Overview Tutorials

The attendees of the SANE 2004 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hat Sessions will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The BHS IV: Developments in Security session is a tutorial like the BHS III: The Essentials tutorial given at SANE 2002. There will be an overlap so keep this in mind if you have visited the tutorial at SANE 2002. Of course, new developments will also be discussed, including topics like wireless networks and IPSes. The focus of the tutorial is the general method of breaking into and protecting systems, although plenty of current examples will be shown.

Target audience:
Attendees are expected to have basic knowledge of UNIX and IP networks.

The attendees of the SANE 2004 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hat Sessions will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The BHS IV: Developments in Security session is a tutorial like the BHS III: The Essentials tutorial given at SANE 2002. There will be an overlap so keep this in mind if you have visited the tutorial at SANE 2002. Of course, new developments will also be discussed, including topics like wireless networks and IPSes. The focus of the tutorial is the general method of breaking into and protecting systems, although plenty of current examples will be shown.

Target audience:
Attendees are expected to have basic knowledge of UNIX and IP networks.

This tutorial is intended for system administrators who are currently managing Samba servers or are planning to deploy new servers this year. This course will outline the new features of Samba 3.0 including working demonstrations throughout the course session.

Attendees will learn how to

• Install Samba including new tools packaged with Samba 3.0
• Safely upgrade servers from 2.2 to 3.0
• Configure and maintain Samba's file serving features
• Configure and maintain Samba's basic print spooling features
• Configure and debug Samba servers participating in the Microsoft Network Neighborhood
• Utilize advanced Samba file serving features such as access control lists (ACLs)
• Configure Samba to support Windows point-and-print features by serving printer drivers on demand
• Install Samba as a member of Windows domain
• Install Samba as a domain controller
• Migrate from a Windows NT 4.0 domain to a Samba domain
• Replace smbpasswd using alternative account storage back-ends such as LDAP

System Administrators today run a variety of directory services, although these are referred to by names such as DNS and NIS. The Lightweight Directory Access Protocol (LDAP) is the up and coming successor to the X500 directory and has the promise of allowing administrators to consolidate multiple existing directories into one.

The tutorial is for both LDAP directory administrators and architects. The focus is on integrating standard network services with LDAP directories. The examples are based on UNIX hosts and the OpenLDAP directory server and will include actual working demonstrations throughout the course.

Attendees will learn how to utilize LDAP directories in:

• Replacing NIS domains
• Integraing Samba user accounts
• Authenticating RADIUS clients
• Integrating MTA's such as Sendmail & Postfix
• Creating address books for mail clients
• Managing user access to HTTP and FTP services
• Storing DNS zone information
• Managing printer information

Target Audience:
Systems and Network Administrators

MODULE 1: Introduction and IPv6 Packet Structure

An introduction to IPv6 explaining new and improved features, comparing the new IPv6 packet structure to that of IPv4.

Topics include:

• IPv6 objectives and characteristics
• IPv6 packet structure
  • IPv6 header layout
  • extension headers
• Real-time support in IPv6

MODULE 2: IPv6 Addressing and Routing

A detailed explanation of the IPv6 addressing architecture, introducing different types of address, the 6Bone, and transitioning mechanisms for early deployment of IPv6 networks.

Topics include:

• IPv6 addressing:
  • global unicast, multicast, and anycast addresses>
  • site-local and link-local addresses
• IPv6 routing
• Transition from IPv4 to IPv6:
  • 6Bone
  • Configured Tunneling
  • Automatic Tunneling

MODULE 3: IPv6 and Autoconfiguration

The ins-and-outs of autoconfiguration in IPv6, including the automatic derivation of interface identifiers and the discovery of network prefixes, gateways and other network parameters.

Topics include:

• ICMPv6
• IPv6 address-resolution; solicited node multicast addresses
• Neighbor Discovery
• Autoconfiguration;
  • stateless versus stateful autoconfiguration
  • DHCPv6

MODULE 4: IPv6 and Security

Devoted to the IPv6 Security facilities, also known as IPSEC. This module treats IPSEC in the context of IPv6, but also applies to IPSEC a used in combination with IPv4.

Topics include:

• Security in IPv6.
  • Security Concepts
  • IPSEC Authentication Header
  • IPSEC Encapsulating Security Payload
  • Key management

Topics not covered

• Mobile IPv6
• IPv6 QoS

Who should attend
This tutorial is intended for anyone with some basic TCP/IP experience. It will be of interest for both network administrators and consultants, providing hands-on demos as well as a thorough treatment of IPv6 concepts.

In this course you will learn how to design a network layout using various wireless network technologies, how to deploy and how to use the network safely.

