Check out the new USENIX Web site.
2004 USENIX Annual Technical Conference, June 27-July 2, 2004, Boston Marriott Copley Place, Boston, MA
USENIX '03 Home  | USENIX Home  | Events  | Publications  | Membership








Open Sessions











Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File

Locations: See the overview.

Monday, June 28, 2004
M1 Hands-On Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 2 of 2) NEW!
Rik Farrow, Security Consultant
10:30 a.m.–6:00 p.m.
Linux/Open Source Security
See Part 1, S1, for the description of the first day of this tutorial.

Day two of this class focuses on practical forensics, that is, how to analyze a possibly hacked Linux or UNIX system from a system administrator's perspective. As a system administrator, you will not be acting as law enforcement, trying to find the perpetrator, but instead will be working as quickly as possible with the goal of uncovering what went wrong. Finding rootkits and backdoors on a sample hacked system gives you an idea of what you might find on other similar systems. You can also get clues about the nature of the attack by discovering the tools left behind on a system by an attacker.

The final portion of this class focuses on patching, with a discussion of cfengine. As this is the second day of a two-day, hands-on course, we will not repeat material covered on the first day, including getting the CD working with your laptop. If you plan on attending the course only the second day, you might want todownload a KNOPPIX image from, burn it to a CD, and try it with the notebook you plan on using for the class.


  • Using and modifying KNOPPIX Linux boot CD
  • Elevation of privilege and suid shells
  • Rootkits, and finding rootkits (chkrootkit)
  • Sleuth Kit (looking at intrusion timelines)
  • iptables and netfilter
  • cfengine configuration
  • Vulnerability scanning with nessus

Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. Rik Farrow He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.

M2 Solaris Internals & Architecture: Performance and Resource Management NEW!
James Mauro and Richard McDougall, Sun Microsystems, Inc.
10:30 a.m.–6:00 p.m.
Coding Sysadmin
Who should attend: System administrators, performance analysts, application architects, database administrators, software developers, and capacity planners. Anyone interested in the overall organization and structure of the Solaris kernel and in discovering how to apply that knowledge to performance tools and resource controls. The course is based on the Solaris 8 and 9 releases, but has applicability to earlier releases. Networking (TCP/IP, STREAMS) facilities and performance are not covered.

As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system is organized is required in order to design and develop applications that take maximum advantage of the various features of the operating system, understand the data made available via bundled system utilities, and optimally configure and tune a Solaris system for a particular application or load.

Topics include:

  • Virtual memory system
  • Virtual file system
  • The multi-threaded process model
  • The kernel dispatcher
  • Scheduling classes
  • Filesystem implementation
  • Resource control facilities
  • Resource management facilities

For each topic, we cover the performance and observability aspects, including relevant bundled commands and utilities and the interpretation of the data they present.

James Mauro (M2) is a Senior Staff Engineer in the Performance and Availability EngineeringJames Mauro group at Sun Microsystems. Jim's currently focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun.

Richard McDougall (M2) is an established engineer in the Performance Application Engineering Richard McDougall group at Sun Microsystems, where he focuses on large systems performance and architecture. He has over twelve years of performance tuning, application/kernel development, and capacity planning experience on many different flavors of UNIX. Richard has written a wide range of papers and tools to measure, monitor, trace, and size UNIX systems, including the memory sizing methodology for Sun, the set of tools known as MemTool to allow fine-grained instrumentation of memory for Solaris, the recent Priority Paging memory algorithms in Solaris, and many of the unbundled tools for Solaris.

M3 Linux Systems Administration
Joshua Jensen, IBM
10:30 a.m.–6:00 p.m.
Linux/Open Source Sysadmin
Who should attend: System administrators who plan to implement a Linux solution in a production environment. Attendees should be familiar with the basics of system administration in a UNIX/Linux environment: user-level commands, administration commands, and TCP/IP networking. Both novices and gurus should leave the tutorial having learned something.

From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable on other platforms. Starting with a single server and finishing with a multi-server, 1,000+ user environment, case studies will provide practical information for using Linux in the real world.

Topics include (with an emphasis on security):

  • Installation features
  • Disk partitioning and RAID
  • Networking
  • User accounts
  • Services
  • NFS and NIS
  • Security through packet filtering and SSH
  • New developments (journaling file systems, VPNs, and more)

At the completion of the tutorial, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The instructor invites questions during the presentation.

