TRAINING TRACK Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File Locations: See the overview.

Sunday, June 27, 2004

S1 Hands-on Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 1 of 2) Rik Farrow, Security Consultant 9:00 a.m.–5:00 p.m. Who should attend: System administrators of Linux and other UNIX systems; anyone who runs a public UNIX server. Few people enjoy learning how to swim by being tossed into the ocean, but that's what happens if a system you manage gets hacked. You often have little choice other than to reload that system, patch it, and get it running again. This two-day class gives you a chance to work with systems that have been "hacked," letting you search for hidden files or services or other evidence of the intrusion. Examples are taken from real, recent attacks on Linux systems. You will perform hands-on exercises with dual-use tools to replicate what intruders do as well as with tools dedicated to security. The tools vary from the ordinary, such as find and strings, to less familiar but very important ones, such as lsof, scanners, sniffers, and the Sleuth Kit. The lecture portion of this class covers the background you need to understand UNIX security principles, TCP/IP, scanning, and popular attack strategies. Day Two will explore the defenses for networks and individual systems. The class will end with a discussion of the use of patching tools for Linux, including cfengine. Class exercises will require that you have an x86-based laptop computer that can be booted from a KNOPPIX CD. Macintosh owners interested in taking this class should contact the instructor, as a bootable KNOPPIX CD for the PPC may be provided as well if there is sufficient interest. Students will receive a version of Linux on CD that includes the tools, files, and exercises used in the course. If you have a laptop but don't know whether it can run a bootable Linux CD (that will not have an impact on your installed hard drive or operating systems), please download a copy of KNOPPIX (https://www.knoppix.org), burn it, and try it out. KNOPPIX support for wireless is the same as common Linux kernels (not exciting), but KNOPPIX does a superb job of handling most other hardware found in laptops. Topics include: DAY ONE: Finding hidden files and evidence of intrusion TCP/IP and its abuses hping2 probes, or xprobe with ethereal again nmap while watching with ethereal or tcpdump (connect and SYN scans) Working with buffer-overflow exploit examples Apache servers and finding bugs in scripts John the Ripper, password cracking DAY TWO: Using and modifying KNOPPIX Linux boot CD Elevation of privilege and suid shells Rootkits, and finding rootkits (chkrootkit) Sleuth Kit (looking at intrusion timelines) iptables and netfilter cfengine configuration Vulnerability scanning with nessus Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits. S2 Next Generation Storage Networking and Data Protection Jacob Farmer, Cambridge Computer Services 9:00 a.m.–5:00 p.m. Who should attend: Sysadmins running day-to-day operations and those who set or enforce budgets. This lecture is technical in nature, but it does not address command-line syntax or the operation of specific products or technologies. Rather, the focus is on general architectures and various approaches to scaling in both performance and capacity. Since storage technologies tend to be expensive, there is some discussion of the relative cost of different technologies and of strategies for managing cost and achieving results on a limited budget. There has been tremendous innovation in the data storage industry in the past few years, and this year the pace has quickened. Proprietary monolithic SAN and NAS subsystems are giving way to open-system and distributed architectures. Data-transfer protocols such as SCSI, NFS, and CIFS are facing competition from VI and DAFS. Fibre-channel and parallel SCSI interfaces are challenged by Gigabit Ethernet, iSCSI, and serial ATA. Bottlenecks imposed by I/O buses and stacks stand to be eliminated by Infiniband and RDMA. Finally, traditional file-based tape backup systems are being challenged by disk-to-disk backup and block-level backup technologies, which promise to eliminate backup windows while minimizing the chance of data loss. This tutorial describes the latest technologies to hit the market for storage networking and data protection and offers advice on how to integrate these technologies into existing environments as well as how to set up whole new systems. The first half of the lecture covers the latest technologies for primary storage: SAN and NAS architectures, virtual storage, parallel file systems, storage interfaces, etc. The second half of the lecture focuses on secondary storage: backup systems, data replication, archiving, etc. Topics include: Storage networking Fundamentals of storage networking Shortcomings of conventional SAN and NAS architectures Comparison of storage interfaces: fibre channel, SCSI, serial ATA, Infiniband, Ethernet Comparison of storage protocols: CIFS, NFS, SCSI, VI, DAFS Open systems storage virtualization The convergence of SAN and NAS High-performance file sharing (NAS on steroids) SAN-enabled file systems Wide-area file systems Parallel file systems Content-addressable storage Backup systems SAN-enabled backup systems Disk-to-disk backup Virtual tape libraries Continuous backup Data replication Integrating snapshots into the backup strategy The lastest tape technologies (LTO-2, SDLT-600, SAIT, AIT-4) Backup system reporting and diagnostics Secondary storage SANs Jacob Farmer (S2) is the CTO of Cambridge Computer Services, a specialized integrator of backup systems and storage networks. He has over 15 years' experience with storage technologies and writes an expert advice column for InfoStor magazine. He is currently writing a book on storage networking.   S3 Linux Network Service Administration Joshua Jensen, IBM 9:00 a.m.