Topics include:

• Network design
  • Wired vs Wireless
  • Technologies available
  • Protocols on physical level
  • Protocols on higher levels
  • Topologies
  • Equipment available
• Deployment
  • Antenna theory
  • Site surveys
  • Selection of equipment
  • Antenna setup, cabling
  • Management issues
  • Routing
  • Security
  • Free software available
• Usage
  • Integration
  • Security
  • Management

Target Audience:
The course is targetted towards te network professional / engineer who wants to set up a wireless network or revise an existing wireless infrastructure. We will discuss simple setups to cover a conference room as well as building to building networks and fully wireless infrastructures. (eg. wireless communities an mesh networking)

After completion of this course the attendees will have basic as well as advanced knowledge how to set-up, layout, deploy and (safely) use wireless infrastructures on various scales.

Who should attend:

• UNIX system administrators who want or need to administer Macintosh systems running Mac OS X and/or Mac OS X Server.
• Familiarity with standard UNIX system administration concepts and tasks is assumed. No previous Macintosh experience is necessary.
• Experienced Macintosh users who want to learn about system administration tasks in the Mac OS X environment will also benefit from this course.
• People very familiar with Max OS X or with the NeXTSTEP environment will find much of this material to be a review. Note that comparisons with NeXTSTEP will not be made.

Topics include:

• What is this beast and what's Darwin (and why should I care)?
  • System architecture
• Basic tasks
  • Installation hints and pitfalls
  • Software packages
  • Startup and shutdown
• File and file systems
  • File system layout
  • File types: resource forks, applications, etc.
• User management
  • Users and groups
  • Mac OS X shared domains
  • Managed preferences
• Networking
  • Client configuration
  • Managing standard TCP/IP daemons: DNS, DHCP, NTP, and so on
  • The Mac OS X multiprotocol environment
  • Rendezvous and its implications
• Process management and performance
• Managing funky Mac peripherals and user expectations
• Mac OS X security architecture and implementation

We will note interactions between the UNIX implementation and the Mac graphical user/administrative environment.

Postfix is a secure, fast, rock solid, flexible, open Internet standards compliant Mail Transfer Agent (MTA), written by Wietse Venema. It started life back in 1997 as a sendmail replacement. This tutorial covers the official Postfix 2.1.x release.

Initially, we will walk you through some of the key features of Postfix and its architecture: processes, queues, lookup tables, ...

Next, basic installation and configuration will be looked at in more detail and some practical examples for day to day use will be shown.

After that, we'll move towards more advanced topics, including address rewriting, performance tuning, resource control and debugging techniques. Focus will also be on junk-mail control and anti-virus solutions, including those that can be implemented in the Postfix SMTP server before actually accepting a message.

Target Audience
This tutorial is intended for systems administrators who are familiar with common (SMTP) e-mail software and want to learn more about the Postfix MTA, particularly details of configuration and operational issues. Some basic knowledge about the SMTP protocol and the UNIX operating system is assumed.

The tutorial will explain how to plan and realize the creation of a Beowulf cluster. We start with the selection of hardware components and deal with how to avoid some pitfalls. Then we will plan the configuration of the operating system and the applications. The tutorial focuses on the installation and configuration of the OS and the applications using FAI, the fully automatic installation for Debian GNU/Linux. Also, some cluster monitoring technics will be discussed.

Most of the things we will discuss are not cluster specific but also useful for installing large Linux infrastructures. This tutorial will be held as a hands-on tutorial. In its second part, the participants can perform an automated installation on available PC's. We will do installations with some default configurations but you can also try your own configuration.

Topics not covered:
Algorithms, libraries and tools for parallel programming

Who should attend:
Sysadmins who want to install a cluster, a server or desktop machines with hands tied behind your back.

The processor is the engine that keeps your Linux-system moving. The CPU scheduler in the kernel is responsible for assigning processes to the available processor(s). The scheduler aims:

• to guarantee good response-times for interactive processes,
• to assign enough weight to realtime processes (or timesharing processes with a higher priority),
• to avoid starvation even for processes with a low priority,
• to preempt cpu-intensive processes, and
• to keep affinity between a process and a processor.

This tutorial explains the design of the Linux 2.6 scheduler and the implementation of the runqueue. The tutorial also addresses the facilities that users and system administrators can use to influence the scheduling-order (modifying the nice value or scheduling-policy, binding processes, etc) and to view scheduling-characteristics (output of tools like ps and top).

Topics included:

• Processes and threads.
• Scheduling priorities and the nice value.
• Scheduling policies: realtime and timesharing.
• Scheduling algorithm and implementation of the runqueue.
• Binding processes to a particular processor.
• Scheduling and hyper-threading support.
• Scheduling and NUMA.
• Tools to determine process- and processor-utilization.

