Check out the new USENIX Web site.
Check out the new USENIX Web site.
18th Large Installation System Administration Conference, November 14-19, Atlanta, GA
LISA '04 Home            USENIX Home            Events            Publications            Membership


Author/Speakers

TRAINING TRACK

Overview | By Day (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday) | By Instructor | All in One File

Sunday, November 14, 2004
S1 Hands-on Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 1 of 2) NEW!
Rik Farrow, Security Consultant
9:00 a.m.–5:00 p.m.

Who should attend: System administrators of Linux and other UNIX systems; anyone who runs a public UNIX server.

Few people enjoy learning how to swim by being tossed into the ocean, but that's what happens if a system you manage gets hacked. You often have little choice other than to reload that system, patch it, and get it running again. This two-day class gives you a chance to work with systems that have been "hacked," letting you search for hidden files or services or other evidence of the intrusion. Examples are taken from real, recent attacks on Linux systems. You will perform hands-on exercises with dual-use tools to replicate what intruders do as well as with tools dedicated to security. The tools vary from the ordinary, such as find and strings, to less familiar but very important ones, such as lsof, scanners, sniffers, and the Sleuth Kit.

The lecture portion of this class covers the background you need to understand UNIX security principles, TCP/IP, scanning, and popular attack strategies.

Day Two will explore the defenses for networks and individual systems. The class will end with a discussion of the use of patching tools for Linux, including cfengine.

Class exercises will require that you have an x86-based laptop computer that can be booted from a KNOPPIX CD. Macintosh owners interested in taking this class should contact the instructor, as a bootable KNOPPIX CD for the PPC may be provided as well if there is sufficient interest. Students will receive a version of Linux on CD that includes the tools, files, and exercises used in the course. If you have a laptop but don't know whether it can run a bootable Linux CD (that will not have an impact on your installed hard drive or operating systems), please download a copy of KNOPPIX (https://www.knoppix.org), burn it, and try it out. KNOPPIX support for wireless is the same as common Linux kernels (not exciting), but KNOPPIX does a superb job of handling most other hardware found in laptops.

Exercises include:

DAY ONE:

  • Finding hidden files and evidence of intrusion
  • TCP/IP and its abuses
  • hping2 probes while using ethereal
  • nmap while watching with ethereal or tcpdump (connect and SYN scans)
  • Working with buffer-overflow exploit examples
  • Apache servers and finding bugs in scripts
DAY TWO:
  • John the Ripper, password cracking
  • Elevation of privilege and suid shells
  • Rootkits, and finding rootkits (chkrootkit)
  • Sleuth Kit (looking at intrusion timelines)
  • iptables and netfilter
  • cfengine configuration
Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. Rik Farrow He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.

S2 System and Network Monitoring
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m.

Who should attend: Network and system administrators interested in real-life, practical, host- and network-based monitoring of their systems and networks. Participants should have an understanding of the fundamentals of networking, basic familiarity with computing and network components, and some familiarity with UNIX and scripting languages.

Participants will leave this tutorial able to immediately start using a number of monitoring systems and techniques that will improve their ability to manage and maintain their systems and networks.

Topics include:

  • Monitoring: goals, techniques, reporting
  • SNMP: the protocol, reference materials, relevant RFCs
  • Introduction to SNMP MIBs (Management Information Bases)
  • SNMP tools and libraries
  • Other (non-SNMP) tools
  • Security concerns when using SNMP and other tools on the network
  • Monitoring applications: introductions, use, benefits and complications, installation and configuration (Big Brother, Nagios, SNIPS, MRTG, Cricket, etc.)
  • Special situations: remote locations, firewalls, etc.
  • Monitoring implementation roadmap: policies, practices, notifications, escalations, reporting
John Sellens (S2, M2) has been involved in system and network administration John Sellens since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

S3 Seven Habits of the Highly Effective System Administrator NEW!
Mike Ciavarella, University of Melbourne, and Lee Damon, University of Washington
9:00 a.m.–5:00 p.m.

Who should attend: Junior system administrators with anywhere from little to 3+ years of experience in computer system administration. We will focus on enabling the junior system administrator to "do it right the first time." Some topics will use UNIX-specific tools as examples, but the class is applicable to any sysadmin and any OS. Most of the material covered is "the other 90%" of system administration—things every sysadmin needs to do and to know, but which aren't details of specific technical implementation.

We aim to accelerate the experience curve for junior system administrators by teaching them the time honored tricks (and effective coping strategies) that experienced administrators take for granted and which are necessary for successful growth of both the administrator and the site.

The class covers many of the best practices that senior administrators have long incorporated in their work. We will touch on tools you should use, as well as tools you should try to avoid. We will touch on things that come up frequently, as well as those which happen only once or twice a year. We will look at a basic security approach.

We will talk about issues such as why your computers should all agree on what time it is, why root passwords should not be the same on every computer, why backing up every filesystem on every computer is not always a good idea, policies - where you want them and where you might want to avoid them. Ethical issues, growth and success as a solo-sysadmin as well as in small, medium, and large teams. We will discuss training, mentoring and personal growth planning as well as site planning, budgeting and logistics. We will discuss books that can help you and your users.

Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation sinceMike Ciavarella he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching Software Engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

Lee Damon (S3) has a B.S. in Speech Communication from Oregon State University.Lee Damon He has been a UNIX system administrator since 1985 and has been active in SAGE since its inception. He assisted in developing a mixed AIX/SunOS environment at IBM Watson Research and has developed mixed environments for Gulfstream Aerospace and QUALCOMM. He is currently leading the development effort for the Nikola project at the University of Washington Electrical Engineering department. He chaired the SAGE Ethics Working Group and coordinated authorship of the initial draft of the current document. He has championed awareness of ethics in the system administration community, including writing it into policy documents.

S4 Solaris Kernel Performance, Observability, and Debugging NEW!
James Mauro and Richard McDougall, Sun Microsystems
9:00 a.m.–5:00 p.m.

Who should attend: System/database administrators and performance analysts wanting to obtain a deeper understanding of the key Solaris subsystems, as well as the tools and facilities that can be used to observe, trace, debug and optimize performance. Attendees should have some basic understanding of operating system principles and application performance analysis.

Applications are becoming more complex every day, and many of the new Solaris features significantly reduce the effort required to administer and anazlyze performance of the entire application and operating system stack. In this class we provide an architectual overview of the major Solaris subsystems, and methodologies for the end-to-end analysis and control.

Topics include:

  • Kernel debugging/monitoring tools
    • Introduction to core file analysis
    • Mastering Solaris DTrace
    • How to debug/monitor with 'mdb'
  • Performance monitoring and tuning
    • Using DTrace for performance optimization
    • Overview of Solaris perf tools
  • Process management & scheduling
    • Introduction to the Solaris process and thread model
    • Developing and tuning multi-threaded processes
    • Observing debugging processes with the ptools
    • Controlling processes with ptools
    • Introduction to scheduling
    • Controlling and observing scheduling behavior
  • File systems
    • Overview of Solaris file system architecture
    • Understanding caching
    • File systems in Solaris - UFS, NFS and the new S10 ZFS
    • Measurement and tuning
  • Memory
    • Overview of Solaris virtual memory
    • Observing and managing memory
    • Understanding memory utilization, optimizing and monitoring
  • Workload consolidation and resource management
    • Introduction to tools for workload and resource management
    • Workload measurement
    • Using Solaris resource manager to isolate and control workloads
    • Using zones to containerize applications

James Mauro (S4) is a Senior Staff Engineer in the Performance and AvailabilityJames Mauro Engineering group at Sun Microsystems. Jim's current projects are focused on quantifying and improving enterprise platform availability, including minimizing recovery times for data services and Solaris. Jim co-developed a framework for system availability measurement and benchmarking, and is working on implementing this framework within Sun.

Richard McDougall (S4) is a Sun Microsystems Distinguished Engineer who specializes in Richard McDougalloperating systems technology and system performance. He is based at the Menlo Park Performance and Availability Engineering group, where he drives development of performance and behavior enhancements to the Solaris operating system and Sun's hardware architectures. He has led the development of resource management principles, has contributed to the development of virtual memory and file systems within the Solaris operating system, and has architected many tools for analysis, monitoring, and capacity planning. He is the lead author for Resource Management (Prentice Hall). He has written numerous articles and papers on measurement, monitoring, and capacity planning of Solaris systems and frequently speaks at industry and customer technical conferences on the topics of system performance and resource management.

Richard and Jim authored Solaris Internals: Architecture Tips and Techniques (Sun Microsystems Press/Prentice Hall, Feb 2000, ISBN 0-13-022496-0) and are currently collaborating on an update of the book for Solaris 8, as well as volume II.

S5 Bridges, Routers, Switches, and Internetworking Protocols
Radia Perlman, Sun Microsystems
9:00 a.m.–5:00 p.m.

Who should attend: Anyone who might need to design a protocol, implement a protocol, write network-based applications, or plan or manage a network. Anyone who is just curious about what is really going on under the covers in a network, and how things got the way they are. Anyone with the courage to see things from different angles, and not just parrot orthodoxy. Paradoxically, this tutorial is good as an introduction to people who are incredibly confused by all the terms and don't know where to start, as well as people who have been using this stuff for years, assumed they understood it, and want to see how all the pieces fit.

The concepts of IP addresses, masks, MAC addresses, routing algorithms, domains, switches, bridges, are pervasive when dealing with networks. We all use these terms, and configure these things, but what is really going on? What are the implications of choosing a switch vs a router? What kinds of things can go wrong in a protocol that is misdesigned, misimplemented, or mismanaged? This tutorial describes the major protocols involved in the network infrastructure. It describes conceptually what goes on in the packet switches (both layer 2/bridges and layer 3/routers), as well as the implications on endnodes. It contrasts connection-oriented approaches such as ATM and MPLS with connectionless approaches such as IPv4 and IPv6. It covers the endnode-visible pieces of layer 3, such as neighbor-discovery and address autoconfiguration. It covers intradomain routing algorithms (distance vector such as RIP and link state such as OSPF or IS-IS) and interdomain (BGP). It describes the spanning tree algorithm used by bridges/switches.

Topics include:

  • Layer 2 (MAC) addresses
    • Why 6 bytes?
    • Relation to layer 3 addresses (IP)
  • Bridges
    • Basic idea
    • Why it's more powerful than a repeater
    • Station address learning and forwarding
    • Spanning tree
  • What are switches? "switched Ethernet"
  • Connection-oriented networks: ATM, MPLS
  • Connectionless protocols: IPv4, IPv6, and comparison with others
  • Neighbor discovery (ARP, DHCP)
  • Routing (distance vector vs link state, interdomain vs intradomain)
  • IP Multicast
  • NAT

Radia Perlman (S5, M5) is a Distinguished Engineer at Sun Microsystems. She is knownRadia Perlman for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage-proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols and co-author of Network Security: Private Communication in a Public World, two of the top ten networking reference books, according to Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.

S6 Essential Topics in System Administration NEW!
Trent Hein and Ned McClain, Applied Trust Engineering
9:00 a.m.–5:00 p.m.

