Check out the new USENIX Web site.
Conference Home At a Glance Register Tutorials Technical Sessions FREENIX Exhibition Organizers Activities

Tutorials: Overview | By Day (Sunday, Monday, Tuesday) | By Instructor | All in One File

MONDAY, JUNE 19, 2000    
M1 Intrusion Detection and Network Forensics
Marcus J. Ranum, Network Flight Recorder, Inc.
M2 Advanced Solaris Systems Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.
M3 Linux Systems Administration
Bryan C. Andregg, Red Hat, Inc.
M4 Windows NT and UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts Corporation;
Gerald Carter, Auburn University
M5 Security from the Inside Out: System Engineering for Security Systems NEW
Char Sample, L-3 Network Security;
Ian Poynter, Jerboa Inc.
M6 Topics in Systems Administration I NEW
Barb Dijker, NeTrack;
Evi Nemeth, University of Colorado
M7 Administering Windows 2000: A Course for UNIX People UPDATED
Aeleen Frisch, Exponential Consulting
M8 Advanced CGI Techniques Using Perl NEW
Tom Christiansen, Consultant
M9 Modern Security Systems for Intranets, Extranets, and the Internet
Daniel E. Geer, Jr., @Stake;
Jon Rochlis, SystemExperts Corporation
M10 Secure Networking: An Introduction to VPN Architecture and Implementation NEW
Tina Bird, Counterpane Internet Security


M1 Intrusion Detection and Network Forensics
Marcus J. Ranum, Network Flight Recorder, Inc.

Who should attend: Network and system managers, security managers, and auditors. This tutorial assumes some knowledge of TCP/IP networking and client/server computing.

What can intrusion detection do for you? Intrusion detection systems are designed to alert network managers to unusual or possibly hostile events within the network. Once you've found traces of a hacker, what should you do? What kinds of tools can you deploy to determine what happened, how they got in, and how to keep them out? This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered.

Topics include:

  • What is IDS?
    • Principles
    • Prior art
  • Can IDS help?
    • What IDS can and can't do
    • IDS and the WWW
    • IDS and firewalls
    • IDS and VPNs
  • Types and trends in IDS design
    • Anomaly detection
    • Misuse detection
    • Traps
    • Future avenues of research
  • Concepts for building your IDS
    • What you need to know first
    • Performance issues
  • Tools for building your IDS
    • Sniffers and suckers
    • Host logging tools
    • Log recorders
  • Reporting and recording
    • Managing alerts
    • What to throw away
    • What to keep
  • Network forensics
    • So you've been hacked . . .
    • Forensic tools
    • Brief overview of evidence handling
    • Who can help you
  • Resources and references

Marcus J. Ranum (M1) is CEO and founder of Network ranum_marcus Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker.



M2 Advanced Solaris Systems Administration Topics
Peter Baer Galvin, Corporate Technologies, Inc.

Who should attend: UNIX administrators who need more knowledge of Solaris administration.

This course covers a variety of topics that matter to Solaris system administrators. We will discuss the major new features of recent Solaris releases, including which to use and how to use them, and which to avoid. This in-depth course will provide the information a system manager/administrator needs to run a Solaris installation effectively.

Topics include:

  • Installing and upgrading
    • Architecting an appropriate
      facility
    • Choosing the best hardware for your needs
    • Planning your installation, filesystem layout, post-installation steps
    • Installing (and removing) patches and packages
  • Advanced features of Solaris 2
    • CacheFS: configuring and using AutoFS
    • The /proc file system and commands
    • Useful tips and techniques
  • Networking and the kernel
    • Virtual IP: configuration and uses
    • Kernel and performance tuning: new features, adding devices, tuning, debugging commands
    • Devices: naming conventions, drivers, gotchas
  • Enhancing Solaris
    • High-availability essentials: disk failures and recovery, RAID levels, uses and performance, H-A technology and implementation
    • Performance: how to track down and break up bottlenecks
    • Tools: useful free tools, tool use strategies
    • Security: locking down Solaris, system modifications, tools
    • Resources and references

Peter Baer Galvin (S7, M2) is the chief technologist for galvin_peter Corporate Technologies, a systems integrator and VAR. Previously, he was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines and is a regular columnist for SunWorld. He is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences.



M3 Linux Systems Administration
Bryan C. Andregg, Red Hat, Inc.

Who should attend: This tutorial is directed at system administrators who are planning on implementing a Linux solution in a production environment. Course attendees should be familiar with the basics of systems administration in a UNIX/Linux environment: user-level commands, administration commands, and TCP/IP networking. The novice administrator and the guru should both leave the tutorial having learned something.