Topics not covered:

• This tutorial does not cover the details of the kernel's C-code.

Who should attend:
Experienced UNIX and/or Linux system-administrators, who want to have control over the way processes are scheduled in a Linux 2.6 system. Knowledge of the C programming-language is not required.

This tutorial covers MySQL installation, basic configuration and security topics, as well as best practises for backup/recovery and general maintenance.

The tutorial will be highly interactive, using discussions, games, and other ways that insure maximum benefit for all participants. This method of teaching, which is the standard format of MySQL AB training courses, has proven to be much more effective than regular lectures.

Target Audience:
Covering the MySQL administration essentials, this tutorial will provide an overview for newcomers as well as for experienced users, who can fill possible gaps in their knowledge, and addressing specific issues and bad habits.

You may benefit from bringing your own laptop computer. Make sure your laptop has a CD drive, if possible. You could also download the latest versions of the software from www.mysql.com beforehand. If you are a complete beginner, do start with a book such as "MySQL Tutorial" by Luke Welling & Laura Thomson. Do come prepared, as we won't have time for the trivial.

This tutorial will look at the many aspects involved when optimising a MySQL application, the MySQL server, and its environment.

Contrary to popular expectations (and habits), hardware will be the absolute last item on our list. The reason for this will become apparent as we build an overall picture and take a closer look at various specific issues.

The tutorial will be highly interactive, using discussions, games, and other ways that insure maximum benefit for all participants. This method of teaching, which is the standard format of MySQL AB training courses, has proven to be much more effective than regular lectures.

Target Audience:
Optimisation is certainly not a topic of dry knowledge. Instead it is about gaining the skills needed to analyse the big picture, and recognising the often small but important opportunities. As such, this tutorial will provide a valuable experience particularly for more experienced users.

You may benefit from bringing your own laptop computer, with MySQL Server and your favourite client installed. The latest versions of the software can be downloaded from www.mysql.com. Do come prepared, as we won't have time for the trivial.

This workshop will teach techniques and technology that lets you start your relationship right, repair broken ones, and maintain good ones. Sites considering creating a helpdesk, or sysadmins that maintain large desk-top communities will find this especially useful.

Making and maintaining a good first impression...

 (their PC is ready on their first day of employment, etc),

help them when they have problems...

 (running a spectacular helpdesk/support system),

maintaining positive relationships...

 (effective communication one-on-one and en masse),

and fixing problems before they notice...

 (system and network monitoring).

Topics included:

• How to make a lasting first impression
• The difference between Perception vs. Visibility
  • why both are important
• The secret to making users feel like they are the center of the universe
  • an algorithm for ordering request priorities
• How to make a good first impression always
  • considerations for the employee's first day and every day
• Technology that helps make a good first impression:
  • the "first day" checklist
  • rapid PC deployment techniques (Ghost, JumpStart, AutoLoad, etc.)
• Helpdesks (both real and virtual)
  • pros and cons of formal helpdesks
  • how to create and manage a helpdesk
  • survey of "request" and "ticket" systems
• Customer care
  • The 9-step process for handling customer requests
• Knowing what's wrong before they do
  • Monitoring services
  • Historical trend analysis
  • Should you have a NOC?
• Training that every customer-facing person should receive

Topics not covered:
Specific configuration steps for software products (free or commercial).

Who should attend:
Sites that feel "the users hate us!" and want to make fast improvements. Sysadmins with large user populations, especially large desktop user communities. People that want to better-manage their helpdesk, desktop deployment, and PC refresh cycles.

This course provides an in-depth study of the source code of parts of the FreeBSD 5.2 kernel. This course is aimed at users with a good understanding of the algorithms used in UNIX-based kernels that want to learn the details of their implementation. Students should have studied some UNIX-based kernel or have taken a university-level course on operating systems. Ideally they would have experience working with a BSD-based kernel (FreeBSD, NetBSD, OpenBSD, or BSD/OS). Students are also expected to have a complete background in reading and programming in the C programming language. This course will not cover the entire FreeBSD kernel. Rather it will focus on the specific areas outlined below.

• Overview of FreeBSD 5.2 organization
• Process and thread organization
• New system daemons
• The UFS2 filesystem

The course will have some descriptive slides, but will primarily involve the instructor displaying and discussing FreeBSD kernel source code. While bringing a laptop to the class is not strictly necessary, it will be easier to follow along.

The code to be studied and the specific list of functions to be covered can be downloaded. Students planning on taking the course are strongly encouraged to download and review the functions to be discussed before coming to class so as to be able to get the greatest benefit from the lecture.

What application do you spend most of your time with? If not playing games, then it is very likely editing text. E-mail, program source, reports, log files; all kinds of text you view and/or edit daily. If you can improve your text editing skills a little bit, you can get more work done in less time. And when you learn how to avoid mistakes, you avoid stress.

