The attendees of the SANE 2006 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hats Session will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

Contrary to earlier Black Hats Sessions, this time the topics will be limited so they can be explored in more detail. The topics for BHS V are:

• Footprinting, gathering information (maybe even from YOUR systems)
• Wireless technology (WiFi, WiMAX, Bluetooth, RFID, etc)
• Covert channels, hacking your network from the inside
• Stories from the trenches, a security consultants' experience with real companies, networks and systems

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The Black Hats Session tries to give the audience an insight in how new technologies can be used and abused. Not by giving recipes for breaking in but by showing the technology and using the 'hacker mindset'.

Attendees are expected to have basic knowledge of UNIX and IP networks.

From a single server to a network of workstations, the Linux environment can be a daunting task for administrators knowledgeable in other platforms. Starting with a single server and finishing with a multi-server 1000+ user environment, this tutorial will provide practical information for using Linux in the real world. The following areas will be covered with a special emphasis on security:

• Installation Issues
• Boot Loaders and System Startup
• Disk Partitioning and LVM
• Software RAID
• The RPM Package System
• Networking
• User managment
• Automated System Installation
• Network-based Authentication
• User Accounts and Management
• Network Services and xinetd
• SSH: port tunneling, keys, tricks
• New Developments

At the completion of the course attendees should feel confident in their ability to setup and maintain a secure Linux server and services. The tutorial will be conducted in an open manner that allows for question and answer interruption.

This tutorial is directed at System Administrators that are planning on implementing a Linux solution in a production environment. Course attendees should be familiar with the basics of systems administration in a UNIX(tm)/Linux(tm) environment: user level commands and TCP/IP networking. Novice Administrators and Gurus alike should leave the tutorial having learned something.

Wireless Networks are becoming ready for the enterprise. Serious flaws in the encryption are being solved with new protocols on top of 802.11.

This tutorial is an introduction in the world of the newer protocols, such wpa, wpa2, leap etc. What are the strong points, weak points, how to implement an enterprise structure using a RADIUS backend and how to manage this are the key questions on which this tutoral will provide answers.

Topics included:
Design of an authentication and authorisation infrastructure for wireless networks. WPA, WPA2, LEAP, EAP, RADIUS. Set up of hard- and software (incl. clients) for a secure wireless infrastructure.

Topics not included:
Basic wireless network design, antennas, basic set-up of accesspoints.

Audience:
Network professionals and system administrators deploying and managing wireless networks in an enterprise setting and want to use the new encryption / authentication en authorisation protocols.

IPsec is a technology that can be used to secure communication across IP networks. Popular applications are Remote Access facilities for accessing an organisation's resources from a potentially hostile network or securely connecting networks across a public network such as the Internet using Virtual Private Networks (VPN).

This tutorial aims to expose participants to just enough theory to understand and sensibly apply IPsec technology, and enough practice to get started experimenting with it. Bring a laptop running a decent operating system to play along or just listen and enjoy watching others trying to bridge the theory/practice gap.

Topics included:

• Introduction:
• What is a VPN?
• What is IPSEC?
• Applications of IPSEC: VPN, Remote Access
• IPSEC mumbo-jumbo:
• Transport versus Tunnel Mode
• Authentication Header
• Encapsulating Security Payload
• Security Policies
• Security Associations
• The SA and SP Databases
• Key Management
• ISAKMP and IKE
• Main mode versus aggressive mode
• IPSEC Tools and Configuration
• racoon
• IPsec-tools
• examples using UNIX/Linux/Mac OS X/MS Windows/Cisco PIX

Topics not covered:

• FreeS/WAN

This tutorial is intended for anyone with an interest in network security. It is targeted at both network administrators and consultants, providing hands-on demos as well as a thorough treatment of IPsec concepts.

Introduction:
In this tutorial attendees will learn how to create, modify and use RPM packages. The RPM Package Management system (RPM) is used for package management on most Linux distributions. It can also be used for package management on other UNIX systems and for packaging non-free (binary) software.

The tutorial will focus on creating RPM packages for Fedora and Red Hat Enterprise Linux systems, but the theory will also apply to package software for other distributions.

Contents:
General software packaging theory will be provided as a start, followed by the history and basics of the RPM packaging system.

