LISA-NT--3rd Large Installation System Administration of Windows NT/2000 Conference
4th USENIX Windows Systems Symposium

July 30 - August 4, 2000
Seattle, Washington, USA

Monday, July 31, 2000

S1 Windows NT and UNIX Integration: Problems and Solutions
Phil Cox, SystemExperts Corporation;
Gerald Carter, Auburn University

Who should attend: System administrators who are responsible for heterogeneous Windows NT– and UNIX–based systems. Attendees should have user-level knowledge of both UNIX and Windows NT, and it's recommended they have systems administration experience in at least one of these OSes.

Today's organizations choose computing solutions from a variety of vendors. Often, integrating the solutions into a seamless, manageable enterprise is an afterthought, left up to system administrators. This course covers specific problem areas in administering a mixture of UNIX and Windows NT systems. The focus will be on practical solutions that can be applied today to real-world administration problems.

Topics include:

• Overview of NT and UNIX
  • Basic homogeneous setups
  • Services: what's offered, and how
  • Similarities
  • Differences
  • Potential sticking points
• Areas of interest
  • Electronic mail
  • Web servers
  • User authentication
  • File serving
  • Printing
  • Faxes and modems
  • Host-to-host connectivity
  • Remote administration
  • Backup and restore

For each of the areas of interest we will cover:

• Current uses in homogeneous environments
• Available answers--where integration can happen
• Integration solutions, how to choose one, some useful tools
• Security considerations

Phil Cox (S1, M1) is a consultant for SystemExperts Corporation. Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in ;login;, the magazine of USENIX & SAGE, and has served on numerous USENIX program committees. Phil holds a B.S. in computer science from the College of Charleston, South Carolina.

Gerald Carter (S1, M2) has been a member of the SAMBA Team since 1998 andhas been maintaining SAMBA servers for the past four years. As a network manager at Auburn University, Gerald maintains approximately 700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach Yourself SAMBA in 24 Hours (Sams Publishing) and has worked as an instructor or technical reviewer for major publishers.

S2 Hacking Exposed: LIVE!
George Kurtz and Eric Schultze, Rampart Security Group

Who should attend: Network and system administrators, security administrators, and technical auditors who want to secure their UNIX/NT—based networks.

Is your UNIX/NT–based network infrastructure up to meeting the challenge of malicious marauders? In this tutorial we'll present the methodologies used by today's hackers to gain access to your networks and critical data. We'll demonstrate a typical attack exploiting both well-known and little-known NT-based vulnerabilities. We'll show how NT attackers can leverage UNIX vulnerabilities to circumvent traditional security mechanisms. And we'll identify opportunities to better secure the host and networks against more esoteric attacks. All examples will be demonstrated on a live network of machines.

Topics include:

• Footprinting your site
  • Port scanning
  • Banner grabbing
• Exploiting common configuration and design weaknesses in NT networks
  • Enumerating user and system information from NT 4 and Windows 2000 hosts
  • Exploiting Web services
  • Logging on to NT using only the password hash
  • Routing through IPX and NetBEUI networks
  • Grabbing remote shells on NT
  • Hijacking the GUI
  • Hidden trojans: executing streamed files
• Bypassing routers and firewall filtering
  • Using source ports
  • Leveraging port redirection
  • 101 uses for Netcat
• Linking NT and UNIX vulnerabilities for maximum exploitation
• Securing NT systems to prevent attacks

George Kurtz (S6, M4) has performed hundreds of firewall, network, and e-commerce­related security assessments throughout his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associated Press. He is the co-author of the widely acclaimed Hacking Exposed: Network Security Secrets and Solutions.

Eric Schultze (S6, M4) specializes in assessing and securing Microsoft products. He is a contributing author to Hacking Exposed: Network Security Secrets and Solutions and is a frequent speaker at security conferences, including Black Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education resource center, presenting workshops on NT4 and Windows 2000 security.

S3 Windows NT Performance Monitoring, Benchmarking and Tuning
Mark T. Edmead, Windows NT Consultant

Who should attend: This presentation is targeted at users and administrators who wish to have detailed information on how to get the most performance out of their Windows NT Workstation and Server.

The presentation starts by providing an overview of the NT system from an internals point of view. Differences between the Workstation and the Server product will be discussed. Then continues with a discussion on performance. The computer is divided into various resource components. Each one of these will be covered in detail so that the audience begins to understand the inter-relationship between them.

Then the presentation covers the performance monitoring and data gathering tools, specifically the Windows NT Performance Monitor. Mainly, how to use the Performance Monitor to automatically gather the system resource data we want for further analysis later.

The next section covers in detail, the different system components and how to solve specific performance problems. More importantly, we will cover WHY they occur as well as how to fix them. The last section covers specific system settings for optimal Workstation or Server performance, registry settings, and performance tradeoffs.

