SUNDAY, JUNE 18, 2000
S1 UNIX Security Tools: Use and Comparison Matt Bishop, University of California, Davis S2 Sendmail Configuration and Operation (Updated for Sendmail 8.10) Eric Allman, Sendmail, Inc. S3 System and Network Performance Tuning Marc Staveley, Sun Microsystems, Inc. S4 Advanced Topics in Perl Programming NEW Tom Christiansen, Consultant		S5 Windows NT Internals Jamie Hanrahan, Kernel Mode Systems S6 Hacking Exposed: LIVE! NEW George Kurtz and Eric Schultze, Rampart Security Group S7 Introduction to UNIX Administration Peter Baer Galvin, Corporate Technologies, Inc. S8 Cryptographic Algorithms Revealed NEW Greg Rose, QUALCOMM Australia

S1 UNIX Security Tools: Use and Comparison
Matt Bishop, University of California, Davis

Who should attend: UNIX system, network, and security administrators who need to better understand the various security tools currently available.

The goal of this course is to assist UNIX security administrators, and other interested users, in locating and using publicly available programs to improve the security of their systems. This course will compare the uses and drawbacks of several different programs, with an emphasis on when to use which. Only free tools with source code available will be discussed.

Topics include:

• Tool checking and analysis
  • What to look for
  • How to analyze a tool
  • Checking downloaded tools for security problems
• Static analysis tools: filesystem auditing (tiger, COPS)
• Network analysis and security tools: monitors (nfsbug, tcp_wrappers), SATAN, Gabriel
• Tools for privilege: managing shells (lsu, smrsh)
• Tools for logging and log analysis tools (swatch, logcheck)
• Libraries (msystem, trustfile)
• Tools for authentication: proactive password changers (passwd+, crack)

Matt Bishop (S1) began working on problems of security in UNIX systems at Purdue, where he earned his doctorate. He subsequently worked at the Research Institute for Advanced Computer Science at NASA and taught courses in operating systems, computer security, and software engineering at Dartmouth College. Matt chaired the first USENIX Security Workshop and has been on the faculty at UC Davis since 1993.




S2 Sendmail Configuration and Operation (Updated for Sendmail 8.10)
Eric Allman, Sendmail, Inc.

Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This will be an intense, fast-paced, full-day tutorial for people who have already been exposed to sendmail. This tutorial describes the latest release of sendmail from Berkeley, version 8.10.

We begin by introducing a bit of the philosophy and history underlying sendmail.

Topics include:

• The basic concepts of configuration: mailers, options, macros, classes, keyed files (databases), and rewriting rules and rulesets
• Configuring sendmail using the m4 macro package
• Day-to-day management issues, including alias and forward files, "special" recipients (files, programs, and include files), mailing lists, command-line flags, tuning, and security
• How sendmail interacts with the Domain Name System

Eric Allman (S2, T10) Eric Allman wrote sendmail, leads sendmail.org, and is CTO of Sendmail, Inc. Eric was the lead programmer for the INGRES database management and the Mammoth infrastructure projects and authored syslog, tset, the -me troff macros, and trek, developed a commercial client/server implementation, helped develop a first-generation window system, and contributed to the Ring Array Processor Project. He has been a member of the Board of Directors of the USENIX Association. Eric received his M.S. in Computer Science from U.C. Berkeley. He collects wines, which he stashes in the cellar of the house he shares with Kirk McKusick, his partner of 20-and-some-odd years.

S3 System and Network Performance Tuning
Marc Staveley, Sun Microsystems, Inc.

Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.

We will explore procedures and techniques for tuning systems, networks and application code. Starting from the single-system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single-host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question-and-analysis periods for particular situations will be provided.

