LISA-NT--3rd Large Installation System Administration of Windows NT/2000 Conference
4th USENIX Windows Systems Symposium
July 30 - August 4, 2000
Seattle, Washington, USA
Sunday, July 30, 2000
S1 Windows NT and UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts; Gerald Carter, Auburn
University
S2 Hacking Exposed: LIVE!
George Kurtz and Eric Schultze, Rampart Security Group
S3 Windows NT Performance Monitoring,
Benchmarking and Tuning
Mark T. Edmead, Windows NT Consultant
S4 Windows NT Internals
Jamie Hanrahan, Kernel Mode Systems
Monday, July 31, 2000
M1 Windows 2000 Security
Phil Cox, SystemExperts; Paul Hill, MIT
M2 Configuring and Administering Samba Servers
Gerald Carter, Auburn University
M3 Topics in Windows NT/2K System
Administration: Hot & Cool
Aeleen Frisch, Exponential Consulting
M4 Secure Migration to
Windows 2000
George Kurtz and Eric Schultze, Rampart Security Group
S1 Windows NT and
UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts Corporation;
Gerald Carter, Auburn University
Who should attend: System administrators who are responsible for
heterogeneous Windows NT and UNIXbased systems. Attendees should
have user-level knowledge of both UNIX and Windows NT, and it's recommended they
have systems administration experience in at least one of these OSes.
Today's organizations choose computing solutions from a variety of vendors.
Often, integrating the solutions into a seamless, manageable enterprise is an
afterthought, left up to system administrators. This course covers specific
problem areas in administering a mixture of UNIX and Windows NT systems. The
focus will be on practical solutions that can be applied today to real-world
administration problems.
Topics include:
-
Overview of NT and UNIX
-
Basic homogeneous setups
-
Services: what's offered, and how
-
Similarities
-
Differences
-
Potential sticking points
-
Areas of interest
-
Electronic mail
-
Web servers
-
User authentication
-
File serving
-
Printing
-
Faxes and modems
-
Host-to-host connectivity
-
Remote administration
-
Backup and restore
For each of the areas of interest we will cover:
-
Current uses in homogeneous environments
-
Available answers--where integration can happen
-
Integration solutions, how to choose one, some useful tools
-
Security considerations
Phil Cox (S1, M1) is a consultant for SystemExperts Corporation. Phil
frequently writes and lectures on issues bridging the gap between UNIX and
Windows NT. He is a featured columnist in ;login;, the magazine of USENIX
& SAGE, and has served on numerous USENIX program committees. Phil holds a
B.S.
in computer science from the College of Charleston, South Carolina.
Gerald Carter (S1, M2) has been a member of the
SAMBA Team since 1998 andhas been maintaining SAMBA servers for the past four
years. As a network manager at Auburn University, Gerald maintains approximately
700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach
Yourself SAMBA in 24 Hours (Sams Publishing) and has worked as an instructor
or technical reviewer for major publishers.
S2 Hacking Exposed:
LIVE!
George Kurtz and Eric Schultze, Rampart Security Group
Who should attend: Network and system administrators, security
administrators, and technical auditors who want to secure their
UNIX/NTbased networks.
Is your UNIX/NTbased network infrastructure up to meeting the challenge of
malicious marauders? In this tutorial we'll present the methodologies used by
today's hackers to gain access to your networks and critical data. We'll
demonstrate a typical attack exploiting both well-known and little-known
NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX
vulnerabilities to circumvent traditional security mechanisms. And we'll
identify opportunities to better secure the host and networks against more
esoteric attacks. All examples will be demonstrated on a live network of
machines.
Topics include:
-
Footprinting your site
-
Port scanning
-
Banner grabbing
-
Exploiting common configuration and design weaknesses in NT networks
-
Enumerating user and system information from NT 4 and Windows 2000 hosts
-
Exploiting Web services
-
Logging on to NT using only the password hash
-
Routing through IPX and NetBEUI networks
-
Grabbing remote shells on NT
-
Hijacking the GUI
-
Hidden trojans: executing streamed files
-
Bypassing routers and firewall filtering
-
Using source ports
-
Leveraging port redirection
-
101 uses for Netcat
-
Linking NT and UNIX vulnerabilities for maximum exploitation
-
Securing NT systems to prevent attacks
George Kurtz (S6, M4) has performed hundreds of firewall,
network, and e-commercerelated security assessments throughout his
security consulting career. He is a regular speaker at many security conferences
and is frequently quoted in The Wall Street Journal, InfoWorld,
USA Today, and the Associated Press. He is the co-author of the widely
acclaimed Hacking Exposed: Network Security Secrets and Solutions.
Eric Schultze (S6, M4) specializes in assessing and securing
Microsoft products. He is a contributing author to Hacking Exposed: Network
Security Secrets and Solutions and is a frequent speaker at security
conferences, including Black Hat, CSI, and MIS. Eric is also a faculty
instructor for CSI's education resource center, presenting workshops on NT4 and
Windows 2000 security.
S3 Windows NT Performance Monitoring,
Benchmarking and Tuning
Mark T. Edmead, Windows NT Consultant
Who should attend: This presentation is targeted at users and
administrators who wish to have
detailed information on how to get the most performance out of their Windows
NT Workstation and Server.