The headers and sections of an RPM spec file will be discussed. Hints and tricks will be given for each section to enhance the quality of the target package, including the use of macros, adapting software for installing it in an alternative root directory, ensuring correct file ownerships and attributes, the proper use of pre/post (un)installation and "trigger" scripts, and how to deal with package-specific users and init scripts.

Package dependencies and conflicts will be covered, as well as some ways too tweak the automatically generated dependencies, if needed.

Installing files in the proper place requires knowledge of the Filesystem Hierarchy Standard (FHS), hence the basics of the FHS will be discussed.

The tutorial will also show how to properly package binary software, often done for internal system management purposes, and shed light on some of the issues involved, including some legal aspects related to packaging non-free software.

Package repositories and dependency resolution. Complementary to RPM, software exists for solving dependencies, such as up2date, yum, and apt-rpm. This software and the corresponding package repositories will be discussed.

Using RPM on non-Linux systems. Although primarly used on Linux systems, RPM can also be used to package software for other (free or commercial) UNIX-like systems. Some aspects of using RPM on non-RPM systems will be discussed.

Besides the theory, several issues will be illustrated with live demonstrations.

Target audience:
The tutorial is targeted toward system administrators and software developers that want to create or modify RPM packages or get a detailed insight in the way RPM packages are built and can best be used.
The attendees need no prior knowledge of RPM, although some basic knowledge of using software packages (as a system administrator using RPM, apt/dpkg, etc.) would be helpful.

Included: Version control basics; installing Subversion; access methods; access security; repository administration; repository backups; fancy commit tricks; Subversion as a CMS.

This tutorial will get you up and running as a Subversion activist. We will focus on practical setup and configuration issues that need to be dealt with to use Subversion as a practical tool for a distributed project. We will round up with Subversion setups tuned for various applications. Examples will be done with the FreeBSD operating system, but are not system specific.

This tutorial is about _setting up Subversion_, not about using it.

Not included: SSH, SSL and Apache configuration. Subversion from a users perspective.

Who should attend: admins who need to set up Subversion repositories for local or distributed projects.

The attendees of the SANE 2006 conference will probably all be White Hats, or simply 'the good guys'. As at previous SANE conferences, the Black Hats Session will give the Black Hats viewpoint, i.e. that of the intruders (people who are trying to break into your computers).

Somebody once said: "the amount of clue on the Internet is a fixed constant". Indeed, the percentage of people on the Internet that are really hacking is decreasing. The problem is, however, that there are a lot of full-disclosure mailing lists that are read by people with too much spare time. Using standard exploit scripts and detailed descriptions they can easily attack thousands of systems with only minimal effort.

Contrary to earlier Black Hats Sessions, this time the topics will be limited so they can be explored in more detail. The topics for BHS V are:

• Footprinting, gathering information (maybe even from YOUR systems)
• Wireless technology (WiFi, WiMAX, Bluetooth, RFID, etc)
• Covert channels, hacking your network from the inside
• Stories from the trenches, a security consultants' experience with real companies, networks and systems

This Black Hats Session will highlight the problems that exist in Unix and Windows operating systems, application software and how administrators set up and work with those. Thus our intended audience will be these system and network administrators.

The Black Hats Session tries to give the audience an insight in how new technologies can be used and abused. Not by giving recipes for breaking in but by showing the technology and using the 'hacker mindset'.

Attendees are expected to have basic knowledge of UNIX and IP networks.

This tutorial will cover VoIP principles, their interaction and interface with the PSTN and IP networks. While CODECs, protocols, quality and some IETF standards are being discussed, this tutorial is also filled with practical examples.

An open source PBX software - Asterisk, is chosen to demonstrate some of the unique features VoIP can bring to various deployments, including:

• Toll by-pass
• Interactive Voice Response System
• Text to Speech applications
• Analog Telephone Adapter provisioning
• Call detail record and blacklisting
• Echo training

Through examples, attendees will discover the capability and potential of VoIP which may leverage their abilities on choosing the right products and avoiding pitfalls.

Intended Audience:
Managers and systems administrators involved in the evaluation, design, implementation, and deployment of VoIP infrastructures. Participants do not need prior exposure to VoIP but should be familiar with network principles. Attendees will come away from this tutorial with a foundation in VoIP enabling strategic and cost effective VoIP deployments in a variety of environments.

