TRAINING TRACK Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File Locations: See the overview.

Monday, June 28, 2004

M1 Hands-On Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 2 of 2) Rik Farrow, Security Consultant 10:30 a.m.–6:00 p.m. See Part 1, S1, for the description of the first day of this tutorial. Day two of this class focuses on practical forensics, that is, how to analyze a possibly hacked Linux or UNIX system from a system administrator's perspective. As a system administrator, you will not be acting as law enforcement, trying to find the perpetrator, but instead will be working as quickly as possible with the goal of uncovering what went wrong. Finding rootkits and backdoors on a sample hacked system gives you an idea of what you might find on other similar systems. You can also get clues about the nature of the attack by discovering the tools left behind on a system by an attacker. The final portion of this class focuses on patching, with a discussion of cfengine. As this is the second day of a two-day, hands-on course, we will not repeat material covered on the first day, including getting the CD working with your laptop. If you plan on attending the course only the second day, you might want todownload a KNOPPIX image from https://www.knoppix.org, burn it to a CD, and try it with the notebook you plan on using for the class. Exercises: Using and modifying KNOPPIX Linux boot CD Elevation of privilege and suid shells Rootkits, and finding rootkits (chkrootkit) Sleuth Kit (looking at intrusion timelines) iptables and netfilter cfengine configuration Vulnerability scanning with nessus Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits. M2 Solaris Internals & Architecture: Performance and Resource Management James Mauro and Richard McDougall, Sun Microsystems, Inc. 10:30 a.m.–6:00 p.m. Who should attend: System administrators, performance analysts, application architects, database administrators, software developers, and capacity planners. Anyone interested in the overall organization and structure of the Solaris kernel and in discovering how to apply that knowledge to performance tools and resource controls. The course is based on the Solaris 8 and 9 releases, but has applicability to earlier releases. Networking (TCP/IP, STREAMS) facilities and performance are not covered. As an operating system, Solaris has evolved considerably, with some significant changes made to the UNIX SVR4 source base on which the early system was built. An understanding of how the system is organized is required in order to design and develop applications that take maximum advantage of the various features of the operating system, understand the data made available via bundled system utilities, and optimally configure and tune a Solaris system for a particular application or load. Topics include: Virtual memory system Virtual file system The multi-threaded process model The kernel dispatcher Scheduling classes Filesystem implementation Resource control facilities Resource management facilities For each topic, we cover the performance and observability aspects, including relevant bundled commands and utilities and the interpretation of the data they present. James Mauro (M2) is a Senior Staff Engineer in the Performance and Availability Engineering group at Sun Microsystems. Jim's currently focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim co-developed a framework for system availability measurement and benchmarking and is working on implementing this framework within Sun. Richard McDougall (M2) is an established engineer in the Performance Application Engineering group at Sun Microsystems, where he focuses on large systems performance and architecture. He has over twelve years of performance tuning, application/kernel development, and capacity planning experience on many different flavors of UNIX. Richard has written a wide range of papers and tools to measure, monitor, trace, and size UNIX systems, including the memory sizing methodology for Sun, the set of tools known as MemTool to allow fine-grained instrumentation of memory for Solaris, the recent Priority Paging memory algorithms in Solaris, and many of the unbundled tools for Solaris. M3 Linux Systems Administration Joshua Jensen, IBM 10:30 a.m.–6:00 p.m. Who should attend: System administrators who plan to implement a Linux solution in a production environment. Attendees should be familiar with the basics of system administration in a UNIX/Linux environment: user-level commands, administration commands, and TCP/IP networking. Both novices and gurus should leave the tutorial having learned something. From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable on other platforms. Starting with a single server and finishing with a multi-server, 1,000+ user environment, case studies will provide practical information for using Linux in the real world. Topics include (with an emphasis on security): Installation features Disk partitioning and RAID Networking User accounts Services NFS and NIS Security through packet filtering and SSH New developments (journaling file systems, VPNs, and more) At the completion of the tutorial, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The instructor invites questions during the presentation. Joshua Jensen (S3, M3) has worked for IBM and Cisco Systems and was Red Hat's first instructor, examiner, and RHCE. He worked with Red Hat for 4 1/2 years, during which time he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Having been working with Linux since 1996, Joshua now finds himself having gone full circle, being now employed by IBM while working with Red Hat Linux onsite at Cisco Systems. In his spare time he dabbles in cats, fish, boats, and frequent flyer miles. M4 Network Security Profiles: Protocol Threats, Intrusion Classes, and How Hackers Find Exploits Brad C. Johnson, SystemExperts Corporation 10:30 a.m.–6:00 p.m. Who should attend: Administrators, managers, auditors, those being audited, those responsible for responding to intrusions or responsible for network resources that might be targets for crackers, hackers, or determined intruders. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will include small amounts of HTML, JavaScript, and Tcl code and show command-line arguments and GUI-based applications. This tutorial is focused on helping you understand how people profile your network to identify resources that might be vulnerable to attack. Simply put, the more information somebody can generate about your site (by profiling it), the more likely it is that they will be able to exploit something on it. This course will also help you recognize common protocol threats and intrusion classes. Topics include: Profiling your network and system Methods and tools An example of a profile Intrusions Awareness and statistics Examples of intrusions Common intrusion areas Web servers Web applications Wireless infrastructure Modems Discovery/profiling tools Tools: sscan, typhoon, nessus, dsniff, whisker, Sam Spade, Satan/Saint/Sara, nmap, Paros, cain, Websleuth Understanding protocol tunneling Protocol profiling threats DNS SNMP Issues with handhelds Web infrastructure Brad C. Johnson (M4) is vice president of SystemExperts Corporation. He has participated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has been published in such journals as Digital Technical Journal, IEEE Computer Society Press, Information Security Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University. M5 Advanced Perl Programming Tom Christiansen, Consultant 10:30 a.m.–6:00 p.m. Who should attend: Anyone with a journeyman-level knowledge of Perl programming who wants to hone Perl skills. This class will cover a wide variety of advanced topics in Perl, including many insights and tricks for using these features effectively. After completing this class, attendees will have a much richer understanding of Perl and will be better able to make it part of their daily routine. Topics include: Symbol tables and typeglobs Symbolic references Useful typeglob tricks (aliasing) Modules Autoloading Overriding built-ins Mechanics of exporting Function prototypes References Implications of reference counting Using weak references for self-referential data structures Autovivification Data structure management, including serialization and persistence Closures Fancy object-oriented programming Using closures and other peculiar referents as objects Overloading of operators, literals, and more Tied objects Managing exceptions and warnings When die and eval are too primitive for your taste The use warnings pragma Creating your own warnings classes for modules and objects Regular expressions Debugging regexes qr// operator Backtracking avoidance Interpolation subtleties Embedding code in regexes Programming with multiple processes or threads The thread model The fork model Shared memory controls Unicode and I/O layers Named Unicode characters Accessing Unicode properties Unicode combined characters I/O layers for encoding translation Upgrading legacy text files to Unicode Unicode display tips What's new in Perl lately Switch statement Defined-or operators Pre-compiled modules Dynamic handles Virtual I/O through strings Tom Christiansen (M5) has been involved with Perl since day zero of its initial public release in 1987. Author of several books on Perl, including The Perl Cookbook and Programming Perl from O'Reilly, Tom is also a major contributor to Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a Master's in computer science. He now lives in Boulder, Colorado.