Joshua Jensen (S3, M3) has worked for IBM and Cisco Systems and was Red Hat's first instructor, examiner, and RHCE. Joshua Jensen He worked with Red Hat for 4 1/2 years, during which time he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Having been working with Linux since 1996, Joshua now finds himself having gone full circle, being now employed by IBM while working with Red Hat Linux onsite at Cisco Systems. In his spare time he dabbles in cats, fish, boats, and frequent flyer miles.

M4 Network Security Profiles: Protocol Threats, Intrusion Classes, and How Hackers Find Exploits NEW!
Brad C. Johnson, SystemExperts Corporation
10:30 a.m.–6:00 p.m.
Networking Security Sysadmin
Who should attend: Administrators, managers, auditors, those being audited, those responsible for responding to intrusions or responsible for network resources that might be targets for crackers, hackers, or determined intruders.

Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will include small amounts of HTML, JavaScript, and Tcl code and show command-line arguments and GUI-based applications.

This tutorial is focused on helping you understand how people profile your network to identify resources that might be vulnerable to attack. Simply put, the more information somebody can generate about your site (by profiling it), the more likely it is that they will be able to exploit something on it. This course will also help you recognize common protocol threats and intrusion classes.

Topics include:

  • Profiling your network and system
    • Methods and tools
    • An example of a profile
  • Intrusions
    • Awareness and statistics
    • Examples of intrusions
    • Common intrusion areas
      • Web servers
      • Web applications
      • Wireless infrastructure
      • Modems
  • Discovery/profiling tools
    • Tools: sscan, typhoon, nessus, dsniff, whisker, Sam Spade, Satan/Saint/Sara, nmap, Paros, cain, Websleuth
    • Understanding protocol tunneling
  • Protocol profiling threats
    • DNS
    • SNMP
    • Issues with handhelds
    • Web infrastructure

Brad C. Johnson (M4) is vice president of SystemExperts Corporation. Brad C. JohnsonHe has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has been published in such journals as Digital Technical Journal, IEEE Computer Society Press, Information Security Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

M5 Advanced Perl Programming NEW!
Tom Christiansen, Consultant
10:30 a.m.–6:00 p.m.
Coding Sysadmin
Who should attend: Anyone with a journeyman-level knowledge of Perl programming who wants to hone Perl skills. This class will cover a wide variety of advanced topics in Perl, including many insights and tricks for using these features effectively. After completing this class, attendees will have a much richer understanding of Perl and will be better able to make it part of their daily routine.

Topics include:

  • Symbol tables and typeglobs
    • Symbolic references
    • Useful typeglob tricks (aliasing)
  • Modules
    • Autoloading
    • Overriding built-ins
    • Mechanics of exporting
    • Function prototypes
  • References
    • Implications of reference counting
    • Using weak references for self-referential data structures
    • Autovivification
    • Data structure management, including serialization and persistence
    • Closures
  • Fancy object-oriented programming
    • Using closures and other peculiar referents as objects
    • Overloading of operators, literals, and more
    • Tied objects
  • Managing exceptions and warnings
    • When die and eval are too primitive for your taste
    • The use warnings pragma
    • Creating your own warnings classes for modules and objects
  • Regular expressions
    • Debugging regexes
    • qr// operator
    • Backtracking avoidance
    • Interpolation subtleties
    • Embedding code in regexes
  • Programming with multiple processes or threads
    • The thread model
    • The fork model
    • Shared memory controls
  • Unicode and I/O layers
    • Named Unicode characters
    • Accessing Unicode properties
    • Unicode combined characters
    • I/O layers for encoding translation
    • Upgrading legacy text files to Unicode
    • Unicode display tips
  • What's new in Perl lately
    • Switch statement
    • Defined-or operators
    • Pre-compiled modules
    • Dynamic handles
    • Virtual I/O through strings

Tom Christiansen (M5) has been involved with Perl since day zero of its Tom Christiansen initial public release in 1987. Author of several books on Perl, including The Perl Cookbook and Programming Perl from O'Reilly, Tom is also a major contributor to Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a Master's in computer science. He now lives in Boulder, Colorado.

?Need help? Use our Contacts page.

Last changed: 17 June 2004 ch