Who should attend: System and network administrators who are interested in picking up several new technologies quickly.

Topics include:

  • BIND9 Tips and Tricks: A Better DNS
    Most sites have migrated to BIND9, but are you really getting the most out of this major rewrite of the Internet's most popular nameserver? Learn about powerful new functionality such as split views, remote management, and even DNSSEC. This topic is a must for every modern administrator.
  • Rapid Linux Disaster Recovery
    Tape backups are essential, but they are not an efficient way to restore a server in an emergency. We evaluate the ins and outs of Mondo, an open source disaster recovery tool that can create bootable recovery CDs from any Linux server. When used in tandem with a solid tape backup system, Mondo recovery CDs can reduce "bare metal" recovery time from hours to minutes.
  • Linux Kernel Tuning
    As Linux's popularity in production environments grows, so does your need to know how to tune the Linux kernel, whether performance, security, or functionality is your goal. We'll give you the what-tos, the how-tos," and even the what-you-can'ts of this rare art.
  • Practical Integration of UNIX and Active Directory
    With Active Directory, Microsoft introduced an open LDAP directory that has become the de facto authentication store at many organizations. UNIX/Linux administrators are often tasked with the unthinkable: to integrate UNIX authentication with Active Directory. We'll not only explore the standard integration tools, such as OpenLDAP, PAM, and NSS, but will show you how to create custom scripts to manage Active Directory from UNIX.
  • Performance Crises Case Studies
    Don't miss the latest episode of this incredibly popular segment! We've taken a new set of real-life system administration performance crises and dissected them, providing insight on how to diagnose and remedy situations that you may someday face.
  • Custom Open Source Performance Monitoring
    Most organizations have monitoring systems that provide real-time problem alerts, but few can produce graphs of resource utilization over time. We provide practical examples of extending a monitoring system to collect historical performance trends. We'll use examples specific to Nagios and RRDtool, but the lessons and gotchas discussed here will prove useful to anyone looking to implement any new monitoring system.
Trent Hein (S6, M6) is co-founder of Applied Trust Engineering, a leader in holistic  Trent Hein infrastructure and security. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in Computer Science from the University of Colorado.

Ned McClain (S6, M6), co-founder and CTO of Applied Trust Engineering, lectures around the globe Ned McClain on applying cutting-edge technology in production computing environments. Ned holds a B.S. in Computer Science from Cornell University and is a contributing author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook.

S7 An Introduction to OpenAFS and Its Administration NEW!
Esther Filderman, Pittsburgh Supercomputing Center, and Alf Wachsmann, Stanford Linear Accelerator Center
9:00 a.m.–5:00 p.m.

Who should attend: Anyone looking to learn more about OpenAFS and how to set up and administer an OpenAFS cell.

AFS is a global distributed file system which works on many different operating systems (UNIX, Windows, Mac OS). It is ideal for sharing data and software in a heterogeneous distributed computing environment. Now that AFS has become available through an open source license, it is available to sites and IT groups of all sizes. Although the use of AFS is simple, setting up your own AFS servers can be a rather daunting task.

Topics include:

  • Overview of AFS concepts and semantics
  • Setting up and managing the AFS client (even without your own servers)
  • A working outline of the AFS server processes and how they play together
  • How to set up a new AFS cell: design decisions, initial setup, planning for the future
  • Authentication issues: Native KAS vs. Kerberos5
  • Backups: How and what to choose to use
  • AFS tools to make everything from maintenance to monitoring easier

Esther Filderman (S7) has been working with AFS since its infancy at CMU, before it Esther Filderman was called AFS, and is currently Senior Operations Specialist and AFS administrator for the Pittsburgh Supercomputing Center. She has been working to bring AFS content to LISA conferences since 1999. She is also coordinating documentation efforts for the OpenAFS project.

Alf Wachsmann (S7) is working at the Stanford Linear Accelerator Center (SLAC) in Alf Wachsmann the Computing Services' High-Performance Computing Group, where he is an infrastructure designer and automation specialist. He has a doctor's degree in natural sciences obtained in Computer Science at the University of Paderborn (Germany). He worked as a post-doc in the computing center of DESY Zeuthen (Germany) before he came to SLAC in 1999.

S8 Network Security Profiles: Protocol Threats, Intrusion Classes, and How Hackers Find Exploits NEW!
Brad C. Johnson, SystemExperts Corporation
9:00 a.m.–5:00 p.m.

Who should attend: Administrators, managers, auditors, those being audited, those responsible for responding to intrusions or responsible for network resources that might be targets for crackers, hackers, or determined intruders.

Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will include small amounts of HTML, JavaScript, and Tcl code and show command-line arguments and GUI-based applications.

This tutorial is focused on helping you understand how people profile your network to identify resources that might be vulnerable to attack. Simply put, the more information somebody can generate about your site (by profiling it), the more likely it is that they will be able to exploit something on it. This course will also help you recognize common protocol threats and intrusion classes.

Topics include:

  • Profiling your network and system
    • Methods and tools
    • An example of a profile
  • Intrusions
    • Awareness and statistics
    • Examples of intrusions
    • Common intrusion areas
      • Web servers
      • Web applications
      • Wireless infrastructure
      • Modems
  • Discovery/profiling tools
    • Tools: nmap, ntop, nessus, nikto, Satan/Saint/Sara, curl, dsniff, whisker, netstumbler, Websleuth
    • Understanding protocol tunneling
  • Protocol profiling threats
    • DNS
    • SNMP
    • Issues with handhelds
    • Web infrastructure

Brad C. Johnson (S8, M8) is vice president of SystemExperts Corporation. He has Brad C. Johnsonparticipated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has been published in such journals as Digital Technical Journal, IEEE Computer Society Press, Information Security Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

S9 Advanced Perl Programming NEW!
Tom Christiansen, Consultant
9:00 a.m.–5:00 p.m.

Who should attend: Anyone with a journeyman-level knowledge of Perl programming who wants to hone Perl skills. This class will cover a wide variety of advanced topics in Perl, including many insights and tricks for using these features effectively. After completing this class, attendees will have a much richer understanding of Perl and will be better able to make it part of their daily routine.

Topics include:

  • Symbol tables and typeglobs
    • Symbolic references
    • Useful typeglob tricks (aliasing)
  • Modules
    • Autoloading
    • Overriding built-ins
    • Mechanics of exporting
    • Function prototypes
  • References
    • Implications of reference counting
    • Using weak references for self-referential data structures
    • Autovivification
    • Data structure management, including serialization and persistence
    • Closures
  • Fancy object-oriented programming
    • Using closures and other peculiar referents as objects
    • Overloading of operators, literals, and more
    • Tied objects
  • Managing exceptions and warnings
    • When die and eval are too primitive for your taste
    • The use warnings pragma
    • Creating your own warnings classes for modules and objects
  • Regular expressions
    • Debugging regexes
    • qr// operator
    • Backtracking avoidance
    • Interpolation subtleties
    • Embedding code in regexes
  • Programming with multiple processes or threads
    • The thread model
    • The fork model
    • Shared memory controls
  • Unicode and I/O layers
    • Named Unicode characters
    • Accessing Unicode properties
    • Unicode combined characters
    • I/O layers for encoding translation
    • Upgrading legacy text files to Unicode
    • Unicode display tips
  • What's new in Perl lately
    • Switch statement
    • Defined-or operators
    • Pre-compiled modules
    • Dynamic handles
    • Virtual I/O through strings

Tom Christiansen (S9) has been involved with Perl since day zero of its initial public release Tom Christiansen in 1987. Author of several books on Perl, including The Perl Cookbook and Programming Perl from O'Reilly, Tom is also a major contributor to Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a Master's in computer science. He now lives in Boulder, Colorado.

Monday, November 15, 2004
M1 Hands-On Linux Security Class: Learn How to Defend Linux/UNIX Systems by Learning to Think Like a Hacker (Day 2 of 2) NEW!
Rik Farrow, Security Consultant
9:00 a.m.–5:00 p.m.

See Part 1, S1, for the description of the first day of this tutorial.

Day two of this class focuses on practical forensics, that is, how to analyze a possibly hacked Linux or UNIX system from a system administrator's perspective. As a system administrator, you will not be acting as law enforcement, trying to find the perpetrator, but instead will be working as quickly as possible with the goal of uncovering what went wrong. Finding rootkits and backdoors on a sample hacked system gives you an idea of what you might find on other similar systems. You can also get clues about the nature of the attack by discovering the tools left behind on a system by an attacker.

The final portion of this class focuses on patching, with a discussion of cfengine. As this is the second day of a two-day, hands-on course, we will not repeat material covered on the first day, including getting the CD working with your laptop. If you plan on attending the course only the second day, you might want to contact the instructor before the class and get a test CD to ensure that your laptop will work in the classroom environment.

Exercises include:

  • John the Ripper, password cracking
  • Using and modifying KNOPPIX Linux boot CD
  • Elevation of privilege and suid shells
  • Rootkits, and finding rootkits (chkrootkit)
  • Sleuth Kit (looking at intrusion timelines)
  • iptables and netfilter
  • cfengine configuration

Rik Farrow (S1, M1) provides UNIX and Internet security consulting and training. Rik Farrow He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught at the IRS, Department of Justice, NSA, NASA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security, published by Addison-Wesley in 1991, and System Administrator's Guide to System V (Prentice Hall, 1989). Farrow writes a column for ;login: and a network security column for Network magazine. Rik lives with his family in the high desert of northern Arizona and enjoys hiking and mountain biking when time permits.

M2 System and Network Monitoring: Tools in Depth
John Sellens, Certainty Solutions
9:00 a.m.–5:00 p.m.

Who should attend: Network and system administrators ready to implement comprehensive monitoring of their systems and networks using the best of the freely available tools. Participants should have an understanding of the fundamentals of networking, familiarity with computing and network components, UNIX system administration experience, and some understanding of UNIX programming and scripting languages.

This tutorial will provide in-depth instruction in the installation and configuration of some of the most popular and effective system and network monitoring tools, including Nagios, Cricket, MRTG, and Orca.

Participants should expect to leave the tutorial with the information needed to immediately implement, extend, and manage popular monitoring tools on their systems and networks.

Topics include, for each of Nagios, Cricket, MRTG, and Orca:

  • Installation—Basic steps, prerequisites, common problems, and solutions
  • Configuration, setup options, and how to manage larger and non-trivial configurations
  • Reporting and notifications—proactive and reactive
  • Special cases—how to deal with interesting problems
  • Extending the tools—how to write scripts or programs to extend the functionality of the basic package
  • Dealing effectively with network boundaries and remote sites
  • Security concerns and access control
  • Ongoing operation
John Sellens (S2, M2) has been involved in system and network administration John Sellens since 1986 and is the author of several related USENIX papers, a number of ;login: articles, and SAGE booklet #7, System and Network Administration for Higher Reliability. He holds an M.Math. in computer science from the University of Waterloo and is a chartered accountant. He is the proprietor of SYONEX, a systems and networks consultancy. From 1999 to 2004, he was the General Manager for Certainty Solutions in Toronto. Prior to joining Certainty, John was the Director of Network Engineering at UUNET Canada and was a staff member in computing and information technology at the University of Waterloo for 11 years.

