Check out the new USENIX Web site.
2003 USENIX Annual Technical Conference, June 9-14, 2003, Marriott Rivercenter, San Antonio, Texas
USENIX '03 Home  | USENIX Home  | Events  | Publications  | Membership



At a Glance


Technical Sessions

Guru Sessions

AFS Workshop







Program PDF



Author Instructions

Speaker Instructions

Call for Papers

Past Proceedings

Register Now! Tutorials: Overview | By Day (Monday, Tuesday, Wednesday) | By Instructor | All in One File

Monday, June 9, 2003

M1 Implementing LDAP Directories NEW
Gerald Carter, Samba Team/Hewlett-Packard

Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

Topics include:

  • Replacing NIS domains
  • Integrating Samba user accounts
  • Authenticating RADIUS clients
  • Integrating MTAs such as Sendmail, Qmail, or Postfix
  • Creating address books for mail clients
  • Managing user access to HTTP and FTP services
  • Storing DNS zone information
  • Managing printer information

Gerald Carter (M1, T2), a member of the SAMBA Team since 1998, Gerald Carter is employed by Hewlett Packard as a Software Engineer, working on SAMBA-based print appliances. He is writing a guide to LDAP for system administrators, to be published by O'Reilly. Jerry holds an M.S. in computer science from Auburn University, where he also served as a network and system administrator. He has published articles with Web-based magazines such as Linuxworld and has authored courses for companies such as Linuxcare. He recently completed the second edition of Teach Yourself SAMBA in 24 Hours (Sams Publishing).

M2 Hacking and Securing Web-Based Applications NEW
David Rhoades, Maven Security Consulting

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Although numerous commercial and freeware tools assist in locating network-level security vulnerabilities, these tools are incapable of locating application-level issues. This course will demonstrate how to identify security weaknesses for Web-enabled services that could be exploited by remote users.

With numerous real-world examples, this course is based on fact and experience, not theory. The material applies to Web portals, e-commerce, online banking, shopping, subscription-based services, and any Web-enabled application.

Topics include:

  • Information-gathering attacks: How hackers read between the lines
  • User sign-on process: Many sites contain serious flaws which expose them to the threat of bad publicity and loss of customer confidence
  • User sign-off process: Are users really signed off?
  • OS & Web server weaknesses: buffer overflows and default material
  • Encryption: Finding the weakest link
  • Session tracking
    • URL rewriting, basic authentication, and cookie: strengths and weaknesses
    • Session cloning, IP hopping, and other subtle dangers
    • A recipe for strong session IDs
  • Authentication: server, session, transactional
  • Transaction-level issues
    • Hidden form elements
    • Unexpected user input
    • GET vs. POST
    • JavaScript filters
    • Improper server logic

David Rhoades (M2) is president of Maven SecurityDavid Rhoades Consulting Inc. Since 1996 David has been providing information protection services for various Fortune 500 customers. His work has taken him across the United States, and to Europe and Asia, where he has lectured and consulted in various areas of information security. David holds a B.S. in computer engineering from Pennsylvania State University and is an instructor for the SANS Institute, the MIS Training Institute, and Sensecurity (based in Singapore).

M3 Perl for System Administration: The Networking Power Hours NEW
David N. Blank-Edelman, Northeastern University CCS

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills (important prerequisite).

After offering several successful survey courses on using Perl to make system administration easier, it is time to go deeper. In this course we'll take an hour per subject to probe how Perl can be used to work with three different network-related topics. We'll cover the necessary background material to get you jump-started and then dive into the approaches, tools and methods you need to successfully use your existing Perl skills to tame these areas.