Topics include (with special emphasis on security):

  • Installation features
  • Disk partitioning and RAID
  • Networking
  • User accounts
  • Services
  • NFS and NIS
  • High-availability environments
  • The workplace
  • Up and coming in the Linux world (CODA, LVM, etc.)

Upon completion of the course, attendees should feel confident in their ability to set up and maintain a secure and useful Linux network. The tutorial will be conducted in an open manner that allows for questions at all times.

Bryan C. Andregg (M3, T6) is the Director of Networks andregg_bryan at Red Hat Inc. He has been with the company for three years and in that time has moved from being the only systems administrator through almost every job in IS. Bryan's next round of business cards will give his job title as "firefighter."




M4 Windows NT and UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts Corporation;
Gerald Carter, Auburn University

Who should attend: System administrators who are responsible for heterogeneous Windows NT­ and UNIX­based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it's recommended they have systems administration experience in at least one of these OSes.

Today's organizations choose computing solutions from a variety of vendors. Often, integrating the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This course covers specific problem areas in administering a mixture of UNIX and Windows NT systems. The focus will be on practical solutions that can be applied today to real-world administration problems.

Topics include:

  • Overview of NT and UNIX
    • Basic homogeneous setups
    • Services: what's offered, and how
    • Similarities
    • Differences
    • Potential sticking points
  • Areas of interest
    • Electronic mail
    • Web servers
    • User authentication
    • File serving
    • Printing
    • Faxes and modems
    • Host-to-host connectivity
    • Remote administration
    • Backup and restore

For each of the areas of interest we will cover:

  • Current uses in homogeneous environments
  • Available answers--where integration can happen
  • Integration solutions, how to choose one, some useful tools
  • Security considerations

Phil Cox (M4, T5) is a consultant for SystemExperts Corporation. Phil cox_philfrequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.



Gerald Carter (M4, T4) has been a member of the carter_gerald SAMBA Team since 1998 andhas been maintaining SAMBA servers for the past four years. As a network manager at Auburn University, Gerald maintains approximately 700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach Yourself SAMBA in 24 Hours (Sams Publishing) and has worked as an instructor or technical reviewer for major publishers.



M5 Security from the Inside Out: System Engineering for Security Systems NEW
Char Sample, L-3 Network Security;
Ian Poynter, Jerboa Inc.

Who should attend: Consultants, systems architects, information security professionals, system administrators, and anyone responsible for planning, implementing, or evaluating security systems.

There are many different point solutions that address various security issues. Firewalls, IDS, VPNs, authentication devices, and various servers provide tactical point solutions. How do we pull all of these together to form a security system? How do we properly engineer this system and avoid the pitfalls of over-engineering?

You will learn how to quantify values in your networked environment, giving you the information to determine how much security is needed and where.

Topics include the following systems engineering areas as they relate to network security:

  • Needs
  • Operations, stated and unstated
  • Requirements: how to derive and quantify them
  • Architecture
  • Design
  • Implementation and integration
  • Testing and evaluation (or reevaluation) of the security system

While these steps may seem obvious to most of us, when we implement security systems we rarely, if ever, follow this process. We will discuss the vision of a security architecture and how to handle all phases of this process, how to engineer the multiple layers of security, and how to navigate politically and technically to create the best solution for your environment.

Char Sample (M5), a senior systems engineer at L-3 sample_char Network Security, has over fourteen years of experience in the industry. One of the original five engineers on the Gauntlet project at Trusted Information Systems, Char has installed and integrated over 200 firewalls and has experience deploying e-commerce solutions. She has developed and delivered training for a number of organizations and has been an invited speaker for various industry security conferences.


Ian Poynter (M5) is president of Jerboa Inc., a strategic poynter_ian Internet security consultancy he founded in 1994. He has over 14 years in the technology industry, focusing on networking and human/computer interfaces. He has delivered firewall and Internet security training to key IS personnel and has appeared as an expert speaker at professional meetings and industry conferences. Mr. Poynter holds a B.Sc. First Class in computer science from University College, London.


M6 Topics in Systems Administration I NEW
Barb Dijker, NeTrack;
Evi Nemeth, University of Colorado

Who should attend: System and network administrators who want to learn real-life solutions to everyday problems.

Overwhelmed by the rapid change in the systems administration field? This tutorial is a potpourri of learning about UNIX topics that will make you more effective in your role as a system administrator.