M3 Advanced Solaris System Administration Topics UPDATED!
Peter Baer Galvin, Corporate Technologies, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

We will discuss the major new features of recent Solaris releases, including which to use (and how) and which to avoid. This in-depth course will provide the information you need to run a Solaris installation effectively. This tutorial has been updated to include Solaris 10 features and functions.

Topics include:

  • Installing and upgrading
    • Architecting your facility
    • Choosing appropriate hardware
    • Planning your installation, filesystem layout, post-installation steps
    • Installing (and removing) patches and packages
    • Avoiding single points of failure
  • Advanced features of Solaris 2
    • Filesystems and their uses
    • The /proc filesystem and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris
    • High availability essentials: disk failures and recovery, RAID levels, uses and performance, H/A technology and implementation
    • Performance: how to track down and resolve bottlenecks, Solaris Resource Manager
    • Tools: useful free tools, tool use strategies
    • Security: locking down Solaris, system modifications, tools, SunScreen
    • Resources and references

Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, Peter Baer Galvin and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

M4 System Log Aggregation, Statistics, and Analysis NEW!
Marcus Ranum, Trusecure Corp.
9:00 a.m.–5:00 p.m.

Who should attend: System and network administrators who are interested in learning what's going on in their firewalls, servers, network, and systems; anyone responsible for security and audit or forensic analysis.

This tutorial covers techniques and software tools for building your own log analysis system, from aggregating all your data in a single place, through normalizing it, searching, and summarizing, to generating statistics and alerts and warehousing it. We will focus primarily on open source tools for the UNIX environment, but will also describe tools for dealing with Windows systems and various devices such as routers and firewalls.

Topics include:

  • Estimating log quantities and log system requirements
  • Syslog: mediocre but pervasive logging protocol
  • Back-hauling your logs
  • Building a central loghost
  • Dealing with Windows logs
  • Logging on Windows loghosts
  • Parsing and normalizing
  • Finding needles in haystacks: searching logs
  • I'm dumb, but it works: artificial ignorance
  • Bayesian spam filters for logging
  • Storage and rotation
  • Databases and logs
  • Leveraging the human eyeball: graphing log data
  • Alerting
  • Legalities of logs as evidence
Marcus Ranum (M4, W2) is senior scientist at Trusecure Corp. and a world-renowned expertMarcus Ranum on security system design and implementation. He is recognized as the inventor of the proxy firewall and the implementer of the first commercial firewall product. Since the late 1980s, he has designed a number of groundbreaking security products, including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC Clue award for service to the security community, and he holds the ISSA lifetime achievement award.

M5 Network Security Protocols: Theory and Current Standards
Radia Perlman, Sun Microsystems, and Charlie Kaufman, Microsoft
9:00 a.m.–5:00 p.m.

Who should attend: Anyone who wants to understand the theory behind network security protocol design, with an overview of the alphabet soup of standards and cryptography. This tutorial is especially useful for anyone who needs to design or implement a network security solution, but it is also useful to anyone who needs to understand existing offerings in order to deploy and manage them. Although the tutorial is technically deep, no background other than intellectual curiosity and a good night's sleep in the recent past is required.

First, without worrying about the details of particular standards, we discuss the pieces out of which all these protocols are built.

We then cover subtle design issues, such as how secure email interacts with distribution lists, how designs maximize security in the face of export laws, and the kinds of mistakes people generally make when designing protocols.

Armed with this conceptual knowledge of the toolkit of tricks, we describe and critique current standards.

Topics include:

  • What problems are we trying to solve?
  • Cryptography
  • Key distribution
    • Trust hierarchies
    • Public key (PKI) vs. secret key solutions
  • Handshake issues
    • Diffie-Hellman
    • Man-in-middle defense
    • Perfect forward secrecy
    • Reflection attacks
  • PKI standards
    • X.509
    • PKIX
  • Real-time protocols
    • SSL/TLS
    • IPsec (including AH, ESP, and IKE)
  • Secure email
  • Web security
    • URLs
    • HTTP, HTTPs
    • Cookies

Radia Perlman (S5, M5) is a Distinguished Engineer at Sun Microsystems. She is known Radia Perlman for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage-proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols and co-author of Network Security: Private Communication in a Public World, two of the top ten networking reference books, according to Network Magazine. She is one of the twenty-five people whose work has most influenced the networking industry, according to Data Communications Magazine. She has about fifty issued patents, an S.B. and S.M. in mathematics and a Ph.D. in computer science from MIT, and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.

Charlie Kaufman (M5) is Security Architect for the Common Language Runtime group at Charlie Kaufman Microsoft. He is editor of the new Internet Key Exchange (IKEv2) protocol for the IPsec working group of IETF. He has contributed to a number of IETF standards efforts, including chairing the Web Transaction Security WG, and serving as a member of the Internet Architecture Board (IAB). He served on the National Academy of Sciences expert panel which wrote the book "Trust in Cyberspace". He was previously a Distinguished Engineer at IBM, where he was Chief Security Architect for Lotus Notes and Domino, and before that Network Security Architect for Digital. He holds over 25 patents in the fields of computer security and computer networking. He is coauthor of Network Security: Private Communication in a Public World (Prentice Hall, 2002).

M6 Six More Essential Topics in System Administration NEW!
Trent Hein and Ned McClain, Applied Trust Engineering
9:00 a.m.–5:00 p.m.

Who should attend: System and network administrators who are interested in picking up several new technologies quickly.

Topics include:

  • Practical Network Intrusion Detection
    Network intrusion detection has recently matured enough to be useful at some organizations. Before investing in a massive commercial NIDS implementation, join us for a discussion of the latest in this field. We'll evaluate the strengths and weaknesses of various technologies, and what might work best for your organization. In addition, we will arm you with enough practical information to deploy an open source NIDS in your environment.
  • Deploying Secure Linux Systems
    What needs to be done to secure a new Linux system before you connect to the network? We'll walk through the essentials of locking down a modern Linux system and provide tricks to manage its long-term security. These techniques will help you sleep at night and avoid security headaches down the road.
  • Effective Log Analysis with SEC
    Server and network device logs are one of the most useful sources of performance and security information. Unfortunately, organizations often ignore system logs, either from lack of time to analyze the logs or out of frustration with automated analysis tools. We discuss the Simple Event Correlator, an open source tool for parsing log messages that is particularly easy to use and configure.
  • Stateful Firewalls
    Keeping up with the latest security technology can be a challenge, but it is essential if you are to prevent unwanted intrusions. We'll cover the latest in basic firewall technology on both Cisco and Linux platforms. Specific topics covered include context-based access control, reflexive access lists, and stateful filtering on Linux systems using iptables.
  • Security Incident Handling
    You've been vigilant about your site's security, but the day still comes when you detect an intruder. How do you handle the situation, analyze the intrusion, and restore both security and confidence to your environment? This crash course in incident handling will give you the skills you need to assemble a plan at your site to deal with the unthinkable.
  • Security Crisis Case Studies
    Before your very eyes, we'll dissect a set of real-life security incident case studies using many tools available on your system or downloadable from the Net. We'll specifically describe how to avoid common security-incident pitfalls, and we'll cover the basics of incident investigation.

Trent Hein (S6, M6) is co-founder of Applied Trust Engineering, a leader in Trent Hein holistic infrastructure and security. Trent worked on the 4.4 BSD port to the MIPS architecture at Berkeley, is co-author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook, and holds a B.S. in Computer Science from the University of Colorado.

Ned McClain (S6, M6) co-founder and CTO of Applied Trust Engineering, lectures around the globe Ned McClain on applying cutting-edge technology in production computing environments. Ned holds a B.S. in Computer Science from Cornell University and is a contributing author of both the UNIX Systems Administration Handbook and the Linux Administration Handbook.

M7 Designing, Implementing and Using PKI to Provide Enterprise Security Services NEW!
Steve Acheson and Doug Dexter, Cisco Systems
9:00 a.m.–12:30 p.m.

Who should attend: Developers, technical implementers, and managers considering or already involved with providing a security service based on digital certificates.

PKI has received a bad reputation as being too expensive, too difficult, and short on payoff. This tutorial provides concrete examples of working PKI solutions that solve critical business issues relating to code-signing, device identification, application identity, and VPN and wireless credential management.

Topics include:

  • Public/private key pairs
  • Certificates
  • Other tools used to provide security services via a public key infrastructure
  • PKI trust models
  • Enterprise services a PKI can provide

Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco Systems, Inc., Steve Achesonwhere he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field for over 15 years as a system administrator, network engineer, and security analyst.

Doug Dexter (M7) has been an Information Security Architect with CiscoDoug Dexter Systems Corporate Information Security Department for six years. He and Steve Acheson are the architects for Cisco's internal PKI deployment, which provides certificates and signs the production code for IP phones, call managers, and cable modems. Prior to working at Cisco, Doug was in the US Army for 11 years and is currently a Major in an Army Reserve Information Warfare unit. He holds an M.B.A. from the University of Texas at Austin with a concentration in Information Systems, Controls, and Assurance, and is a CISSP and an MCSE.

M8 Security Standards and Why You Need to Understand Them NEW!
Brad C. Johnson and Richard E. Mackey, Jr., SystemExperts Corporation
9:00 a.m.–12:30 p.m.

Who should attend: Administrators, technicians, and managers at any level who need to understand the gist of the key security standards and the laws and industry trends that are making these standards critical to doing business.

Organizations are turning to security standards both to measure and to document the completeness and adequacy of their security program. You may need to simply put a check in the box that says you "substantially comply" with a particular standard or you may need to prove to yourself, customers, and partners that you follow acceptable security practices. Unfortunately, organizations do not have a widely accepted method to prove they are secure. We look to security standards to meet this need.

Computer security has seen a number of standards, compliance specifications, and certification authorities. Today, a few are beginning to gain acceptance by industry groups, but it is still difficult to tell which of these will stand the test of time and practicality. Consequently, it's important to understand, at least at a high level, what the most popular initiatives are attempting to do, what problems these standards address, and the value they provide.

Topics include:

  • Why: The motivations
    • Laws: Sarbanes-Oxley, Gramm-Leach-Bliley
    • Partnerships
    • Internal audits
  • What: The standards
    • ISO 17799
    • SAS
  • How: The mechanisms
    • ISO 17799 reviews and certifications
    • Security audits
    • Security assessments
    • Information criticality assessment (e.g., NSA IAM)
    • Penetration and application testing

Brad C. Johnson (S8, M8) is vice president of SystemExperts Corporation. He has Brad C. Johnsonparticipated in seminal industry initiatives such as the Open Software Foundation, X/Open, and the IETF, and has been published in such journals as Digital Technical Journal, IEEE Computer Society Press, Information Security Magazine, Boston Business Journal, Mass High Tech Journal, ISSA Password Magazine, and Wall Street & Technology. Brad is a regular tutorial instructor and conference speaker on topics related to practical network security, penetration analysis, middleware, and distributed systems. He holds a B.A. in computer science from Rutgers University and an M.S. in applied management from Lesley University.