The presentation covers each one of the system resources in detail (CPU, Memory, Disk and Network) and how to analyze their performance and how to solve the bottleneck problems

Mark Edmead (S3) has over 20 years experience in software product development, system design, and project management. He was awarded Entrepreneur of the Year 1988 finalist award sponsored by Arthur Young and Venture Magazine. Previously he taught advanced Windows 3.1 and Windows NT Programming at UC San Diego. He is currently a senior Windows NT instructor for Learning Tree International and a consultant for IBM Global Services, assisting clients with Windows BackOffice solutions and e-commerce security. Mr. Edmead has been involved in the planning, installation, and training of Windows NT Server and Workstation. This includes Domain planning, Network security, capacity planning, and DHCP, WINS and RAS configurations. Delivery of custom in-house training seminars on topics including Windows NT administration, optimization and NT security. Mr. Edmead is the co-author of the book "Windows NT: Performance, Monitoring and Tuning" by MacMillan Publishing.

S4 Windows NT Internals
Jamie Hanrahan, Kernel Mode Systems

Who should attend: This tutorial is aimed at operating system developers, applications programmers, and system administrators who need to understand the internal behavior and architecture of Windows NT. (Note: The information presented is valid for both NT Version 4 and Version 5.)

Windows NT is built on a new operating system code base, similar in many ways to well-established OSes such as UNIX and VMS, and very different from Microsoft's DOS/Win16/Windows 9x platforms. This tutorial will describe the behavior of Windows NT from a "system architecture" point of view. Using a variety of tools, we will explore internal interfaces and the behavior of the system, show how NT implements fundamental operating-system functions such as scheduling and memory management, and show how NT's architecture affects some of its functionality.

Topics include:

• General system architecture
• Providing operating system functions to user mode
• Thread scheduling
• Memory management internals
• Using and interpreting performance measurement tools

Jamie Hanrahan (S5) provides Windows NT driver development, consulting, and training services to leading companies. He is co-writing a book on Windows NT device drivers (O'Reilly and Associates). He also has an extensive background in VMS device drivers and internals. He is co-author of VMS Advanced Driver Techniques, and he received Digital's Instructor of the Year award for his courses in VMS device drivers and internals.

M1 Windows 2000 Security
Phil Cox, SystemExperts; Paul Hill, MIT

Who should attend: System and network administrators who will need to implement or maintain Windows 2000 based systems and networks, and site managers charged with selecting and setting site security requirements.

The security implications of a large Windows 2000 (Win2K) deployment are not yet well understood. The instructors of this tutorial present the problems and solutions surrounding Win2K and security of the networks that it runs on. They'll cover the design of Win2K from a security standpoint, and outline what Win2K has "out of the box" for security. In addition they'll discuss Win2K related risks and appropriate countermeasures that should be taken. They will conclude with specific recommendations on firewalling Win2K as well as pointer on how to "harden" the system.

Topics include:

• Overview of Win2K
  • Domains/ Active Directory
  • Authentication: Kerberos, NTLM, Smart Cards, Certificates and PKI
  • Authorization: Group Policies
  • Auditing: Event Auditing, WEBM, WMI, and SNMP
  • Network Services
• Security Threats
  • What are the threats?
  • Who are the hackers?
  • Methods of attacks
  • Win2K specific threats to watch for
• What Win2K provides as countermeasures
  • Defining Security
  • Authentication
  • Authorization
  • Auditing
  • Protective Measures
  • Detecting and Dealing with Attacks
  • User and Group Security Management
  • File System Security and Resource Sharing
• Firewalling Win2K
  • Defensive Strategies
  • What you need to filter
• Steps to Hardening Win2K

Paul B. Hill (M1) is a programmer/analyst at the Massachusetts Institute of Technology working in Information Systems. He has been involved with the development of MIT's Kerberos implementation since 1991. Paul has been working with Microsoft operating systems since 1982 and has worked with all version of Windows NT. Paul is the senior programmer working on MIT's Project Pismere, a project to provide an academic computing environment on Windows 2000 that is integrated into MIT's existing Athena computing environment. In addition to his MIT responsibilities Paul also consults on system security.

Phil Cox (S1, M1) is a consultant for SystemExperts Corporation, a consulting firm that specializes in system security and management . Phil frequently writes and lectures on issues bridging the gap between UNIX and Windows NT. He is a featured columnist in the USENIX Association Magazine and had been on numerous USENIX program committees. Phil has a B.S. in Computer Science from the College of Charleston, South Carolina.

