By Day (Sunday,
Monday, Tuesday) |
By Instructor | All in One File
S1 UNIX Security
Tools: Use and Comparison
Who should attend: UNIX system, network, and security administrators who need to better understand the various security tools currently available.
The goal of this course is to assist UNIX security administrators, and other interested users, in locating and using publicly available programs to improve the security of their systems. This course will compare the uses and drawbacks of several different programs, with an emphasis on when to use which. Only free tools with source code available will be discussed.
Matt Bishop (S1) began working on problems of
security in UNIX systems at Purdue, where he earned his doctorate. He subsequently
worked at the Research Institute for Advanced Computer Science at NASA and
taught courses in operating systems, computer security, and software engineering
at Dartmouth College. Matt chaired the first USENIX Security Workshop and has
been on the faculty at UC Davis since 1993.
Who should attend: System administrators who want to learn more about the sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This will be an intense, fast-paced, full-day tutorial for people who have already been exposed to sendmail. This tutorial describes the latest release of sendmail from Berkeley, version 8.10.
We begin by introducing a bit of the philosophy and history underlying sendmail.
Eric Allman (S2, T10) Eric Allman wrote sendmail, leads sendmail.org, and is CTO of Sendmail, Inc. Eric was the lead programmer for the INGRES database management and the Mammoth infrastructure projects and authored syslog, tset, the -me troff macros, and trek, developed a commercial client/server implementation, helped develop a first-generation window system, and contributed to the Ring Array Processor Project. He has been a member of the Board of Directors of the USENIX Association. Eric received his M.S. in Computer Science from U.C. Berkeley. He collects wines, which he stashes in the cellar of the house he shares with Kirk McKusick, his partner of 20-and-some-odd years.
S3 System and Network
Who should attend: Novice and advanced UNIX system and network administrators, and UNIX developers concerned about network performance impacts. A basic understanding of UNIX system facilities and network environments is assumed.
We will explore procedures and techniques for tuning systems, networks and application code. Starting from the single-system view, we will examine how the virtual memory system, the I/O system, and the file system can be measured and optimized. We'll extend the single-host view to include Network File System tuning and performance strategies. Detailed treatment of networking performance problems, including network design and media choices, will lead to examples of network capacity planning. Application issues, such as system call optimization, memory usage and monitoring, code profiling, real-time programming, and techniques for controlling response time will be addressed. Many examples will be given, along with guidelines for capacity planning and customized monitoring based on your workloads and traffic patterns. Question-and-analysis periods for particular situations will be provided.
Marc Staveley (S3) recently took a position with Sun
Microsystems Enterprise Services, where he is applying his 16 years of
experience with UNIX development and administration in helping to create new
service programs. Previously Marc was an independent consultant, and he has held
positions at NCR, Princeton University, and the University of Waterloo. He is a
frequent speaker on the topics of standards-based development, multi-threaded
programming, systems administration, and performance tuning.
Who should attend: Experienced Perl programmers interested in honing their existing Perl skills for quick prototyping, system utilities, software tools, system management tasks, database access, and WWW programming. Participants should have used Perl for basic scripting for several months prior to taking this course.
Upon completion of this course, students will be able to:
S5 Windows NT Internals
Jamie Hanrahan, Kernel Mode Systems
Who should attend: This tutorial is aimed at operating system developers, applications programmers, and system administrators who need to understand the internal behavior and architecture of Windows NT. (Note: The information presented is valid for both NT Version 4 and Version 5.)
Windows NT is built on a new operating system code base, similar in many ways to well-established OSes such as UNIX and VMS, and very different from Microsoft's DOS/Win16/Windows 9x platforms. This tutorial will describe the behavior of Windows NT from a "system architecture" point of view. Using a variety of tools, we will explore internal interfaces and the behavior of the system, show how NT implements fundamental operating-system functions such as scheduling and memory management, and show how NT's architecture affects some of its functionality.
Jamie Hanrahan (S5) provides Windows NT driver
development, consulting, and training services to leading companies. He is
co-writing a book on Windows NT device drivers (O'Reilly and Associates). He
also has an extensive background in VMS device drivers and internals. He is
co-author of VMS Advanced Driver Techniques, and he received Digital's
Instructor of the Year award for his courses in VMS device drivers and
Who should attend: Network and system administrators, security administrators, and technical auditors who want to secure their UNIX/NTbased networks.
Is your UNIX/NTbased network infrastructure up to meeting the challenge of malicious marauders? In this tutorial we'll present the methodologies used by today's hackers to gain access to your networks and critical data. We'll demonstrate a typical attack exploiting both well-known and little-known NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX vulnerabilities to circumvent traditional security mechanisms. And we'll identify opportunities to better secure the host and networks against more esoteric attacks. All examples will be demonstrated on a live network of machines.
George Kurtz (S6) has performed hundreds of firewall,
network, and e-commercerelated security assessments throughout his
security consulting career. He is a regular speaker at many security conferences
and is frequently quoted in The Wall Street Journal, InfoWorld,
USA Today, and the Associated Press. He is the co-author of the widely
acclaimed Hacking Exposed: Network Security Secrets and Solutions.
Who should attend: UNIX or other operating system users wishing to know more about UNIX administration.
This tutorial is designed to teach UNIX administration skills to those who are experienced with computers but new to UNIX administration. The course covers all of the essential system administration topics and stresses professional methods of administration. It uses Solaris as the example operating system when exploring detailed examples, with some Linux tossed in.
Peter Baer Galvin (S7, M2) is the chief technologist for
Corporate Technologies, a systems integrator and VAR. Previously, he was the
systems manager for Brown University's Computer Science Department. He has
written articles for Byte and other magazines and is a regular columnist
for SunWorld. He is co-author of the Operating Systems Concepts
and the Applied Operating Systems Concepts textbooks. As a consultant and
trainer, Peter has taught tutorials on security and system administration and
has given talks at many conferences.
Who should attend: Anyone interested in a fairly detailed overview of what makes cryptographic algorithms work, and, when they don't work, how they are broken. The tutorial will be as up-to-the-minute as possible with respect to the development of the Advanced Encryption Standard.
Some mathematical background is required--at the very least, familiarity with common mathematical notation and polynomials, and some elementary statistical knowledge. You've been warned.
Topics include (unless time runs out):
Greg Rose (M4) graduated from the University of New
South Wales with a B.Sc. (honours) in computer science and was awarded the
University Medal in 1977. A member of the Board of Directors of the USENIX
Association, he served as program chair of the 1996 USENIX Security Symposium.
As Principal Engineer at QUALCOMM, he focuses on cryptographic security and
authentication for wireless communications, and on setting up the office of
QUALCOMM Australia. He has written a number of public tools using cryptography,
and he holds generic cryptographic export licenses for two countries.