Richard E. Mackey, Jr. (M8) is principal of SystemExperts Corporation. Dick Mackey is regarded asRichard E. Mackey, Jr. one of the industry's foremost authorities on distributed computing infrastructure and security. Before joining SystemExperts, he worked in leading technical and director positions at The Open Group, The Open Software Foundation (DCE), and BBN Corporation (Cronus Distributed Computing Environment). He has been published often in security magazines such as ISSA Password, .NET, Information Security, and SC Secure Computing. He is a regular speaker on computer security topics at various industry conferences. Dick has a B.S. and an M.S. in Electrical and Computer Engineering from the University of Massachusetts at Amherst.

M9 Revenge of the Three-Headed Dog NEW!
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–12:30 p.m.

Who should attend: Administrators who want to understand Kerberos 5 implementations on both UNIX/Linux and Windows clients and servers.

For many organizations, Kerberos is an an old technology that has been driven to the forefront by deployments of Microsoft Active Directory domains. The introduction of a standard authentication protocol into Windows domains has caused many network administrators to reexamine ways to integrate UNIX/Linux and Windows clients in a single authentication model.

Topics include:

  • Key concepts of the Kerberos 5 protocol
  • Specific related authentication interfaces such as SASL and GSSAPI
  • The specifics of implementing of Krb5 realms
  • Implementations of Krb5 cross-realm trusts
  • Integration of Windows and UNIX/Linux clients into Krb5 realms
  • Possible pitfalls of using popular Krb5 implementations such as MIT, Heimdal, and Windows 200x

Gerald Carter (M9, T2, R2) has been a member of the SAMBA development Team since 1998. HeGerald Carter has published articles with various Web-based magazines and teaches courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration for O'Reilly Publishing.

M10 Over the Edge System Administration, Volume 1 NEW!
David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.

Who should attend: Old-timers who think they've already seen it all, and those who want to develop inventive thinking early in their career. Join us and be prepared to be delighted, disgusted, and amazed. Most of all, be ready to enrich your network and system adminstration by learning to be different.

It's time to learn how to break the rules, abuse the tools, and generally turn your system administration knowledge inside out. This class is a cornucopia of ideas for creative ways to take the standard (and sometimes not-so-standard) system administration tools and techniques and use them in ways no one would expect. We'll also cover some tools you may have missed.

Topics include:

  • How to (ab)use perfectly good network transports by using them for purposes never dreamed of by their authors
  • How to increase user satisfaction during downtimes with 6 lines of Perl
  • How to improve your network services by intentionally throwing away data
  • How to drive annoying Web-only applications that don't have a command line interface—without lifting a finger
  • How to use ordinary objects you have lying around the house, such as Silly Putty, to make your life easier (seriously!)

David N. Blank-Edelman (M10, R3, R6) is the Director of Technology at the Northeastern University College of David N. Blank-EdelmanComputer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 19 years as a system/network administrator in large multi- platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has given several successful invited talks off the beaten path at LISA.

M11 Troubleshooting: A Basic Skill NEW!
Geoff Halprin, The SysAdmin Group
1:30 p.m.–5:00 p.m.

Who should attend: System administrators wishing to hone their ability to troubleshoot a problem under pressure, on a system of which their knowledge may be limited.

One of the most basic skills a system administrator must be able to call upon is that of problem diagnosis and resolution, that is, troubleshooting. It doesn't matter what else you do; if the system is broken, your priority is to fix it.

Topics include:

  • A general process for troubleshooting
  • Specific techniques that will help you get to the root of the problem
  • Ways to identify candidate solutions with confidence

Geoff Halprin (M11) has spent over 25 years as a software developer, Geoff Halprin system administrator, consultant, and troubleshooter. He has written software from system management tools to mission-critical billing systems, has built and run networks for enterprises of all sizes, and has been called upon to diagnose problems in every aspect of computing infrastructure and software. He has spent more years troubleshooting other people's systems and programs than he cares to remember. Geoff was on the board of the System Administrators Guild (SAGE) and is now a member of the USENIX board of directors.

M12 Beyond Shell Scripts: 21st-Century Automation Tools and Techniques
Æleen Frisch, Exponential Consulting
1:30 p.m.–5:00 p.m.

Who should attend: System administrators who want to explore new ways of automating administrative tasks. Shell scripts are appropriate for many jobs, but more complex operations will often benefit from sophisticated tools.

Topics include:

  • Automating installations
    • Vendor-supplied tools
    • Alternative approaches
    • State-of-the-art package control
    • Heterogeneous environments
  • Other Tools
    • Expect: Automating interactive processes
      • What to Expect . . .
      • Using Expect with other tools
      • Security issues
    • Amanda, an enterprise backup management facility
      • Prerequisites
      • Configuration
      • Getting the most from Amanda
    • STEM, a new package for automating network operations
      • Understanding the context and tool capabilities
      • Sample applications
      • Performance and security issues
    • Nagios: Monitoring network and device performance
      • How it works
      • Sample configurations
      • Extending Nagios
    • RRDTool: Examining retrospective system data
      • Basic operation
      • Advanced graphing
      • Options for data collection

Æleen Frisch (M12, T3) has been a system administrator for over 20 years. She currently looks Aeleen Frischafter a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).

Tuesday, November 16, 2004
T1 Network Security Assessments Workshop—Hands-On (Day 1 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.

How do you test a network for security vulnerabilities? Just plug some IP addresses into a network-scanning tool and click SCAN, right? If only it were that easy. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are fraught with dangers: accidental denial-of-service, false positives, false negatives, and long-winded reporting, to name but a few. Performing a security assessment (a.k.a. vulnerability assessment or penetration test) against a network environment requires preparation, the right tools, methodology, knowledge, and more. This hands-on workshop will cover the essential topics for performing an effective and safe network assessment.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • Preparation: What you need before you even begin
  • Safety measures: This often-overlooked topic will cover important practical steps to minimize or eliminate adverse effects on critical networks
  • Architecture considerations: Where you scan from affects how you perform the assessment
  • Inventory: Taking an accurate inventory of active systems and protocols on the target network
  • Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
  • Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
  • Research and development: What to do when existing tools don't suffice
  • Documentation and audit trail: How to keep accurate records easily
  • How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.

Day 1

  • Lab setup and preparation
  • Security assessment overview
    • Types of assessments
    • Choosing an assessment approach
  • Assessment preparation
    • Defining the purpose
    • Rules of engagement
    • Assessment logistics
    • Open vs. closed testing
    • Passive vs. active testing; depth of testing
    • Denial of service (DoS)
    • Enumeration of target information
    • Permission
  • Assessment safety
    • Verification of tool authenticity
    • Vetting tools
    • Safety concepts
    • The dangers of automated scanners
    • Automated tool safety summary
  • Documentation and audit trail
  • Assessment phase 1: network inventory
    • Ping scanning
    • Discrete port scanning (host inventory only)
    • DNS queries
    • Traceroute
    • ARP scanning

Day 2

  • Assessment phase 2: target analysis
    • TCP port scanning
    • UDP port scanning
    • SNMP
  • Assessment phase 3: exploitation and confirmation
    • Automated vulnerability scanning tools
    • (Online) brute-force attacks
    • (Offline) password cracking
    • Manual testing
  • Special consideration testing
    • Firewalls and routers
    • Auditing email servers
    • Web servers
    • Stealth technique summary
  • Vulnerability scanning tools
    • Automated scanning tools
    • Commercial scanners
  • Nessus
    • Nessus Clients
    • Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

T2 Implementing LDAP Directories
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.

Who should attend: Both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

System administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up-and-coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

Topics include:

  • Replacing NIS domains
  • Integrating Samba user accounts
  • Authenticating RADIUS clients
  • Integrating MTAs such as Sendmail, Qmail, or Postfix
  • Creating address books for mail clients
  • Managing user access to HTTP and FTP services
  • Storing DNS zone information
  • Managing printer information
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. Gerald Carter He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

T3 Administering Linux in Production Environments
Æleen Frisch, Exponential Consulting
9:00 a.m.–5:00 p.m.

Who should attend: Both current Linux system administrators and administrators from sites considering converting to Linux or adding Linux systems to their current computing resources. We will be focusing on the administrative issues that arise when Linux systems are deployed to address a variety of real-world tasks and problems arising from both commercial and research and development contexts.

Topics include:

  • Recent kernel developments
  • High-performance I/O
    • Advanced filesystems and logical volumes
    • Disk striping
    • Optimizing I/O performance
  • Advanced compute-server environments
    • Beowulf
    • Clustering
    • Parallelization environments/facilities
    • CPU performance optimization
  • High availability Linux: fault tolerance options
  • Enterprise-wide authentication
  • Fixing the security problems you didn't know you had (or, what's good enough for the researcher/hobbyist won't do for you)
  • Automating installations and other mass operations
  • Linux in the office environment

Æleen Frisch (, M12, T3) has been a system administrator for over 20 years. Aeleen Frisch She currently looks after a pathologically heterogeneous network of UNIX and Windows systems. She is the author of several books, including Essential System Administration (now in its 3rd edition).

 

T4 Advanced Technology in Sendmail NEW!
Eric Allman, Sendmail, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: System administrators who want to learn more about the Sendmail program, particularly details of configuration and operational issues. This tutorial assumes that you are already familiar with Sendmail, including installation, configuration, and operation.

In the past few years the face of email has changed dramatically. No longer is it sufficient to use the default configurations, even in single-user systems. Spam, regulation, high loads, and increased concerns about privacy and authentication have caused major changes in sendmail and in the options available to you.

After a very brief review of Sendmail functionality and terminology, we will explore some of the newer important features.

Topics include:

  • SMTP authentication
  • TLS encryption
  • The Milter (mail filter interface)
  • Many of the newer policy control interfaces
This will be an intense, fast-paced tutorial. It is strongly recommended that you have read or are familiar with the materials in the Sendmail book published by O'Reilly and Associates, preferably the 3rd edition (but at least the 2nd edition).

Eric Allman (T4) is the original author of Sendmail, co-founder and CTO of Sendmail, Inc.,Eric Allman and co-author of Sendmail, published by O'Reilly. At U.C. Berkeley, he was the chief programmer on the INGRES database management project, leader of the Mammoth project, and an early contributer to BSD, authoring syslog, tset, the -me troff macros, and trek. Eric designed database user and application interfaces at Britton Lee (later Sharebase) and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. Eric is on the Editorial Review Board of ACM Queue magazine and is a former member of the Board of Directors of the USENIX Association.

T5 VoIP Principles and Implementation with Asterisk NEW!
Heison Chak, SOMA Networks
9:00 a.m.–5:00 p.m.

Who should attend: Managers and system administrators involved in the evaluation, design, implementation, and deployment of VoIP infrastructures. Participants do not need prior exposure to VoIP but should understand the principles of networking. Attendees will come away from this tutorial with strategies for cost -saving improvements to their existing infrastructures and practical information on deploying VoIP in a variety of environments.