–5:00 p.m. Who should attend: This tutorial is directed at system administrators who are implementing network services and are looking for a background in the configuration of those services, as well as basics of the protocols. Attendees should have some network client/server experience and have a basic knowledge of UNIX administration, but do not need to be experienced network administrators. Both new and intermediate network administrators will leave the tutorial having learned something. From a stand-alone client attached to the Internet to a distributed network of Web servers, systems administrators are being tasked with bringing their office environments online. The network services that need to be configured in order to do this can be daunting to administrators who aren't familiar with the required applications. Configuration examples as well as overviews of the underlying protocols will give attendees the tools to implement services on their own systems. The following areas will be covered (with a special emphasis on security): Overview Network services SSH—Secure Shell with OpenSSH FTP—Explore vsftpd HTTP—Apache and Tux and Squid SMTP—Postfix MTA NFS—Network File Systems LDAP—Global authentication with OpenLDAP DHCP—DHCPD and PXE DNS—ISC's BIND NTP—Network Time LPD—Printing with cups Host-based security with TCP wrappers and Xinetd Linux packet filtering Network monitoring and logging Network utilities you should be using At the completion of the course, attendees should feel confident in their ability to set up and maintain secure network services. The tutorial will be conducted in an open manner that encourages question-and-answer interruption. Joshua Jensen (S3, M3) has worked for IBM and Cisco Systems and was Red Hat's first instructor, examiner, and RHCE. He worked with Red Hat for 4 1/2 years, during which time he wrote and maintained large parts of the Red Hat curriculum: Networking Services and Security, System Administration, Apache and Secure Web Server Administration, and the Red Hat Certified Engineer course and exam. Having been working with Linux since 1996, Joshua now finds himself having gone full circle, being now employed by IBM while working with Red Hat Linux onsite at Cisco Systems. In his spare time he dabbles in cats, fish, boats, and frequent flyer miles. S4 Network Security Protocols: Theory and Current Standards Radia Perlman, Sun Microsystems 9:00 a.m.–5:00 p.m. Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required. First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built. We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols. Armed with this conceptual knowledge of the toolkit of tricks, we describe and critique current standards. Topics include: What problems are we trying to solve? Cryptography Key distribution Trust hierarchies Public key (PKI) vs. secret key solutions Handshake issues Diffie-Hellman Man-in-middle defense Perfect forward secrecy Reflection attacks PKI standards X.509 PKIX Real-time protocols SSL/TLS IPsec (including AH, ESP, and IKE) Secure email Web security URLs HTTP, HTTPs Cookies Radia Perlman (S4) is a Distinguished Engineer at Sun Microsystems. She is known for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage-proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols and co-author of Network Security: Private Communication in a Public World, two of the top ten networking reference books, according to Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden. S5 Advanced Solaris System Administration Topics Peter Baer Galvin, Corporate Technologies, Inc. 9:00 a.m.–5:00 p.m. Who should attend: UNIX administrators who need more knowledge of Solaris administration. We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. This tutorial has been updated to include Solaris 9 features and functions. Topics include: Installing and upgrading Architecting your facility Choosing appropriate hardware Planning your installation, filesystem layout, post-installation steps Installing (and removing) patches and packages Avoiding single points of failure Advanced features of Solaris 2 Filesystems and their uses The /proc filesystem and commands Useful tips and techniques Networking and the kernel Virtual IP: configuration and uses Kernel and performance tuning: new features, adding devices, tuning, debugging commands Devices: naming conventions, drivers, gotchas Enhancing Solaris High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation Performance: how to track down and resolve bottlenecks, Solaris Resource Manager Tools: useful free tools, tool use strategies Security: locking down Solaris, system modifications, tools, SunScreen Resources and references Peter Baer Galvin (S5) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability. S6 How to Protect Your Intellectual Property: Current Developments, Issues, and Controversies Dan Appelman, HellerEhrman 9:00 a.m.–5:00 p.m. Who should attend: Computer programmers, system administrators, and executives who create, maintain, or commercially exploit software code or other innovations constituting intellectual property. No previous knowledge of intellectual property law is required. Protection options and issues vary depending on the kind of intellectual property, the innovations that incorporate them, and the goals of the companies or individuals who own them. We will address these variations as they become relevant during the tutorial. This tutorial presents an overview of intellectual property protection, followed by a discussion of current issues and some practical advice about developing an intellectual property strategy. The format is a presentation by the instructor with plenty of time to ask questions. The goal is to provide attendees with a better understanding of how the law views intellectual property, of the sensitive legal issues and potential liabilities that developers face, and of the concrete steps they can take to maximize their protection while minimizing the cost of doing so. Topics include: Overview of U.S. intellectual property law How to identify, protect, and enforce your intellectual property rights Employer vs. employee issues Cost vs. benefit with various intellectual property options Reconciling open source development with intellectual property rights Derivative works: Who owns them? Leveraging off someone else's inventions Combining your work with work done by others: What happens to IP rights? SCO and intellectual property: Fact vs. fiction Intellectual property rights in cyberspace Rights in data Submarine patents and copyrights: Strategy, or recipe for disaster? Acacia Media Technologies: Prior art and the power of a patent—the streaming media case How U.S. intellectual property law differs from IP law of other countries Enforcing your IP rights abroad: Should you bother? How to develop an intellectual property strategy Dan Appelman (S6) is a lawyer in the Silicon Valley office of a major international law firm. He has been practicing in the areas of cyberspace and software law for many years. He was the lawyer for Berkeley Software Design in the BSDI/UNIX System Laboratories (AT&T) case. Dan is the attorney for the USENIX Association and for many tech companies. He is also founding chair of his firm's Information Technology practice group, is the current chair of the California Bar's Standing Committee on Cyberspace Law, and is a member of the American Bar Association Cyberspace Committee.