Vim is a very powerful editor. But most Vim users know only a small number of commands. This tutorial presents Vim solutions to every-day editing tasks, such as answering e-mail, writing source code and creating web pages. Practical examples will be given for clever solutions, which you can adjust to your own situation: Formatting text, finding your way in a tree of source files, using search patterns, etc.

An introduction is given to customizing Vim to your needs. Writing Vim scripts with functions, creating user commands and mappings that you can automate editing tasks with. And when Vim is not enough, know how to invoke external commands and use the Perl or Python inteface.

Who should attend:
People who use Vim for their daily editing tasks, such as answering e-mail, creating web sites, writing programs and reports. A minimal knowledge of Vi or Vim is required.

Topics included
Soon, all systems (including PCs and workstations) will have the capability of executing multiple threads simultaneously. As a result, it is to be expected that the interest in parallel computing will increase.

In this tutorial we will start with an extensive introduction into this topic. Key concepts like scalability, Amdahl's law, message passing, shared memory programming, cache coherency, parallel architectures, SMP, CMP/CMT and cc-NUMA will all be presented and discussed in detail.

As an illustration of these concepts, we will study the architecture of the Sun UltraSPARC IV processor and Sun Fire SMP systems in some detail.

We will then zoom in on the shared memory programming model. First we look under the hood how a modern compiler supports automatic parallelization for this model. It will be shown what can and can not be done (yet) at this level.

Next we will cover the OpenMP programming model for explicit parallelization in some detail. OpenMP is a de-facto standard and provides for a compact, but yet powerful model to program a shared memory system. An overview (mainly by example) will help understanding how this model operates and what the potentials are.

Topics not covered
Design and implementation of parallel algorithms

Who should attend
We do not assume a background in this topic. Anybody with an interest in parallel computing is welcome to attend and should be able to follow this tutorial. The concepts and ideas presented are generally applicable.

Topics included:

• This full-day tutorial will teach the attendants how to set up (stateful) packet filtering and network address translation (NAT).
• The various topics covered will be illustrated using the advanced and freely available IP-Filter packet filtering engine. IP-Filter runs on a variety of operating systems, like FreeBSD, Solaris, HP-UX and Linux.
• Although parts of the tutorial will explain how IP-Filter works, the goal of the tutorial is not to learn IP-Filter only. The primary focus will be on how the various packet filtering and NATting techniques shown can be used in a generic way in all kinds of products (of course if they provide the functionality needed).
• Besides theory, the tutorial will include lots of examples and demonstrations performed on live machines.

The tutorial will cover:

• TCP/IP basics in relation to packet filtering and NAT. This will include the newer extensions like ECN and SACK.
• Basic packet filtering
• NAT: theory about various ways of doing NAT (redirection, NAT, etc)
• Basic NATting
• Advanced packet filtering: returning error packets, stateful filtering, fragment handling, transparency
• Advanced NATting
• kernel proxying, transparent proxying
• authentication
• redundancy and fail-over
• tools
• New features in IP-Filter 4

Topics not covered:

• Although other packet filtering and NAT products will likely be mentioned during the tutorial, it will not cover the functionality and working of those products.
• This tutorial is also not meant to learn about the internal implementation details of IP-Filter or similar products.

Who should attend System and network administrators interested in the design and implementation of packet filtering firewalls and network address translation setups should attend this tutorial. But of course it is also interesting for those of you owning a cable or ADSL modem via which you want to connect a whole network via a single IP address in a secure way.

Even traditional PBX vendors have now grudgingly agreed that the future of telephony is on packet based networks. So reckon that TDT-based networks are going the way of token-ring :-). What exactly can you expect from this trend? What does IP telephony demand from a network? What protocols are used now and likely to be used in the near future? What extra features will likely become standard using this technology?

Who should attend
Everybody that will be confronted with this technology, willing or not.

This tutorial explains commonly used firewall terminology and concepts with reference to the security facilities and software packages to implement firewall techniques on Linux systems.

The various techniques are explained, discussing the pro's and con's of each. Techniques covered include IP packet filtering, circuit-level proxies and application-level proxy servers. An overview of the required software is given, together with configuration examples. Especially IP packet filtering with Linux using netfilter/iptables is covered in great detail. A number of add-on netfilter modules are also discussed.

Furthermore, a few other security-related techniques are explained, like masquerading and (the more generic) Network Address Translation (NAT), as well as Virtual Private Networks (VPN's). All topics discuss the available Linux software and include some configuration examples.

Target Audience
System and network administrators wanting a broad overview of firewall technologies in general and, more specifically, the way Linux can be used to implement these technologies.