This tutorial will cover VoIP principles, VoIP networks, and their interaction and interface with the traditional PSTN (Public Switched Telephone Network) and IP networks. The tutorial will compare a number of widely used codecs (voice encoders) and VoIP protocols. As well, The Asterisk open source PBX will be presented to demonstrate VoIP principles and applications.

Topics include:

  • PSTN overview
  • VoIP basics
    • Codecs (G.711, G.729, etc.)
    • Protocols (SIP, IAX, etc.)
    • Performance metrics (jitter, latency, etc.)
  • VoIP networks (FWD, IAXtel, etc.)
  • Implementation examples with Asterisk
    • Hardware
    • IVR (interactive voice response)
    • Dialplan
    • TTS (text to speech) applications
Heison Chak (T5) works for SOMA Networks as a network engineer, focusing on networkHeison Chak management and performance analysis as well as the implementation of data and voice networks. He has undertaken to design a VoIP platform and to migrate SOMA Networks to it from an existing legacy PBX system. Chak is an active member of the Asterisk community.

T6 System and Network Performance Tuning
Marc Staveley, Soma Networks
9:00 a.m.–5:00 p.m.

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We'll examine the virtual memory system, the I/O system and the file system, NFS tuning and performance strategies, common network performance problems, examples of network capacity planning, and application issues. We'll also cover guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Analysis periods for particular situations will be provided.

Topics include:

  • Performance tuning strategies
  • Server tuning
    • Filesystem and disk tuning
    • Memory consumption and swap space
    • System resource monitoring
    • NFS issues
    • Automounter and other tricks
  • Network performance, design, and capacity planning
  • Application tuning
    • System resource usage
    • Memory allocation
    • Code profiling
    • Job scheduling and queuing
    • Real-time issues
    • Managing response time
Marc Staveley (T6) works with Soma Networks, where he is applying his many Marc Staveley years of experience with UNIX development and administration in leading their IT group. Previously Marc had been an independent consultant and also held positions at Sun Microsystems, NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, system administration, and performance tuning.

T7 Advanced Shell Programming
Mike Ciavarella, University of Melbourne
9:00 a.m.–12:30 p.m.

Who should attend: Junior or intermediate system administrators or anyone with a basic knowledge of programming, preferably with some experience in Bourne/Korn shells (or their derivatives).

The humble shell script is still a mainstay of UNIX/Linux system administration, despite the wide availability of other scripting languages. This tutorial details techniques that move beyond the quick-and-dirty shell script.

Topics include:

  • Common mistakes and unsafe practices
  • Modular shell script programming
  • Building blocks: awk, sed, etc.
  • Writing secure shell scripts
  • Performance tuning
  • Choosing the right utilities for the job
  • Addressing portability at the design stage
  • When not to use shell scripts

Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation sinceMike Ciavarella he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching Software Engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

T8 Eliminating Backup System Bottlenecks Using Disk-to-Disk and Other Methods NEW!
Jacob Farmer, Cambridge Computer Corp.
9:00 a.m.–12:30 p.m.

Who should attend: System administrators involved in the design and management of backup systems and policymakers responsible for protecting their organization's data. A general familiarity with server and storage hardware is assumed. The class focuses on architectures and core technologies and is relevant regardless of what backup hardware and software you currently use. Students will leave this lecture with immediate ideas for effective, inexpensive improvements to their backup systems.

The end may finally be in sight for the pains of backup and restore. The cost of disk storage has crossed the line: it has finally become practical to use disk to enhance or replace tape-based backup systems. In turn, software applications have come to market to facilitate the use of disk in backup systems. Now the problem is sorting out all of the options and fitting them into your existing infrastructure. This lecture identifies the major bottlenecks in conventional backup systems and explains how to address them. The emphasis is placed on the various roles inexpensive disk can play in your data protection strategy; however, attention is given to SAN-enabled backup, the current state and future of tape drives, iSCSI, and virtual tape.

Topics include:

  • Identifying and eliminating backup system bottlenecks
  • Conventional disk staging
  • Virtual tape libraries
  • Incremental forever and synthetic full backup strategies
  • Information life cycle management and nearline archiving
  • Data replication
  • Continuous backup
  • Snapshots
  • The current and future tape drives
  • Zero duplication file systems
  • iSCSCI

Jacob Farmer (T8) is the CTO of Cambridge Computer Services, a specialized integrator of Jacob Farmerbackup systems and storage networks. He has over 15 years of experience with storage technologies and writes an expert advice column for InfoStor magazine. He is currently writing a book on storage networking.

T9 Combating Spam Using Sendmail, MIMEDefang, and Perl
David Skoll, Roaring Penguin Software
9:00 a.m.–12:30 p.m.

Who should attend: System administrators, network administrators, and email administrators tackling the problem of spam in the enterprise. Participants should be familiar with Sendmail and Perl. Use of or familiarity with MIMEDefang will be helpful but not necessary to get the most out of this practical session.

This tutorial will suggest concrete steps administrators can take to reduce spam using open-source tools for UNIX and Linux.

Topics include:

  • Introduction to mail filtering
  • Introduction to Milter
  • MIMEDefang architecture
  • Writing MIMEDefang filters
  • SpamAssassin integration
  • Virus scanner integration
  • Checking address existence at the periphery
  • Streaming mail for different recipients
  • Greylisting
  • Sendmail's SOCKETMAP feature and MIMEDefang
  • Performance tuning
  • Gathering statistics
  • MIMEDefang's notification facility
The spam problem will be outlined briefly, with a focus on main techniques used by spammers. Attendees will then be shown how to use MIMEDefang Perl code to detect and combat some of those techniques. Attendees will also have the opportunity to discuss the use of MIMEDefang and Perl to achieve their specific goals.

After completing this tutorial, participants will be aware not only of top spamming techniques, but of concrete methods for combating the problem using open-source tools.

David Skoll (T9) is founder and president of Roaring Penguin Software, Inc.,David Skoll a firm specializing in email filtering. Skoll is the developer of MIMEDefang, the acclaimed open-source email inspection software, and the primary developer of CanIt and CanIt-PRO, commercial anti-spam systems based on MIMEDefang. He is author of Caldera's OpenLinux Unleashed and frequently writes and presents for the Linux and open source communities. More information can be found at https://www.roaringpenguin.com.

T10 Documentation Techniques for SysAdmins
Mike Ciavarella, University of Melbourne
1:30 p.m.–5:00 p.m.

Who should attend: System administrators who need to produce documention for the systems they manage or who want to improve their documentation skills.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Attendees should be able to make immediate, practical use of the techniques presented in this tutorial in their day-to-day tasks. Particular emphasis is placed on documentation as a time-saving tool rather than a workload imposition.

Topics include:

  • Why system administrators need to document
  • The document life cycle
  • Targeting your audience
  • An adaptable document framework
  • Common mistakes
  • Tools to assist the documentation process

Mike Ciavarella (S3, T7, T10) has been producing and editing technical documentation sinceMike Ciavarella he naively agreed to write application manuals for his first employer in the early 1980s. He has been a technical editor for MacMillan Press and has been teaching system administrators about documentation for the past eight years. Mike has an Honours Degree in Science from the University of Melbourne. After a number of years working as Senior Partner and head of the Security Practice for Cybersource Pty Ltd, Mike returned to his alma mater, the University of Melbourne. He now divides his time between teaching Software Engineering, providing expert testimony in computer security matters, and trying to complete a Doctorate. In his ever-diminishing spare time, Mike is a caffeine addict and photographer.

T11 Solaris 10 Security Features NEW!
Peter Baer Galvin, Corporate Technologies
1:30 p.m.–5:00 p.m.

Who should attend: Solaris systems managers and administrators interested in the new security features in Solaris 10 (and features in previous Solaris releases that they may not be using).

This course covers a variety of topics surrounding Solaris 10 and security. Solaris 10 includes many new features, and there are new issues to consider when deploying, implementing, and managing Solaris 10.

Topics include:

  • Solaris cryptographic framework
  • NFS V4
  • Solaris privileges
  • Solaris Flash archives and live upgrade
  • Moving from NIS to LDAP
  • Dtrace
  • WBEM
  • Smartcard interfaces and APIs
  • Kerberos enhancements
  • FTP client and server enhancements
  • PAM enhancements
  • Auditing enhancements
  • Password history checking

Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, Peter Baer Galvin and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

T12 Administering NetBackup
W. Curtis Preston, Glasshouse Technologies
1:30 p.m.–5:00 p.m.

Who should attend: Administrators and operators of medium to large NetBackup systems.

Although NetBackup can be administered relatively easily, it can also be misconfigured relatively easily. Misconfigurations can cause failed, slow, unnecessary, and unreliable backups. In addition, they can result in some filesystems or databases accidentally being excluded from the backup. This tutorial will explain in detail best practices designed to give you optimum efficiency with minimal risk, including the recent trend of using disk in your backup system. NetBackup comes with a dizzying number of options costing from hundreds to tens of thousands of dollars each. Making sense of these options can be a difficult and expensive task.

This tutorial will explain the major new features and options in NetBackup releases 4.5 and 5.x. More important, it will cover which of these features and options give you the most bang for the buck.

Topics include:

  • NetBackup architecture
    • Understanding multistreaming & multiplexing
    • Relationship between the Media Manager and NetBackup
  • Command line interface
    • Important commands to know, including some undocumented commands and options
    • bpgetconfig & bpsetconfig, my two new favorite commands
    • bpgp: the beauty and the danger
    • bppl*: configure all your policies and schedules on the command line
    • bpimagelist & bpimmedia: find those backups
    • vmquery: find those tapes
    • vmchange: move those tapes around
  • Designing a NetBackup system
    • Sizing the server
    • System architecture: what kind of servers and how many of them
    • Integrating disk into the mix

W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse Technologies, the global leader in W. Curtis Prestonindependent storage services. Curtis has ten years experience designing storage systems for many environments, both large and small. As a recognized expert in the field, Curtis has advised the major product vendors regarding product features and implementation methods. Curtis is the administrator of the NetBackup, and NetWorker FAQs, and answers the "Ask The Experts" backup forum on SearchStorage.com. He is also the author of O'Reilly's "UNIX Backup & Recovery," and "Using SANs & NAS," as well as a monthly column in Storage Magazine.

Wednesday, November 17, 2004
W1 Network Security Assessments Workshop—Hands-On (Day 2 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: Anyone who needs to understand how to perform an effective and safe network assessment.

How do you test a network for security vulnerabilities? Just plug some IP addresses into a network-scanning tool and click SCAN, right? If only it were that easy. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are fraught with dangers: accidental denial-of-service, false positives, false negatives, and long-winded reporting, to name but a few. Performing a security assessment (a.k.a. vulnerability assessment or penetration test) against a network environment requires preparation, the right tools, methodology, knowledge, and more. This hands-on workshop will cover the essential topics for performing an effective and safe network assessment.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • Preparation: What you need before you even begin
  • Safety measures: This often-overlooked topic will cover important practical steps to minimize or eliminate adverse effects on critical networks
  • Architecture considerations: Where you scan from affects how you perform the assessment
  • Inventory: Taking an accurate inventory of active systems and protocols on the target network
  • Tools of the trade: Effective use of both freeware and commercial tools, with an emphasis on common pitfalls
  • Automated scanning: Best-of-class tools, with tips (mostly vendor-neutral) on their proper use
  • Research and development: What to do when existing tools don't suffice
  • Documentation and audit trail: How to keep accurate records easily
  • How to compile useful reports: Planning for corrective action and tracking your security measures
Students will practice network assessment on a target network of Windows and UNIX-based servers and various routing components.