Topics include:

  • LDAP: We'll tell you what it is and how to use it in real life. We'll cover integration of LDAP with an organization directory, sendmail, and firewalls. The major focus will be on choosing a UNIX server that's right for your organization.
  • RRDtool: This data management tool (from the author of MRTG) is ideal for site statistics monitoring. The class will explain how to use available front ends to monitor network and host performance.
  • Y2K reflections: The year change came and went with very few issues. We'll discuss what did go wrong, and what the UNIX community learned from all the energy that was spent in preparation.
  • DHCP: Short on address space? Sick of configuring each and every one of your users' machines? We'll talk about making DHCP work for your organization. We will cover servers and clients, on both UNIX and NT and hosts.
  • Disaster planning: In planning for disasters, whether they are physical incidents, security incidents, or just sysadmin errors, hindsight and good backups are invaluable. We will provide some guidelines and a checklist of some of the documentation that you need to maintain to make disasters more recoverable.
  • Security tools: A new generation's worth of security management tools are on the loose, and we'll help you understand how to use them to your advantage. We'll examine new scanning tools such as Nessus and nmap, as well as looking at new tools to facilitate security forensics.

Barb Dijker (M6) is currently the owner of and lead everything at NeTrack, a Colorado ISP. She's also the Executive Director of the Colorado Internet Cooperative Association and the president of SAGE. Barb has been a system administrator for 12 years.

Evi Nemeth (M6) is a faculty member in computer sci nemeth_evi ence at the University of Colorado and has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.




M7 Administering Windows 2000: A Course for UNIX People UPDATED
Aeleen Frisch, Exponential Consulting

Who should attend: UNIX system administrators who are also responsible for Windows 2000 systems (or who may become responsible for them). Attendees should be comfortable with general systems administration concepts (file systems, processes, user accounts, backups, and the like), as well as the major tools and procedures used to manage them on UNIX systems. As was true with Windows NT 4.0, a sense of humor will be beneficial when initially approaching Windows 2000.

The primary goal of this course is to help you apply what you already know about systems administration under UNIX to the tasks and challenges of the Windows 2000 environment, in an effort to make that transition as easy and painless as possible. The course will include a variety of real-world examples and will focus on practical techniques and strategies for Windows 2000 systems administration. You can expect a very fast-paced, information-rich course.

Note: People who are familiar with Windows NT 4.0 will find some/much of the material in this course to be a review. Differences between Windows NT 4.0 and Windows 2000 will be discussed.

Topics include:

  • Windows 2000 overview
  • Upgrading Windows NT 4.0 systems
  • Booting under Windows NT
  • Managing user accounts under Active Directory
  • Disks and file systems
  • Networking: connecting to UNIX and other systems
  • Printing on and from Windows 2000 systems
  • Overview of Windows 2000 security
  • Integration with UNIX systems

Aeleen Frisch (M7) has been a system administrator for frisch_aeleen over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.




M8 Advanced CGI Techniques Using Perl NEW
Tom Christiansen, Consultant

Who should attend: Experienced Perl programmers and Webmasters interested in learning more about CGI techniques than would be learned in a class on how to write a CGI program in Perl. Attendees are assumed to know the fundamentals of HTML and CGI programming, as well as using (but not writing) Perl modules.

CGI programming is fundamentally an easy thing. The Common Gateway Interface merely defines that a CGI program be able to read stdin and environment variables, and to write stderr. But writing efficient CGI programs of any degree of complexity is a difficult process.

Topics include:

  • Multi-stage forms
    • Sequential
    • cart" systems
    • Undirected "jump page" systems
    • Techniques for recording selections across pages
  • Cookies
    • For authentication and authorization
    • For user tracking
    • For data validation
    • For data hiding and indirection
    • Data exchange and efficiency
    • File uploading
    • Redirection and temporary aliasing
  • CGI Security
    • Taint checking
    • Denial-of-Service attacks
    • Data security
    • Daemonization of processes
    • Fast CGI and mod_perl
    • Front-end/back-end solutions
    • Backgrounding
    • Invocation and response techniques
    • Statelessness and statefulness
    • PATH_INFO vs. cookies vs. CGI parameters
    • Static vs. dynamic vs. locally cached responses
  • Web automation from CGI scripts
    • Fetching remote pages
    • Parsing HTML and extracting data
    • Determining and setting image sizes

In all examples, we will show which Perl modules make these tasks easier. Numerous code examples will be provided, as well as pointers to Web pages containing fully functioning examples for later examination.