Topics include:

  • SNMP: The Simple Network Management Protocol isn't always so simple to use or understand, but it is ubiquitous. We'll learn how to use Perl to query and configure SNMP versions 1*- and 3*-capable devices like switches, routers, and workstations.
  • Packet Play: It is not uncommon to have to sniff a network looking for specific packets (or sometimes even produce them yourself). Maybe you're debugging a network service or performing a penetration test. We'll look at both sniffing for specific packets and creating them ourselves from Perl.
  • Network Monitoring and Mapping: With SNMP and packet skills under our belt, we can begin to approach the hard topic of continuously monitoring a network and displaying the results. This module will tie together the two previous modules and work toward building simple tools to help. We'll also look at some of the more advanced free tools already built to solve this problem.
  • LDAP: If you don't already have a directory service running in your environment, chances are you will soon. It is equally likely that this directory service will be built on or be accessible by the Lightweight Directory Access Protocol. We'll see how to use Perl to perform common LDAP operations.
  • Mail: Perl is an excellent tool for speaking different mail protocols. We'll learn how to use it to send mail with SMTP and perform different mail operations using POP3 and IMAP. Once we know how to receive mail, we'll look at the process of parsing the mail to help us deal with it.
  • Potpourri: There are so many topics in the networking arena that we bend the one-topic-per-hour rule for the last hour. In this module we'll look at how to parse logs efficiently and effectively, roll your own daemons, and use encrypted transports from Perl.

David N. Blank-Edelman (M3) is the Director of Technology at the David N. Blank-Edelman Northeastern University College of Computer Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 16 years as a system/network administrator in large multi-platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has served as Senior Technical Editor for the Perl Journal.

M4 System and Network Performance Tuning
Marc Staveley, Soma Networks

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system, and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
    • NFS issues
    • Automounter and other tricks
  • Network performance, design, and capacity planning
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time

Marc Staveley (M4) works at Soma Networks,Marc Staveley where he is applying his 18 years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant, and he has also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

M5 Inside the Linux Kernel (updated for version 2.6)
Ted Ts'o, IBM Linux Technology Center

Who should attend: Application programmers and kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

This tutorial will give you an introduction to the structure of the Linux kernel, the basic features it provides, and the most important algorithms it employs.

The Linux kernel aims to achieve conformance with existing standards and compatibility with existing operating systems; however, it is not a reworking of existing UNIX kernel code. The Linux kernel was written from scratch to provide both standard and novel features, and takes advantage of the best practice of existing UNIX kernel designs.

Although the material will focus on the latest release version of the Linux kernel (v. 2.6), it will also address aspects of the development kernel codebase (v. 2.7) where its substance differs from 2.6. It will not contain any detailed examination of the source code but will, rather, offer an overview and roadmap of the kernel's design and functionality.

Topics include:

  • How the Linux kernel is organized: scheduler, virtual memory system, filesystem layers, device driver layers, and networking stacks
    • The interface between each module and the rest of the kernel, and the functionality provided by that interface
    • The common kernel support functions and algorithms used by that module
    • How modules provide for multiple implementations of similar functionality (network protocols, filesystem types, device drivers, and architecture-specific machine interfaces)
  • Basic ground rules of kernel programming (dealing with issues such as races and deadlock conditions)
  • Implementation of the most important kernel algorithms and their general properties (aspects of portability, performance, and functionality)
  • The main similarities and differences between Linux and traditional UNIX kernels, with attention to places where Linux implements significantly different algorithms
  • Details of the Linux scheduler, its VM system, and the ext2fs file system
  • The strict requirements for ensuring that kernel code is portable.
Theodore Ts'o (M5) has been a Linux kernel Theodore Ts'o developer since almost the very beginnings of Linux—he implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author for the Linux COM serial port driver and the Comtrol Rocketport driver. He architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is a Senior Technical Staff Member of IBM's Linux Technology Center.

M6 Network Security Protocols: Theory and Current Standards NEW
Radia Perlman, Sun Microsystems

Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required.

First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built.

We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols.

Armed with this conceptual knowledge of the toolkit of tricks, we describe and critique current standards.