Day 1

  • Lab setup and preparation
  • Security assessment overview
    • Types of assessments
    • Choosing an assessment approach
  • Assessment preparation
    • Defining the purpose
    • Rules of engagement
    • Assessment logistics
    • Open vs. closed testing
    • Passive vs. active testing; depth of testing
    • Denial of service (DoS)
    • Enumeration of target information
    • Permission
  • Assessment safety
    • Verification of tool authenticity
    • Vetting tools
    • Safety concepts
    • The dangers of automated scanners
    • Automated tool safety summary
  • Documentation and audit trail
  • Assessment phase 1: network inventory
    • Ping scanning
    • Discrete port scanning (host inventory only)
    • DNS queries
    • Traceroute
    • ARP scanning
Day 2
  • Assessment phase 2: target analysis
    • TCP port scanning
    • UDP port scanning
    • SNMP
  • Assessment phase 3: exploitation and confirmation
    • Automated vulnerability scanning tools
    • (Online) brute-force attacks
    • (Offline) password cracking
    • Manual testing
  • Special consideration testing
    • Firewalls and routers
    • Auditing email servers
    • Web servers
    • Stealth technique summary
  • Vulnerability scanning tools
    • Automated scanning tools
    • Commercial scanners
  • Nessus
    • Nessus Clients
    • Using Nessus
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

W2 Defeating Junk/Spam Email NEW!
Marcus Ranum, Trusecure Corp.
9:00 a.m.–5:00 p.m.

Who should attend: Network and system administrators responsible for email systems; people who are annoyed by junk email; mail server administrators; senior managers who want to understand the technologies for blocking junk email. Some familiarity with Internet email systems is recommended. Familiarity with UNIX system administration is a must.

Is unplugging from the network the only way to avoid junk email? Many organizations are finding that junk email is a major time-waster and performance hog. Some individuals are finding that, every morning, 95% of their inbox is garbage.

This workshop covers real-world issues in dealing with junk email, and how to block a significant percentage of it from your personal or corporate network. Attendees will learn the various techniques of junk email blocking, the tools that are available, and the advantages and disadvantages of various approaches. We will also examine a number of popular tools in detail, and discuss configuration and tuning issues.

Topics include:

  • Junk email: you know what it is when you get it
  • Whitelisting, blacklisting, and blackholing
    • Early attempts at junk email blocking
    • The state of the art in junk email blocking
  • Tools and techniques
    • Setting up a centralized junk email blocking system
    • Integrating junk email blocking into various mail clients
    • Integrating junk email blocking into various servers
    • Legalities and legal initiatives
Marcus Ranum (M4, W2) is senior scientist at Trusecure Corp. and a world-renowned expertMarcus Ranum on security system design and implementation. He is recognized as the inventor of the proxy firewall and the implementer of the first commercial firewall product. Since the late 1980s, he has designed a number of groundbreaking security products, including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC Clue award for service to the security community, and he holds the ISSA lifetime achievement award.

W3 Regular Expression Mastery
Mark-Jason Dominus, Consultant and Author
9:00 a.m.–12:30 p.m.

Who should attend: System administrators and users who use Perl, grep, sed, awk, procmail, vi, or emacs.

Almost everyone has written a regex that produced unexpected results. Sometimes regexes appear to hang forever, and it's not clear what has gone wrong. Sometimes they behave differently in different utilities, and you can't tell why. This class will fix all these problems.

The first section of the class will explore the matching algorithms used internally by common utilities such as grep and Perl. Understanding these algorithms will allow us to predict whether a regex will match, which of several matches will be found, and which regexes are likely to be faster than others, and to understand why all of these behaviors occur. We'll learn why commonly used regex symbols such as ".," "$." and "\1" may not mean what you thought they did.

In the second section, we'll look at common matching disasters, a few practical parsing applications, and some advanced Perl features. We'll finish with a discussion of optimizations that were added to Perl 5.6, and why you should avoid using "/i."

Topics include:

  • Inside the regex engine
    • Regular expressions are programs
    • Backtracking
    • NFA vs. DFA
    • POSIX and Perl
    • Quantifiers
    • Greed and anti-greed
    • Anchors and assertions
    • Backreferences
  • Disasters and optimizations
    • Where machines come from
    • Disaster examples
    • Tokenizing
    • New optimizations
    • Matching strings with balanced parentheses

Mark-Jason Dominus (W3, W6) has been programming in Perl since 1992. HeMark-Jason Dominus is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

W4 Cisco Device Configuration Basics, Part 1 NEW!
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–12:30 p.m.

Who should attend: Anyone who bought a Cisco router or switch on Ebay and wants to know how to configure it.

This class will go through the steps you need to take to configure your router or switch from the day you receive it to actually using it.

Topics include:

  • Introduction to IOS and its naming
  • Cabling your device(s)
  • Loading a new image
  • Stepping through the configuration basics
    • Using the "Setup" script
    • Using the Cisco command line interface
    • Setting up a hostname, DNS, etc.
    • Setting up Network Time Protocol (NTP)
  • Router specifics
    • Configuring the interfaces and IP addresses
    • Forwarding packets (basic routing)
  • Switch specifics
    • Configuring ports
    • Setting up VLANs
  • Security: Access Control List basics
  • Troubleshooting
    • "show" commands
    • "debug" commands
    • CDP (Cisco Discovery Protocol)
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco Systems, Inc., Steve Achesonwhere he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field for over 15 years as a system administrator, network engineer, and security analyst.

Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco Systems, Inc.,Laura Kuiper where she is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a network engineer and security analyst for over 9 years.

W5 Oracle Backup and Recovery
W. Curtis Preston, Glasshouse Technologies
9:00 a.m.–12:30 p.m.

Who should attend: System administrators with Oracle in their environment.

Oracle is one of the most popular databases in today's datacenter, and yet its backup and recovery are often misunderstood and misconfigured. Learn everything everything you need to know about Oracle and its backups in this half-day tutorial. We'll start with an explanation of Oracle architecture, designed especially for the non-DBA. We'll debunk a few myths along the way, such as the one that says Oracle datafiles don't change while Oracle is in backup mode. (You'd be surprised how many people believe that myth.) Other myths we'll debunk include "You can't do hot backups without RMAN" and "You can't use RMAN without buying expensive backup software." Having explained all the pieces that go into Oracle backup and recovery, the instructor will demonstrate various Oracle backup and recovery scenarios live.

Topics include:

  • Oracle architecture
  • Data files
  • Tablespaces
  • Redo logs
  • Control files
  • Rollback segment
  • Physical backups without a storage manager
    • Scripting backups without RMAN
    • Using RMAN without a storage manager
  • Physical backups with a storage manager
  • Managing the archived redo logs
  • Recovering Oracle
  • Logical backups
W. Curtis Preston (T12, W5) is Vice President of Service Development for Glasshouse Technologies, the global leaderW. Curtis Preston in independent storage services. Curtis has ten years experience designing storage systems for many environments, both large and small. As a recognized expert in the field, Curtis has advised the major product vendors regarding product features and implementation methods. Curtis is the administrator of the NetBackup, and NetWorker FAQs, and answers the "Ask The Experts" backup forum on SearchStorage.com. He is also the author of O'Reilly's "UNIX Backup & Recovery," and "Using SANs & NAS," as well as a monthly column in Storage Magazine.

W6 Perl Program Repair Shop and Red Flags
Mark-Jason Dominus, Consultant and Author
1:30 p.m.–5:00 p.m.

Who should attend: Anyone who writes Perl programs regularly. Participants should have at least three months' experience programming in Perl.

You've probably been working too hard when you program, writing twenty lines of code when you only needed ten. But there is a better way, and I will show it to you. You'll learn how to improve your own code and the code of others, making it cleaner, more readable, more reusable, and more efficient, while at the same time making it 30-50% smaller. Smaller code contains fewer bugs and takes less time to maintain.

We will examine several real code examples in detail and see how to improve them. We'll focus on red flags--warning signs in your code that are plainly visible once you know what to look for--and on techniques that require little complex thought or ingenuity. All the bad code in this class is guaranteed 100% genuine and typical.

Participants are encouraged to submit their own code for anonymous review in the class. (Send it to mjd-lisa-2003+@plover.com.) Class content varies depending on submissions, but is sure to include some of the topics listed below.

Topics include:

  • Families of variables
  • Making relationships explicit
  • Refactoring
  • Programming by convention
  • The Flesh Blanket
  • Conciseness
  • Why you should avoid the "." operator
  • Elimination of global variables
  • Superstition
  • The "use strict" zombies
  • Repressed subconscious urges
  • The cardinal rule of computer programming
  • The psychology of repeated code
  • Techniques for eliminating repeated code
  • What can go wrong with "if" and "else"
  • The Condition That Ate Michigan
  • Resisting "Holy Doctrine"
  • Trying it both ways
  • Structural vs. functional code
  • Elimination of structure
  • Boolean values
  • Programs that take two steps forward and one step back
  • Programs that are 10% backslashes
  • 'print print print print print '
  • C-style "for" loops
  • Loop counter variables
  • Array length variables
  • Unnecessary shell calls
  • How (and why) to let "undef" be the special value
  • Confusion of internal and external representations of data
  • Tool use
  • Elimination of repeated code with higher-order functions
  • Learning to use a hammer
  • The "swswsw" problem
  • Avoiding special cases
  • Using uniform data representations

Mark-Jason Dominus (W3, W6) has been programming in Perl since 1992.Mark-Jason Dominus He is a moderator of the comp.lang.perl.moderated newsgroup, the author of the Text::Template, Tie::File, and Memoize modules, a contributor to the Perl core, and author of the perlreftut man page. His work on the Rx regular expression debugger won the 2001 Larry Wall Award for Practical Utility. He lives in Philadelphia with his wife and several plush octopuses.

W7 Cisco Device Configuration Basics, Part 2 NEW!
Steve Acheson and Laura Kuiper, Cisco Systems
1:30 p.m.–5:00 p.m.

Who should attend: Anyone who bought a Cisco router or switch on Ebay and wants to know how to configure it. This class will build on the morning class, W4, to help you get the most out of your Cisco equipment.

Topics include:

  • Review of IOS capabilities and image features
  • Setting up SNMP monitoring
  • SSH (secure access)
  • Switch specifics
    • Spanning tree
    • Trunking
    • Differences between CatOS- and IOS-based switches
  • Router Specifics
    • Making your router a DHCP server
    • Doing NAT/PAT with your router
    • Using the GUI SDM (Security Device Manager) to configure your router
  • More security
    • PVLAN edge (protected port)
    • Local authentication
    • RADIUS authentication
    • Advanced ACLs
    • Using your router as a VPN gateway
  • Additional capabilities your router offers
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco Systems, Inc., Steve Achesonwhere he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field for over 15 years as a system administrator, network engineer, and security analyst.

Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco Systems, Inc.,Laura Kuiper where she is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a network engineer and security analyst for over 9 years.

W8 Introduction to Host Configuration and Maintenance with Cfengine
Mark Burgess, Oslo University College
1:30 p.m.–5:00 p.m.

Who should attend: System administrators with a minimal knowledge of a scripting language who wish to start using cfengine to automate the maintenance and security of their systems. UNIX administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.

Cfengine is a tool for setting up and maintaining a configuration across a network of hosts. It is sometimes called a tool for "Computer Immunology"--your computer's own immune system. You can think of cfengine as a very high level language, much higher-level than Perl or shell, together with a smart agent. The idea behind cfengine is to create a single "policy" or set of configuration files that describes the setup of every host on your network, without sacrificing their autonomy.

Cfengine runs on every host and makes sure that it is in a policy-conformant state; if necessary, any deviations from policy rules are fixed automatically. Unlike tools such as rdist, cfengine does not require hosts to open themselves to any central authority, nor to subscribe to a fixed image of files. It is a modern tool, supporting state-of-the-art encryption and IPv6 transport, that can handle distribution and customization of system resources in huge networks (tens of thousands of hosts). Cfengine runs on hundreds of thousands of computers all over the world.

Topics include:

  • The components of cfengine and how they are used
  • How to get the system running
  • How to develop a suitable policy, step by step
  • Security
  • Examples
  • How to customize cfengine for special tasks

Mark Burgess (W8, F4) is a professor at Oslo University College and is the author of Mark Burgess cfengine. He has been researching the principles of network and system administration for over ten years and is the author of Principles of Network and System Administration (John Wiley & Sons). He is frequently invited to speak at conferences.

Thursday, November 18, 2004
R1 Hacking & Securing Web-based Applications—Hands-On (Day 1 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Is your Web application secure? CD Universe, CreditCard.com, and others have found out the hard way: encryption and firewalls are not enough. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are incapable of locating security issues for Web-based applications.

With numerous real-world examples from the instructor's years of experience with security assessments, this informative and entertaining course is based on fact, not theory. The course material is presented in a step-by-step approach, and will apply to Web portals, e-commerce (B2B or B2C), online banking, shopping, subscription-based services, or any Web-enabled application.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • The primary risks facing Web applications
  • Exposures and vulnerabilities in HTML and JavaScript, authentication, and session tracking
  • Tools, techniques, and methodologies required to locate weaknesses
  • Recommendations for mitigating exposures found
  • Best practices for Web application security
Students will be provided access to several target Web applications. Some of these applications are real applications with known security issues. Others are mock applications designed by Maven Security to simulate real security issues. At each step, the instructor will supply the tools needed and demonstrate the required techniques. All software provided will be publicly available freeware.

Day 1

  • Introduction
    • The problem and root causes
    • Web primer: HTTP and HTML
  • Foundational security
    • OS vulnerabilities
    • Web server security highlights
  • Web server and Web application output
    • HTTP headers
    • HTML and JavaScript
    • Encryption ciphers
    • Error messages
    • Caching
  • Authentication
    • Authentication: digital certificates; form-based; HTTP basic
    • Threats to authentication
  • Sign-on
    • User name harvesting
    • Brute-force password guessing
    • Password harvesting
    • Resource exhaustion
Day 2
  • Session issues
    • Session tracking mechanisms
    • Session ID best practices
    • Session cloning
  • Transaction issues
    • Malicious user input
    • Hidden form elements
    • GET vs. POST
    • JavaScript filters
    • Improper application logic
    • Cross-site scripting (XSS)
  • Third-party products
  • Testing procedures
  • Methodology and safety
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

R2 Managing Samba 2.2 & 3.0
Gerald Carter, Samba Team/Hewlett-Packard
9:00 a.m.–5:00 p.m.

Who should attend: System administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0, including working demonstrations throughout the course session.

Topics include:

  • Providing basic file and print services
  • Upgrading a Samba server from version 2.2 to 3.0
  • Integrating with Windows NT 4.0 and Active Directory authentication services
  • Centrally managing printer drivers for Windows clients
  • Managing NetBIOS network browsing
  • Implementing a Samba primary domain controller along with Samba backup domain controllers
  • Migrating from a Windows NT 4.0 domain to a Samba domain
  • Utilizing account storage alternatives to smbpasswd such as LDAP
  • Making use of Samba VFS modules for features such as virus scanning and a network recycle bin
Gerald Carter (M9, T2, R2) has been a member of the Samba Team since 1998. Gerald Carter He has published articles in various Web-based magazines and gives instructional courses as a consultant for several companies. Currently employed by Hewlett-Packard as a Samba developer, Gerald has written books for SAMS Publishing and is the author of the recent LDAP System Administration (O'Reilly & Associates).

R3 Perl for System Administration NEW!
David N. Blank-Edelman, Northeastern University
9:00 a.m.–12:30 p.m.

Who should attend: System and network administrators with at least advanced-beginner to intermediate Perl skills, who would like a clearer understanding of how Perl can make their jobs easier.

Perl was originally created to help with system administration, so it is a wonder that there isn't more instructional material available to help people in our field use Perl to their advantage. This tutorial hopes to begin to remedy this situation by presenting a solid three hours of instruction on using Perl for system administration. You are also likely to deepen your knowledge of Perl.

Based on the instructor's upcoming O'Reilly book, this tutorial will take a multi-platform approach to the subject. We'll be exploring cutting-edge and old standby system administration topics as they manifest themselves on both UNIX and Windows NT/2000.

Topics include:

  • Secure Perl scripting
  • Dealing with files and filesystems
    • Source control
    • XML
    • Databases
    • Log files
  • Dealing with SQL databases via DBI and ODBC
  • Email as a sysadmin tool (including spam analysis)
  • Network directory services: NIS, DNS, LDAP, ADSI
  • Network management: SNMP and WBEM
David N. Blank-Edelman (M10, R3, R6) is the Director of Technology at the Northeastern University College of David N. Blank-EdelmanComputer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 19 years as a system/network administrator in large multi- platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has given several successful invited talks off the beaten path at LISA.

R4 Next-Generation Security Tools NEW!
Peter Baer Galvin, Corporate Technologies
9:00 a.m.–12:30 p.m.

Who should attend: Systems managers and security managers interested in current security problems and the new generation of tools designed to solve those problems.

This course covers a variety of topics of importance to those designing or implementing security solutions for their installations. It starts with the nasty world of current security threats and the problems sites have to solve. It then talks about what is solvable and what still has no solution. Finally, it covers each of the possible solutions in detail. (Note: Most of these solutions are commercial products.)

Topics include:

  • A security methodology
    • Determining the state of your world
    • Determining the problems to solve
    • Policy and procedure
    • Risk assessment, security audit, and penetration testing
  • Firewalls: Why don't they work?
  • Protecting Web servers
  • Reducing spam
  • Patch management and avoiding patching
  • Network snooping
  • Gaining status knowledge of your facility
  • Content filtering and antivirus software
  • Weak and strong authentication
  • Spyware and peer-to-peer networks
Peter Baer Galvin (M3, T11, R4) is the Chief Technologist for Corporate Technologies, Inc., a systems integrator and VAR, Peter Baer Galvin and was the Systems Manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines. He wrote the "Pete's Wicked World" and "Pete's Super Systems" columns at SunWorld. He is currently contributing editor for Sys Admin, where he manages the Solaris Corner. Peter is co-author of the Operating Systems Concepts and Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences and institutions on such topics as Web services, performance tuning, and high availability.

R5 Introduction to Domain Name System Administration
William LeFebvre, CNN Internet Technologies
9:00 a.m.–12:30 p.m.

Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."

Topics include:

  • DNS and BIND
  • The DNS name hierarchy
  • The four components of DNS
  • Iterative vs. recursive querying
  • Essential resource records: SOA, A, PTR, CNAME, NS
  • Zone transfers and secondaries
  • Vendor-specific differences
William LeFebvre (R5, F5) is an author, programmer, teacher, and sysadmin expert who has beenWilliam LeFebvre using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

R6 Perl Saves the Day: Writing Small Perl Programs to Get You Out of Big Sysadmin Pinches NEW!
David N. Blank-Edelman, Northeastern University
1:30 p.m.–5:00 p.m.

Who should attend: System administrators with at least advanced-beginner to intermediate Perl skills. This tutorial will show them how to get themselves out of a jam using Perl.

Perl is an excellent language for rapid development and prototyping. Thanks to the power of the core language and the large body of additional modules, it is often possible to write quick programs to solve pressing problems. System administrators have no shortage of pressing problems, so knowing how to wield this "swiss-army chain saw" can be a lifesaver.

Centering on battle stories and the Perl source code used to deal with them, we'll discuss approaches to system administration crises using Perl. The code presented in this class will be mostly UNIX-related, with a sprinkling of Windows NT/2000 examples, but the approaches we'll talk about will not be operating-system specific. Students are welcome to bring their own pressure-cooker problems (solved or not) for class discussion.

David N. Blank-Edelman (M10, R3, R6) is the Director of Technology at the Northeastern University College of David N. Blank-EdelmanComputer and Information Science and the author of the O'Reilly book Perl for System Administration. He has spent the last 19 years as a system/network administrator in large multi- platform environments, including Brandeis University, Cambridge Technology Group, and the MIT Media Laboratory. He has given several successful invited talks off the beaten path at LISA.

R7 Recovering from Linux Hard Drive Disasters NEW!
Theodore Ts'o, IBM Linux Technology Center
1:30 p.m.–5:00 p.m.

Who should attend: Linux system administrators and users.

Ever had a hard drive fail? Ever kick yourself because you didn't keep backups of critical files, or you discovered that your regularly nightly backup didn't succeed?

Of course not: you keep regular backups and verify them frequently to make sure they are successful, right? But for those of you who think you might nevertheless someday need this information, this tutorial will discuss ways of recovering from hardware or software disasters.

Topics include:

  • Low-level techniques to recover data from a corrupted ext2/ext3 filesystem when backups aren't available
  • Recovering from a corrupted partition table
  • Using e2image to back up critical ext2/3 filesystem metadata
  • Using e2fsck and debugfs to sift through a corrupted filesystem
  • Some measures to avoid needing to use heroic measures

Theodore Ts'o (R7) has been a Linux kernel developer since almost the very beginnings of Linux: heTheodore Ts'o implemented POSIX job control in the 0.10 Linux kernel. He is the maintainer and author of the Linux COM serial port driver and the Comtrol Rocketport driver, and he architected and implemented Linux's tty layer. Outside of the kernel, he is the maintainer of the e2fsck filesystem consistency checker. Ted is currently employed by IBM Linux Technology Center.