Tom Christiansen (S4, M8) has been involved with Perl christiansen_tom since day zero of its initial public release in 1987. Lead author of The Perl Cookbook, co-author of Programming Perl, Learning Perl, and Learning Perl on Win32 Systems, Tom is also the major caretaker of Perl's online documentation. He holds undergraduate degrees in computer science and Spanish and a Master's in computer science. He now lives in Boulder, Colorado.



M9 Modern Security Systems for Intranets, Extranets, and the Internet
Daniel E. Geer, Jr., @Stake;
Jon Rochlis, The Rochlis Group

In today's fast-moving Internet and client-server world, security is a critical component of most systems. But security systems are complex and confusing. Different systems provide overlapping functionality, and what's popular today may
be gone tomorrow. This course describes many of today's most popular network security systems. We describe how the various security protocols work, what value they provide, and how difficult they are to implement. The goal: attendees should become well equipped to understand which protocols are applicable to their environments and systems, which to pursue in more detail, and which are likely to be just a flash in the pan.

Topics include:

  • Internet/intranet security: confidentiality, authentication, integrity, authorization
  • Fundamental technology: encryption, public key, private key, certification
  • Low-security systems: basic WWW/HTTP, cookies, classic remote login (telnet/rlogin/rsh), file transfer
  • Secure Socket Layer (SSL) for securing HTTP
  • Kerberos-based systems: intranet cross-application private key, including MS-DCE and Microsoft NT5
  • Secure Shell (SSH): remote login and lots more
  • Email: PGP & S/Mime
  • VPNs: IPSec, remote access
  • Payment protocols: Digicash, SET (Visa/Mastercard), and more

Daniel E. Geer, Jr. (M9), is CTO of @Stake. Dr. Geer geer_dan has a long history in network security and distributed computing management as an entrepreneur, consultant, teacher, and architect. He holds a B.S. in electrical engineering and computer science from MIT, and an Sc.D. in biostatistics from Harvard University. In USENIX he has participated in virtually every activity, including serving as technical program chair for the San Diego, California, 1993 Winter Technical Conference, as well as conference chair for both the First Symposium on Mobile and Location Independent Computing and the First USENIX Workshop on Electronic Commerce. He was elected to the Board of Directors in June 1994 and began an elected two-year term as vice-president in June 1996. He is the co-author of Wiley's Web Security Sourcebook (June 1997).

Jon Rochlis (M9) rochlis_jon_a is the President of The Rochlis Group, Inc. He was formerly a senior consultant for SystemExperts Corp., providing high-level advice to businesses large and small in the areas of network security, distributed systems design and management, high availability, and electronic commerce. Before joining SystemExperts, Mr. Rochlis was engineering manager with BBN Planet, a major national Internet service provider.



M10 Secure Networking: An Introduction to VPN Architecture and Implementation NEW
Tina Bird, Counterpane Internet Security

Who should attend: System administrators and network managers responsible for remote access and wide-area networks within their organization. Participants should be familiar with TCP/IP networking and fundamental network security, although some review is provided. The purpose of this tutorial is to provide a step-by-step guide to evaluating an organization's VPN requirements, selecting the appropriate VPN architecture, and implementing it within a preexisting security infrastructure.

Virtual private networking technology provides a flexible mechanism for addressing connectivity needs within many organizations. This class focuses on assessing business and technical requirements for remote access and extranet connections; evaluating VPN technology; integrating VPNs within an existing network infrastructure; common implementation difficulties; and VPN security issues.

Topics include:

  • VPN security features (encryption, access control, NAT) and how they protect against common Internet threats
  • Assessing your organization's needs for remote access
  • IPSec, PPTP, application-layer VPNs, and where they fit
  • A brief review of commercial VPN products
  • Implementing VPN technology within your organization's network
  • Common VPN difficulties
  • VPN security issues

After completing this course, attendees should be ready to evaluate their requirements for remote access and begin testing commercial VPN implementations.

Tina Bird (M10) is a senior security analyst at Counter bird_tina pane Internet Security. She has implemented and managed a variety of wide-area-network security technologies and has developed, implemented, and enforced corporate IS security policies. She is the moderator of the VPN mailing list and the owner of "VPN Resources on the World Wide Web," a vendor-neutral source of information about VPN technology. Tina has a B.S. in physics from Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.




?Need help? Use our Contacts page.
Last changed: 1 June 2000 jr
Conference index
Events Calendar
USENIX home