Topics include:

• Performance tuning strategies
  • Practical goals
  • Monitoring intervals
  • Useful statistics
  • Tools, tools, tools
  • Server tuning
  • Filesystem and disk tuning
  • Memory consumption and swap space
  • System resource monitoring
• NFS performance tuning
  • NFS server constraints
  • NFS client improvements
  • NFS over WANs
  • Automounter and other tricks
• Network performance, design, and capacity planning
  • Locating bottlenecks
  • Demand management
  • Media choices and protocols
  • Network topologies: bridges, switches, routers
  • Throughput and latency considerations
  • Modeling resource usage
• Application tuning
  • System resource usage
  • Memory allocation
  • Code profiling
  • Job scheduling and queuing
  • Real-time issues
  • Managing response time

Marc Staveley (S3) recently took a position with Sun Microsystems Enterprise Services, where he is applying his 16 years of experience with UNIX development and administration in helping to create new service programs. Previously Marc was an independent consultant, and he has held positions at NCR, Princeton University, and the University of Waterloo. He is a frequent speaker on the topics of standards-based development, multi-threaded programming, systems administration, and performance tuning.



S4 Advanced Topics in Perl Programming NEW
Tom Christiansen, Consultant

Who should attend: Experienced Perl programmers interested in honing their existing Perl skills for quick prototyping, system utilities, software tools, system management tasks, database access, and WWW programming. Participants should have used Perl for basic scripting for several months prior to taking this course.

Topics include:

• Complex data structures
• References
• Memory management and anonymous data structures
• Packages and modules
• Namespaces, scoping, and extent
• Classes and objects
• Object-oriented programming
• Process control and management
• Pipes and signals
• Advanced I/O techniques and file locking
• Assorted tips and tricks to use Perl effectively

Upon completion of this course, students will be able to:

• Develop standard and OO modules for code reuse
• Understand complex and hierarchical data structures
• Understand Perl's facilities for file locking
• Use Perl for multi-process and daemon programming
• Understand inheritance, closures, and scoping in Perl

Who should attend: This tutorial is aimed at operating system developers, applications programmers, and system administrators who need to understand the internal behavior and architecture of Windows NT. (Note: The information presented is valid for both NT Version 4 and Version 5.)

Windows NT is built on a new operating system code base, similar in many ways to well-established OSes such as UNIX and VMS, and very different from Microsoft's DOS/Win16/Windows 9x platforms. This tutorial will describe the behavior of Windows NT from a "system architecture" point of view. Using a variety of tools, we will explore internal interfaces and the behavior of the system, show how NT implements fundamental operating-system functions such as scheduling and memory management, and show how NT's architecture affects some of its functionality.

Topics include:

• General system architecture
• Providing operating system functions to user mode
• Thread scheduling
• Memory management internals
• Using and interpreting performance measurement tools

Jamie Hanrahan (S5) provides Windows NT driver development, consulting, and training services to leading companies. He is co-writing a book on Windows NT device drivers (O'Reilly and Associates). He also has an extensive background in VMS device drivers and internals. He is co-author of VMS Advanced Driver Techniques, and he received Digital's Instructor of the Year award for his courses in VMS device drivers and internals.




S6 Hacking Exposed: LIVE! NEW
George Kurtz and Eric Schultze, Rampart Security Group

Who should attend: Network and system administrators, security administrators, and technical auditors who want to secure their UNIX/NT—based networks.

Is your UNIX/NT—based network infrastructure up to meeting the challenge of malicious marauders? In this tutorial we'll present the methodologies used by today's hackers to gain access to your networks and critical data. We'll demonstrate a typical attack exploiting both well-known and little-known NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX vulnerabilities to circumvent traditional security mechanisms. And we'll identify opportunities to better secure the host and networks against more esoteric attacks. All examples will be demonstrated on a live network of machines.

Topics include:

• Footprinting your site
  • Port scanning
  • Banner grabbing
• Exploiting common configuration and design weaknesses in NT networks
  • Enumerating user and system information from NT 4 and Windows 2000 hosts
  • Exploiting Web services
  • Logging on to NT using only the password hash
  • Routing through IPX and NetBEUI networks
  • Grabbing remote shells on NT
  • Hijacking the GUI
  • Hidden trojans: executing streamed files
• Bypassing routers and firewall filtering
  • Using source ports
  • Leveraging port redirection
  • 101 uses for Netcat
• Linking NT and UNIX vulnerabilities for maximum exploitation
• Securing NT systems to prevent attacks

George Kurtz (S6) has performed hundreds of firewall, network, and e-commerce­related security assessments throughout his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associated Press. He is the co-author of the widely acclaimed Hacking Exposed: Network Security Secrets and Solutions.