M2 Configuring and Administering Samba Servers
Gerald Carter, Auburn University

Who should attend: System and network administrators who wish to integrate Samba running on a UNIX-based machine with Microsoft Windows clients. No familiarity with Windows networking concepts will be assumed.

Samba is a freely available suite of programs that allows UNIX-based machines to provide file and print services to Microsoft Windows PCs without installing any third-party software on the clients. This allows users to access necessary resources from both PCs and UNIX workstations. As Samba makes its way into more and more network shops all over the world, it is common to see "configuring Samba servers" listed as a desired skill on many job descriptions for network administrators.

This tutorial will use real-world examples taken from daily administrative tasks.

Topics include:

• Installing Samba from the ground up
• Understanding the basic Microsoft networking protocols and concepts, such as NetBIOS, CIFS, and Windows NT domains (including Windows 2000)
• Configuring a UNIX box to provide remote access to local files and printers from Microsoft Windows clients
• Utilizing client tools to access files on Windows servers from a UNIX host
• Configuring Samba as a member of a Windows NT domain in order to utilize the domain's PDC for user authentication
• Using Samba as a domain controller
• Configuring Samba to participate in network browsing
• Automating the daily tasks of managing Samba

Gerald Carter (S1, M2) has been a member of the SAMBA Team since 1998 andhas been maintaining SAMBA servers for the past four years. As a network manager at Auburn University, Gerald maintains approximately 700 PCs and 30 Solaris 2.x servers. He is the lead author of Teach Yourself SAMBA in 24 Hours (Sams Publishing) and has worked as an instructor or technical reviewer for major publishers.

M3 Topics in Windows NT/2K System Administration: Hot & Cool
Aeleen Frisch, Exponential Consulting

This tutorial discusses a potpourri of topics of current and vital interest to system administrators responsible for Windows NT and Windows 2000 servers.

Topics include:

• What's New in Windows 2000: An overview of the new features in the latest verions of the operating, from a system administrator's point of view.
• Effective Group Policies: The new group policies in Windows 2000 have the potential to be a powerful management and security tool. We will look at them in detail, focusing on how to use them to achieve the results you want/need.
• Disk Management and Optimizing I/O Performance: We will consider a variety of items in this general area, including NTFS version 4 vs. 5, fault tolerance and volume management features, and monitoring/tuning I/O performance.
• Automating Administrative Tasks: Every administrator wants to minimize the amount of time spent performing routine tasks. We will consider several levels at which such jobs can be automated, ranging from unattended OS installations to the automation facilities included with the operating system to creating your own scripts and services.
• Securing a System and Monitoring it Afterwards: Windows 2000's initial release included a security vulnerability during installation. We'll look at the activites needed to secure a Windows NT/2000 system and ways of monitoring its ongoing status in order to keep it that way.

Aeleen Frisch (M3) has been a system administrator for over 15 years. She currently looks after a very heterogeneous network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.

M4 Secure Migration to Windows 2000
George Kurtz and Eric Schultze, Rampart Security Group

Who should attend: Network and Systems Administrators who have been tasked with upgrading NT4 networks. Security Administrators who are responsible for ensuring the Windows 2000 environment will be in compliance with corporate policies. System Auditors who will be assessing the migration from NT4 to Windows 2000.

Windows 2000 offers a wealth of new security options. In order to take advantage of these features, great care must be taken when planning the migration strategy from NT4 to Windows 2000. During this session, we'll develop a multi-phase approach for successfully migrating and securing the NT4-Windows 2000 environment.

Topics include:

• Preparing the NT4 environment for upgrade (cleansing and collapsing the domains),
• Determining appropriate naming structures,
• Selecting Forest, Trust, Domain, and Organizational Unit (OU) designs,
• Implementing advanced security features to support the organization's policies.
  • Group Policies
  • Delegated Administration
  • Proper use of Trusts
  • Management and Design of OUs
  • Per Host and Per User Authentication Options

We will also demonstrate vulnerabilities inherent in default installation modes and mixed NT4–Windows 2000 environments. Countermeasures and recommended security settings will be presented for each potential weakness.

George Kurtz (S2, M4) has performed hundreds of firewall, network, and eCommerce related security assessments through out his security consulting career. He is a regular speaker at many security conferences and is frequently quoted in The Wall Street Journal, InfoWorld, USA Today, and the Associate Press. Additionally, he is the co-author of the widely acclaimed book "Hacking Exposed: Network Security Secrets & Solutions"

Eric Schultze (S2, M4) specializes in assessing and securing Microsoft products. He is a contributing author to "Hacking Exposed: Network Security Secrets & Solutions" and is a frequent speaker at security conferences including Black Hat, CSI, and MIS. Eric is also a faculty instructor for CSI's education resource center, presenting workshops on NT4 and Windows 2000 security.