The presentation starts by providing an overview of the NT system
from an internals point of view. Differences between the Workstation and
the Server product will be discussed. Then continues with a discussion on
performance. The computer is divided into various resource components.
Each one of these will be covered in detail so that the audience begins to
understand the inter-relationship between them.
Then the presentation covers the performance monitoring and data gathering
tools, specifically the Windows NT Performance Monitor. Mainly, how to use
the Performance Monitor to automatically gather the system resource data we
want for further analysis later.
The next section covers in detail, the different system components and how
to solve specific performance problems. More importantly, we will cover
WHY they occur as well as how to fix them. The last section covers
specific system settings for optimal Workstation or Server performance,
registry settings, and performance tradeoffs.
The presentation covers each one of the system resources in detail (CPU,
Memory, Disk and Network) and how to analyze their performance and how to
solve the bottleneck problems
Mark Edmead (S3) has over 20 years experience in software product development,
system design, and project management. He was awarded Entrepreneur of the
Year 1988 finalist award sponsored by Arthur Young and Venture Magazine.
Previously he taught advanced Windows 3.1 and Windows NT Programming at UC
San Diego. He is currently a senior Windows NT instructor for Learning
Tree International and a consultant for IBM Global Services, assisting
clients with Windows BackOffice solutions and e-commerce security.
Mr. Edmead has been involved in the planning, installation, and training of
Windows NT Server and Workstation. This includes Domain planning, Network
security, capacity planning, and DHCP, WINS and RAS configurations.
Delivery of custom in-house training seminars on topics including Windows
NT administration, optimization and NT security. Mr. Edmead is the
co-author of the book "Windows NT: Performance, Monitoring and Tuning" by
MacMillan Publishing.
S4 Windows NT
Internals
Jamie Hanrahan, Kernel Mode Systems
Who should attend: This tutorial is aimed at operating system
developers, applications programmers, and system administrators who need to
understand the internal behavior and architecture of Windows NT. (Note: The
information presented is valid for both NT Version 4 and Version 5.)
Windows NT is built on a new operating system code base, similar in many ways to
well-established OSes such as UNIX and VMS, and very different from Microsoft's
DOS/Win16/Windows 9x platforms. This tutorial will describe the behavior
of Windows NT from a "system architecture" point of view. Using a variety of
tools, we will explore internal interfaces and the behavior of the system, show
how NT implements fundamental operating-system functions such as scheduling and
memory management, and show how NT's architecture affects some of its
functionality.
Topics include:
-
General system architecture
-
Providing operating system functions to user mode
-
Thread scheduling
-
Memory management internals
-
Using and interpreting performance measurement tools
Jamie Hanrahan (S5) provides Windows NT driver
development, consulting, and training services to leading companies. He is
co-writing a book on Windows NT device drivers (O'Reilly and Associates). He
also has an extensive background in VMS device drivers and internals. He is
co-author of VMS Advanced Driver Techniques, and he received Digital's
Instructor of the Year award for his courses in VMS device drivers and
internals.
M1 Windows 2000 Security
Phil Cox, SystemExperts; Paul Hill, MIT
Who should attend: System and network administrators
who will need to implement or
maintain Windows 2000 based systems and networks, and site managers
charged with selecting and setting site security requirements.
The security implications of a large Windows 2000 (Win2K) deployment
are not yet well understood. The instructors of this tutorial present
the problems and solutions surrounding Win2K and security of the
networks that it runs on. They'll cover the design of Win2K from a
security standpoint, and outline what Win2K has "out of the box" for
security. In addition they'll discuss Win2K related risks and
appropriate countermeasures that should be taken. They will conclude
with specific recommendations on firewalling Win2K as well as pointer
on how to "harden" the system.
Topics include:
- Overview of Win2K
- Domains/ Active Directory
- Authentication: Kerberos, NTLM, Smart Cards, Certificates and PKI
- Authorization: Group Policies
- Auditing: Event Auditing, WEBM, WMI, and SNMP
- Network Services
- Security Threats
- What are the threats?
- Who are the hackers?
- Methods of attacks
- Win2K specific threats to watch for
- What Win2K provides as countermeasures
- Defining Security
- Authentication
- Authorization
- Auditing
- Protective Measures
- Detecting and Dealing with Attacks
- User and Group Security Management
- File System Security and Resource Sharing
- Firewalling Win2K
- Defensive Strategies
- What you need to filter
- Steps to Hardening Win2K
Paul B. Hill (M1) is a programmer/analyst at the Massachusetts Institute
of Technology working in Information Systems. He has been involved with
the development of MIT's Kerberos implementation since 1991. Paul has
been working with Microsoft operating systems since 1982 and has worked
with all version of Windows NT. Paul is the senior programmer working
on MIT's Project Pismere, a project to provide an academic computing
environment on Windows 2000 that is integrated into MIT's existing
Athena computing environment. In addition to his MIT responsibilities
Paul also consults on system security.
