash course in incident handling will give you the skills you need to deal with the unthinkable.

Evi Nemeth (T4, W4), a faculty nemeth_evi member in computer sci ence at the University of Colorado, has managed UNIX systems for the past 25 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook. Evi is about to get out of the UNIX and networking worlds and explore the real world on a sailboat.

W5 Exploring the Potential of LDAP
Gerald Carter, Hewlett Packard

Who should attend: Administrators and programmers interested in the potential of the Lightweight Directory Access Protocol (LDAP) and in exploring issues related to deploying an LDAP infrastructure. This tutorial is not a how-to for a specific LDAP server, nor is it an LDAP developers' course. Rather, it is an evaluation of the potential of LDAP to allow the consolidation of existing deployed directories. No familiarity with LDAP or other Directory Access Protocols will be assumed.

System administrators today run many directory services, though they may be called by such names as DNS and NIS. LDAP, the up-and-coming successor to the X500 directory, promises to allow administrators to consolidate multiple existing directories into one. Vendors across operating-system platforms are lending support. Topics include:

  • The basics of LDAP
  • Current technologies employing LDAP services
  • Replacing NIS using LDAP
  • Integrating authentication mechanisms for other services (e.g., Apache, Sendmail, Samba) with LDAP
  • LDAP interoperability with other proprietary directory services, such as Novell's NDS and Microsoft's Active Directory
  • Programming tools and languages available for implementing LDAP support in applications
Gerald Carter (W5), a member carter_gerald of the Samba Team since 1998, is employed by Hewlett Packard as a Software Engineer, working on Samba-based print appliances. He is writing a guide to LDAP for system administrators to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and systems administrator. Gerald has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself Samba in 24 Hours (Sams Publishing).

W6 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore techniques for tuning systems, networks, and application code. Starting from a single-system view, we'll examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll move on to Network File System tuning and performance strategies. Detailed treatment of network performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and controlling response time will be covered. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided. Topics include:

  • Performance tuning strategies
    • Practical goals
    • Monitoring intervals
    • Useful statistics
    • Tools, tools, tools
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
  • NFS performance tuning
    • NFS server constraints
    • NFS client improvements
    • NFS over WANs
    • Automounter and other tricks
  • Network performance, design, and capacity planning
    • Locating bottlenecks
    • Demand management
    • Media choices and protocols
    • Network topologies: bridges, switches, routers
    • Throughput and latency
    • Modeling resource usage
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time
Marc Staveley (W6) recently took staveley_mark a position with Soma Networks, where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc has been an independent consultant and has held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

W7 Cisco's Security Features: What They Are, Where to Use Them, How to Configure Them NEW
John Stewart, Digital Island, Inc.

Who should attend: Network and system administrators running Cisco networks, and security professionals.

It's common knowledge that over 85% of all Internet traffic crosses a Cisco product at one time or another. Given this fact, it is obvious that improving security on Cisco products can improve the overall security of your site as well as the overall security of the Internet. However, the security features available in Cisco products can be a discipline in themselves. This class takes a nuts-and-bolts approach to deciding which Cisco security features to use, and when and where to use them. A sample network is used as the basis for the class. For each area, sample uses and actual configuration techniques are discussed. Topics include:

  • Perimeter Security
    • Cisco Access Control Lists (ACLs)
    • Lock and key
    • TCP intercept
    • Context-Based Access Control (CBAC)
    • Firewalling technologies compared and contrasted
    • PIX
    • IOS
  • Access Lists revealed
    • Basic vs. extended
    • Where and how to use ACLs
    • Event logging
    • Per-user ACLs on dial-up ports
  • Router-to-router security
    • Shared symmetrical application keys
    • Distributed Director
    • Remote access
    • Route authentication
  • User security
    • Authentication, Authorization, Accounting (AAA)
    • TACACS
    • Fixed, OTP, SecureCard
    • RADIUS
    • Kerberos
  • IPSec
    • Current standards update
    • Deploying IPSec with other technologies
    • ISAKMP/Oakley
    • Availability
    • Configuring and using IPSec
  • Network Address Translation (NAT)
    • Hiding your company
    • Hiding your Web servers
    • Using NAT over dial-up
  • VPN
    • VPDNs
    • GRE tunnels
    • Layer 2 Forwarding (L2F)
    • L2TP tunnels
John Stewart (W7) is the Chief Security Officer at Digital Island, Inc., a cable stewart_john and wireless company. Prior to his work at Digital Island, he helped architect Cisco's Web site and worked on the security teams at Cisco and at NASA Ames Research Center. John, who is the co-author of the W3C's "WWW Security FAQ," has been teaching at the SANS and Network Security conferences since 1996 and serves on a number of technical advisory boards. He holds a B.S. and M.S. in computer science from Syracuse University.

W8 PHP: Scripting the Web NEW
Rasmus Lerdorf, Consultant

Who should attend: Web site designers or programmers working on Web-related projects. No programming background is required, but a basic understanding of HTML and HTTP is assumed.

PHP is a popular scripting language used for creating dynamic Web sites. This tutorial, taught by the original developer of the language, will cover all the main features of the language.

Topics include:

  • History
  • Language overview
  • Sessions
  • Error handling
  • Database examples
  • Creating graphics on the fly
  • Creating PDF and Flash on the fly
  • Caching, content compression, and other tips
  • Content management
  • Extending PHP
Anybody involved with Web development will come out of this tutorial with some new approaches to common problems.

Rasmus Lerdorf (W8) has lerdorf_rasmusbeen designing large-scale UNIX-based solutions since 1989. In the Open Source community, he is known mostly as the creator of the PHP scripting language. Rasmus has contributed to a number of Apache-related projects and is a member of the Apache core team. He currently lives in the San Francisco Bay Area with his wife, Christine. He can be reached at

?Need help? Use our Contacts page.
Last changed: 15 Mar. 2002 jr
USENIX '02 Home
Events calendar