R8 Introduction to Massive Upgrades and Changes
Tom Limoncelli, Cibernet
1:30 p.m.–5:00 p.m.

Who should attend: Sysadmins from environments where upgrading a single large server, or hundreds of individual hosts, is common. Although the focus will be on UNIX and IP networks, all sysadmins will benefit from this tutorial. Examples include situations found both in small and in large sites.

Imagine a project that involves renumbering the IP addresses on thousands of hosts, none of which sees more than one interruption. Imagine upgrading a large server that provides dozens of critical services with confidence that it will be done on time and with all services working. Imagine performing one or more changes on 1,000 individual hosts without fear that you've installed the same typo on each. Imagine a tutorial that teaches the disciplines involved in making those things happen.

This tutorial will include a mix of theory and case studies of real events. Case studies will include success stories as well as disasters—there's much to be learned from both.

Topics include:

  • A sample "change management" policy you can start using right away
  • The network life cycle: birth, certification, decommission
  • Case study: network change management (avoiding outages, managing risk)
  • The project everyone hates: moving your data center
  • Surviving weekend-long maintenance windows with no major problems
  • The secret to successful server upgrades
  • Case study: upgrading a major application server
  • Case study: upgrading a multi-purpose server
  • Service conversions (it's more than just upgrading the software)
  • Case study: IP renumbering and reorganization

Tom Limoncelli (R8, F3), co-author of The Practice of System and Network AdministrationTom Limoncelli (Addison-Wesley), is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he has worked at Dean for America, Lumeta, Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.

Friday, November 19, 2004
F1 Hacking & Securing Web-based Applications—Hands-On (Day 2 of 2) NEW!
David Rhoades, Maven Security Consulting, Inc.
9:00 a.m.–5:00 p.m.

Who should attend: People who are auditing Web application security, developing Web applications, or managing the development of a Web application.

Is your Web application secure? CD Universe, CreditCard.com, and others have found out the hard way: encryption and firewalls are not enough. Numerous commercial and freeware tools assist in locating network-level security vulnerabilities. However, these tools are incapable of locating security issues for Web-based applications.

With numerous real-world examples from the instructor's years of experience with security assessments, this informative and entertaining course is based on fact, not theory. The course material is presented in a step-by-step approach, and will apply to Web portals, e-commerce (B2B or B2C), online banking, shopping, subscription-based services, or any Web-enabled application.

Class exercises will require that students have an x86-based laptop computer that can be booted from a KNOPPIX CD, along with a 10/100 Ethernet network card. Please download a copy of KNOPPIX-STD (https://www.knoppix-std.org), burn it to a CD-R, and try to boot your system on a network offering DHCP. Be sure your network card is recognized by Knoppix-STD, otherwise you will not be able to participate in most classroom exercises. Wireless access will not be supported during class.

Topics include:

  • The primary risks facing Web applications
  • Exposures and vulnerabilities in HTML and JavaScript, authentication, and session tracking
  • Tools, techniques, and methodologies required to locate weaknesses
  • Recommendations for mitigating exposures found
  • Best practices for Web application security
Students will be provided access to several target Web applications. Some of these applications are real applications with known security issues. Others are mock applications designed by Maven Security to simulate real security issues. At each step, the instructor will supply the tools needed and demonstrate the required techniques. All software provided will be publicly available freeware.

Day 1

  • Introduction
    • The problem and root causes
    • Web primer: HTTP and HTML
  • Foundational security
    • OS vulnerabilities
    • Web server security highlights
  • Web server and Web application output
    • HTTP headers
    • HTML and JavaScript
    • Encryption ciphers
    • Error messages
    • Caching
  • Authentication
    • Authentication: digital certificates; form-based; HTTP basic
    • Threats to authentication
  • Sign-on
    • User name harvesting
    • Brute-force password guessing
    • Password harvesting
    • Resource exhaustion
Day 2
  • Session issues
    • Session tracking mechanisms
    • Session ID best practices
    • Session cloning
  • Transaction issues
    • Malicious user input
    • Hidden form elements
    • GET vs. POST
    • JavaScript filters
    • Improper application logic
    • Cross-site scripting (XSS)
  • Third-party products
  • Testing procedures
  • Methodology and safety
David Rhoades (T1, W1, R1, F1) is a principal consultant with Maven Security Consulting, Inc. David Rhoades Since 1996, David has provided information protection services for various FORTUNE 500 customers. His work has taken him across the US and abroad to Europe and Asia, where he has lectured and consulted in various areas of information security. David has a B.S. in computer engineering from the Pennsylvania State University and has taught for the SANS Institute, the MIS Training Institute, and ISACA.

F2 Cisco Security Features NEW!
Steve Acheson and Laura Kuiper, Cisco Systems
9:00 a.m.–5:00 p.m.

Who should attend: Network and system engineers looking to improve their familiarity with Cisco's security capabilities; security professionals interested in the technical details of securing enterprise-class networks.

As security concerns become more pervasive throughout the enterprise market, pressure on network engineers to be more security-conscious continues to grow. In tandem, as smaller enterprises increase their reliance on networked systems, they need network engineers to keep these systems secure. This session provides network engineers with a detailed overview of enterprise networking security and explores how Cisco security features can help the enterprise network.

Topics include:

  • Infrastructure
    • Device configurations
    • Device access and user administration
    • Routing protocol security
    • Layer 2/switches
  • Access control
    • Access Control Lists (ACLs)
      • Standard vs. extended
      • Dynamic
      • Time-based
    • Firewalls
      • CBAC
      • PIX
      • Authentication services
    • Netword Admission Control (NAC)
  • IP telephony
  • Wireless LANs
  • 802.1x
  • Intrusion prevention
  • VPNs
  • Monitoring
Steve Acheson (M7, W4, W7, F2) is currently an Information Security Architect at Cisco Systems, Inc., Steve Achesonwhere he is a senior member of the Corporate Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Steve managed security for NASA's Numerical Aerospace Simulations facility at Ames Research Center. He has worked in the field for over 15 years as a system administrator, network engineer, and security analyst.

Laura Kuiper (W4, W7, F2) is currently a Computer Security Architect at Cisco Systems, Inc.,Laura Kuiper where she is a senior member of the Computer Information Security Department, responsible for network and system security, including designing internal security architecture and external/firewall access. Before working for Cisco, Laura managed the network at SAIC. She has worked in the field as a network engineer and security analyst for over 9 years.

F3 Time Management for System Administrators: Getting It All Done and Not Going (More) Crazy!
Tom Limoncelli, Cibernet
9:00 a.m.–12:30 p.m.

Who should attend: Sysadmins who want to improve their time-management skills, who want to have more control over their time and better follow-through on assignments. If you feel overloaded, miss appointments, and forget deadlines and tasks, this class is for you.

Do any of these statements sound like you?

  • I don't have enough time to get all my work done.
  • I don't have control over my schedule
  • I'm spending all my time mopping the floor; I don't have time to fix the leaking pipe.
  • My boss says I don't work hard enough, but I'm always working my —— off!

Tom Limoncelli used to be a time-management disaster. He reformed himself and offers his insights in this tutorial. Tom currently has two job functions at a financial services company, chairs conferences, writes books, maintains four personal Web sites, serves on the boards of two nonprofits, and has a very full social life. Yet he keeps it all together and has time for himself. If you think you don't have time to take this tutorial, you really need to take this tutorial!

Topics include:

  • Why typical "time management" books don't work for sysadmins
  • How to delegate tasks effectively
  • How to use RT and other request tracking tools
  • A way to keep from ever forgetting a user's request
  • Why "to do" lists fail and how to make them work
  • Managing your boss
  • Managing email more effectively with procmail
  • Prioritizing tasks so that users think you're a genius
  • Getting more out of your Palm Pilot
  • Having more time for fun (for people with a social life)
  • Tips on automating sysadmin processes
  • Efficient phone calls: how to avoid major time wasters
  • How to leave the office every day with a smile on your face
Tom Limoncelli (R8, F3), co-author of The Practice of System and Network Administration Tom Limoncelli (Addison-Wesley), is Director of IT Services at Cibernet Corp. A sysadmin and network wonk since 1987, he has worked at Dean for America, Lumeta, Bell Labs/Lucent, Mentor Graphics, and Drew University. He is a frequent presenter at LISA conferences.

F4 Advanced Topics in Host Configuration and Maintenance with Cfengine NEW!
Mark Burgess, Oslo University College
9:00 a.m.–12:30 p.m.

Who should attend: System administrators with a working knowledge of cfengine (or who have attended the introductory course) and who wish to extend their understanding of cfengine with examples and usage patterns. UNIX and Mac OS X administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.

Cfengine contains many features and facilities that make it a powerful tool for system administration, but it has a large manual that is difficult to absorb without training. In this tutorial we assume that attendees have a basic understanding of how cfengine works and would like to develop a number of "best practices" and examples to maximize their returns.

Topics include:

  • Review of some basics
  • Automating deployment of software throughout your infrastructure
    • UNIX/Mac/Windows
    • update.conf
    • cron and cfexecd
    • When to run
    • Integrating data from information sources
  • Structure and organization of config
    • The overlapping-set model
    • Import
    • Modules
    • Methods
    • When to use these tools
  • Special functions and variables
    • Variables, scalars, arrays
    • Associative arrays and their limitations
    • ExecResult, ReturnsZero, etc.
    • ReadArray, ReadList, etc.
    • IsNewerThan, IsDir, etc.
  • Searching, matching, and wildcards
    • Search filters
    • Regular expressions
    • Wildcard expansions
  • How does cfagent evaluate things?
    • Thinking declaratively
    • Ordering: When does it matter?
    • Locks; What are they, and why are they there?
    • Iteration over lists
    • Control, actionsequence, alerts
  • Services and security
    • PP keys and exchange (trust model)
    • Authentication stages
    • Rule orderings
    • IPv6 issues
    • Peer-to-peer services
    • Example: Backing up laptops
  • Host monitoring
    • cfenvd
    • Interfacing to tcpdump
    • Understanding cfenvgraph output
    • PeerCheck neighborhood watch
    • FriendStatus function
  • Future developments and discussion
Mark Burgess (W8, F4) is a professor at Oslo University College and is the author of Mark Burgess cfengine. He has been researching the principles of network and system administration for over ten years and is the author of Principles of Network and System Administration (John Wiley & Sons). He is frequently invited to speak at conferences.

F5 Intermediate Topics in Domain Name System Administration
William LeFebvre, CNN Internet Technologies
9:00 a.m.–12:30 p.m.

Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.

Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.

Topics include:

  • Subdomains and delegation
  • Resource records: NS, RP, MX, TXT, AAAA
  • Migration to BIND8
  • DNS management tools
  • DNS design
  • DNS and firewalls
William LeFebvre (R5, F5) is an author, programmer, teacher, and sysadmin expert who has beenWilliam LeFebvre using UNIX and Internet technologies since 1983. He writes a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently a technology fellow at CNN Internet Technologies, exploring the applicability of new technology to one of the busiest Web farms on the Internet. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

?Need help? Use our Contacts page.

Last changed: 13 Aug. 2004 jel
Events Calendar