Phil Cox (S1, M1) is a consultant for SystemExperts Corporation, a consulting
firm that specializes in system security and management . Phil frequently
writes and lectures on issues bridging the gap between UNIX and Windows NT.
He is a featured columnist in the USENIX Association Magazine and had been on
numerous USENIX program committees. Phil has a B.S. in Computer Science from
the College of Charleston, South Carolina.
M2 Configuring and
Administering Samba Servers
Gerald Carter, Auburn University
Who should attend: System and network administrators who wish to
integrate Samba running on a UNIX-based machine with Microsoft Windows clients.
No familiarity with Windows networking concepts will be assumed.
Samba is a freely available suite of programs that allows UNIX-based machines to
provide file and print services to Microsoft Windows PCs without installing any
third-party software on the clients. This allows users to access necessary
resources from both PCs and UNIX workstations. As Samba makes its way into more
and more network shops all over the world, it is common to see "configuring
Samba servers" listed as a desired skill on many job descriptions for network
administrators.
This tutorial will use real-world examples taken from daily administrative
tasks.
Topics include:
-
Installing Samba from the ground up
-
Understanding the basic Microsoft networking protocols and concepts, such as
NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
-
Configuring a UNIX box to provide remote access to local files and printers from
Microsoft Windows clients
-
Utilizing client tools to access files on Windows servers from a UNIX host
-
Configuring Samba as a member of a Windows NT domain in order to utilize the
domain's PDC for user authentication
-
Using Samba as a domain controller
-
Configuring Samba to participate in network browsing
-
Automating the daily tasks of managing Samba
Gerald Carter (S1, M2) has been a member of the
SAMBA Team since 1998 andhas been maintaining SAMBA servers for the past four
years. As a network manager at Auburn University, Gerald maintains approximately
700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach
Yourself SAMBA in 24 Hours (Sams Publishing) and has worked as an instructor
or technical reviewer for major publishers.
M3 Topics in Windows NT/2K System
Administration: Hot & Cool
Aeleen Frisch, Exponential Consulting
This tutorial discusses a potpourri of topics of current and vital
interest to system administrators responsible for Windows NT and
Windows 2000 servers.
Topics include:
- What's New in Windows 2000: An overview of the new features in the
latest verions of the operating, from a system administrator's point of
view.
- Effective Group Policies: The new group policies in Windows 2000 have
the potential to be a powerful management and security tool. We will
look at them in detail, focusing on how to use them to achieve the
results you want/need.
- Disk Management and Optimizing I/O Performance: We will consider a
variety of items in this general area, including NTFS version 4 vs. 5,
fault tolerance and volume management features, and monitoring/tuning
I/O performance.
- Automating Administrative Tasks: Every administrator wants to
minimize the amount of time spent performing routine tasks. We will
consider several levels at which such jobs can be automated, ranging
from unattended OS installations to the automation facilities included
with the operating system to creating your own scripts and services.
- Securing a System and Monitoring it Afterwards: Windows 2000's
initial release included a security vulnerability during installation.
We'll look at the activites needed to secure a Windows NT/2000 system
and ways of monitoring its ongoing status in order to keep it that way.
Aeleen Frisch (M3) has been a system administrator for over 15
years. She currently looks after a very heterogeneous network of UNIX and
Windows NT systems. She is the author of several books, including Essential
Windows NT System Administration.
M4 Secure Migration to
Windows 2000
George Kurtz and Eric Schultze, Rampart Security Group
Who should attend: Network and Systems Administrators who have been tasked with upgrading NT4
networks. Security Administrators who are responsible for ensuring the
Windows 2000 environment will be in compliance with corporate
policies. System Auditors who will be assessing the migration from NT4 to
Windows 2000.
Windows 2000 offers a wealth of new security options. In order to take
advantage of these features, great care must be taken when planning the
migration strategy from NT4 to Windows 2000. During this session, we'll
develop a multi-phase approach for successfully migrating and securing the
NT4-Windows 2000 environment.
Topics include:
- Preparing the NT4 environment for upgrade (cleansing and
collapsing the domains),
- Determining appropriate naming structures,
- Selecting Forest, Trust, Domain, and Organizational Unit (OU) designs,
- Implementing advanced security features to support the organization's
policies.
- Group Policies
- Delegated Administration
- Proper use of Trusts
- Management and Design of OUs
- Per Host and Per User Authentication Options
We will also demonstrate vulnerabilities inherent in default installation
modes and mixed NT4Windows 2000 environments. Countermeasures and
recommended security settings will be presented for each potential weakness.
George Kurtz (S2, M4) has performed hundreds of firewall, network, and eCommerce
related security assessments through out his security consulting career. He
is a regular speaker at many security conferences and is frequently quoted in
The Wall Street Journal, InfoWorld, USA Today, and the Associate Press.
Additionally, he is the co-author of the widely acclaimed book "Hacking
Exposed: Network Security Secrets & Solutions"
Eric Schultze (S2, M4) specializes in assessing and securing Microsoft products. He
is a contributing author to "Hacking Exposed: Network Security Secrets &
Solutions" and is a frequent speaker at security conferences including Black
Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education
resource center, presenting workshops on NT4 and Windows 2000 security.
|