Eric Schultze (S6) specializes in assessing and securing Microsoft products. He is a contributing author to Hacking Exposed: Network Security Secrets and Solutions and is a frequent speaker at security conferences, including Black Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education resource center, presenting workshops on NT4 and Windows 2000 security.



S7 Introduction to UNIX Administration
Peter Baer Galvin, Corporate Technologies, Inc.

Who should attend: UNIX or other operating system users wishing to know more about UNIX administration.

This tutorial is designed to teach UNIX administration skills to those who are experienced with computers but new to UNIX administration. The course covers all of the essential system administration topics and stresses professional methods of administration. It uses Solaris as the example operating system when exploring detailed examples, with some Linux tossed in.

Topics include:

• The role of the system administrator
• Overview of the UNIX file system
• User authorization and control
• The file system
• System startup and shutdown
• Boot process and start-up files
• Installation
  • Installation from a CD
  • Jumpstart
  • Patches
  • Installing layered software
• Crash recovery
• File System Backups
• System tuning and process control
• Configuration and devices
• Devices
  • Device naming
  • Device creation
  • Troubleshooting SCSI problems
• Admintool
  • Admintool overview
  • Printing
  • User management
  • Terminal configuration
• System administration goals
  • transparency
  • interoperability
• TCP/IP and RPC
• Networking
• NFS
• File systems
  • Caching file system
  • AutoFS
  • Vold
• Security
  • Restricted shells
  • Sun security packages
  • Post-installation changes
  • Security tools and ideas
• Monitoring, managing, and troubleshooting
• Performance
  • Performance monitoring tools
  • Tuning via cookbook

Peter Baer Galvin (S7, M2) is the chief technologist for Corporate Technologies, a systems integrator and VAR. Previously, he was the systems manager for Brown University's Computer Science Department. He has written articles for Byte and other magazines and is a regular columnist for SunWorld. He is co-author of the Operating Systems Concepts and the Applied Operating Systems Concepts textbooks. As a consultant and trainer, Peter has taught tutorials on security and system administration and has given talks at many conferences.


S8 Cryptographic Algorithms Revealed NEW
Greg Rose, QUALCOMM Australia

Who should attend: Anyone interested in a fairly detailed overview of what makes cryptographic algorithms work, and, when they don't work, how they are broken. The tutorial will be as up-to-the-minute as possible with respect to the development of the Advanced Encryption Standard.

Some mathematical background is required--at the very least, familiarity with common mathematical notation and polynomials, and some elementary statistical knowledge. You've been warned.

Topics include (unless time runs out):

• Brief history
  • substitution and transposition
  • development of DES
  • public-key cryptography
• Symmetric block ciphers
  • Feistel ciphers in general
  • DES
  • SKIPJACK
  • Current AES candidates (Rijndael, Twofish, MARS, RC6, Serpent)
  • Block-cipher modes of operation
• Symmetric stream ciphers
  • Panama
  • A5, SOBER and other LFSR-based constructions
• Cryptanalysis
  • Differential & linear cryptanalysis
  • Attack assumptions and threat models
  • Attacks on stream ciphers
• Public-key systems
  • Group and finite field theory
  • Discrete log systems (El Gamal, Diffie-Hellman, DSS)
  • RSA
  • Elliptic curves
• Other stuff
  • Hash functions, SHA-1

Greg Rose (M4) graduated from the University of New South Wales with a B.Sc. (honours) in computer science and was awarded the University Medal in 1977. A member of the Board of Directors of the USENIX Association, he served as program chair of the 1996 USENIX Security Symposium. As Principal Engineer at QUALCOMM, he focuses on cryptographic security and authentication for wireless communications, and on setting up the office of QUALCOMM Australia. He has written a number of public tools using cryptography, and he holds generic cryptographic export licenses for two countries.