Topics include:

  • What problems are we trying to solve?
  • Cryptography
  • Key distribution
    • Trust hierarchies
    • Public key (PKI) vs. secret key solutions
  • Handshake issues
    • Diffie-Hellman
    • Man-in-middle defense
    • Perfect forward secrecy
    • Reflection attacks
  • PKI standards
    • X.509
    • PKIX
  • Real-time protocols
    • SSL/TLS
    • IPsec (including AH, ESP, and IKE)
  • Secure email
  • Web security
    • URLs
    • Cookies
Radia Perlman (M6, T6) is a Distinguished EngineerRadia Perlman at Sun Microsystems. She is known for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage-proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and co-author of Network Security: Private Communication in a Public World, two of the top 10 networking reference books, according to Network Magazine. She is one of the 25 people whose work has most influenced the networking industry, according to Data Communications Magazine. She holds about 50 issued patents, an S.B. and S.M in mathematics and a Ph.D. in computer science from MIT and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.

M7 Advanced Topics in System Administration and Security NEW
Trent Hein and Ned McClain, Applied Trust

Who should attend: System and network administrators who are interested in picking up several new technologies in an accelerated manner.

This tutorial covers six topics of critical importance to all system administrators and power users.

  • Digital forensics tools and techniques: Investigating computer security incidents has become a necessary skill for all system administrators. We'll discuss the secrets of digital forensics, including how to find out what happened without destroying possible evidence. This section will highlight several incident investigation tools and give examples of their use in real-life scenarios.
  • Linux kernel tuning: As Linux's popularity in production environments increases, the need for knowledge on tuning a Linux kernel becomes ever so important. Whether it's performance, security, or functionality you're looking to cajole your system into, we'll give you the what to's and the how to's, and even the what you can'ts of this rare art.
  • Handling digital forensic evidence: Information collected from a digital crime scene must be handled according to a strict set of rules. We'll talk about what you should do with log files, filesystems, and other digital evidence that might be used in court. This section will get you comfortable with all aspects of evidence handling, from secure evidence collection to the chain of custody.
  • Stateful firewalls: Keeping up with the latest security technology can be a challenge, but it is essential to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering using iptables.
  • Network intrusion detection systems: New NIDS products are appearing every day. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. Leave this section with the information you need to select and implement a NIDS solution that's right for you.
  • Performance crisis case studies #3: Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you might someday face. This is a great way to gain practical knowledge in the performance arena.
Trent Hein (M7) is Trent Hein co-founder of Applied Trust Engineering. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in computer science from the University of Colorado.

Ned McClain (M7), co-founder and CTO of AppliedNed McClain Trust Engineering, lectures around the globe on applying cutting-edge technology in production computing environments. Ned holds a B.S. in computer science from Cornell University and is a contributing author to both the UNIX System Administration Handbook and the Linux Administration Handbook.

M8 Logging & Security: Building an Enterprise Logging Infrastructure
Tina Bird, Stanford University

Who should attend: System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Participants should be familiar with the UNIX and Windows operating systems and basic network security, although some review is provided.

The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems.

Every device on your network—routers, servers, firewalls, application software—spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.

Topics include:

  • The extent of the audit problem: how much data are you generating every day, and how useful is it?
  • Logfile content: improving the quality of the data in your logs
  • Logfile generation: syslog and its relatives, including building a central loghost, and integrating Microsoft Windows systems into your UNIX log system
  • Log management: centralizing, parsing, and storing all that data
  • Legal issues: what you can do to be sure you can use your logfiles for human resources issues and for legal prosecution

This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.

Tina Bird (M8), as a Computer Security Officer for Stanford University, works on the design and Tina Bird implementation of security infrastructure; providing security alerts for the 40,000-host network; healthcare information security; and extending Stanford's logging infrastructure. Tina moderates the Log Analysis and VPN mailing lists; with Marcus Ranum, she runs Tina has a B.S. in physics from the University of Notre Dame and a master's degree and Ph.D. in astrophysics from the University of Minnesota.

?Need help? Use our Contacts page.

Last changed: 30 Apr. 2003 jel