If you attended the IPv6 tutorials at SANE 2002 and/or SANE 2004, you already know how IPv6 can solve the address shortage problem that has been developing slowly in the current (IPv4) internet. This means that at some point in the future, IPv6 has to replace IPv4. We're not quite there yet, but now is a good time to start moving IPv6 out of the lab into the real world. This tutorial will tell you how to do that by focussing on:

• enabling IPv6 in popular OSes
• 6to4 and manual tunnels
• setting up an IPv6 router (software based and Cisco/Juniper)
• routing protocols: OSPF and BGP
• where to get IPv6 address space
• IPv6 in the DNS
• some example applications and daemons
• dealing with IPv4-IPv6 interaction and coexistence
• how IPv6 security differs from IPv4 security

Audience participation is encouraged, so bring a laptop with an IPv6-capable OS and 802.11 if you can. These OSes include: FreeBSD, Linux (depending on the distribution), MacOS 10.2 and up, Windows XP.

Topics not covered:
Don't expect too much information about the inner workings of IPv6: there will be very few header format and protocol interaction schematics.

Who should attend?
Anyone who does system or network administration and is interested in what life will look like with IPv6 enabled should attend. Only intermediate level knowledge of IPv4 is assumed, previous experience with IPv6 is not required.

This tutorial focuses on understanding the algorithms and protocols necessary to move data through a network. Its focus is on understanding the conceptual problems and solutions, rather than every deployed feature.

It also describes a range of potential solutions, to foster critical thinking about protocols, rather than just memorizing the exact details of a particular standard. After a problem is studied generically, the specifics of protocols such as IPv4, IPv6, ATM, MPLS, OSPF, BGP, IS-IS, bridges, and the spanning tree algorithm are covered. Understanding the range of solutions possible and the tradeoffs of comparative approaches is particularly useful for evaluating or designing future standards.

The concepts of IP addresses, masks, MAC addresses, routing algorithms, domains, switches, bridges, are pervasive when dealing with networks. We all use these terms, and configure these things, but what is really going on? What are the implications of choosing a switch vs a router? What kinds of things can go wrong in a protocol that is misdesigned, misimplemented, or mismanaged? This tutorial describes the major protocols involved in the network infrastructure. It describes conceptually what goes on in the packet switches (both layer 2/bridges and layer 3/routers), as well as the implications on endnodes. It contrasts connection-oriented approaches such as ATM and MPLS with connectionless approaches such as IPv4 and IPv6. It covers the endnode-visible pieces of layer 3, such as neighbor-discovery and address autoconfiguration. It covers intradomain routing algorithms (distance vector such as RIP and link state such as OSPF or IS-IS) and interdomain (BGP). It describes the spanning tree algorithm used by bridges/switches.

Topics include:

• Layer 2 (MAC) addresses
• Why 6 bytes?
• Relation to layer 3 addresses (IP)
• Bridges
• Basic idea
• Why it's more powerful than a repeater
• Station address learning and forwarding
• Spanning tree
• What are switches? "switched Ethernet"
• Connection-oriented networks: ATM, MPLS
• Connectionless protocols: IPv4, IPv6, and comparison with others
• Neighbor discovery (ARP, DHCP)
• Routing (distance vector vs link state, interdomain vs intradomain)
• IP Multicast
• NAT

Who should attend: Anyone who might need to design a protocol, implement a protocol, write network-based applications, or plan or manage a network. Anyone who is just curious about what is really going on under the covers in a network, and how things got the way they are. Anyone with the courage to see things from different angles, and not just parrot orthodoxy. Paradoxically, this tutorial is good as an introduction to people who are incredibly confused by all the terms and don't know where to start, as well as people who have been using this stuff for years, assumed they understood it, and want to see how all the pieces fit.

The objective of the tutorial is to show you the tools and methods for taking control of your network traffic - keeping some of it safely inside or outside your network, directing traffic to specific hosts or services, flexible resource allocation and protection against cracking, DOSing and spamming.

Topics included:

• Background and history
• Packet filter? Firewall? Demystifying some common terms.
• NAT - why NAT was needed, how it works
• PF today - features
• BSD vs Linux - Configuration (for the BSD-curious Linuxer)
• Basic setup on OpenBSD, FreeBSD and NetBSD
• Exploring the basics of rule sets
• Lists and macros and why they are good for you
• A few information gathering techniques
• Simple gateway with NAT - a common setup explained
• Handling that sad old FTP thing
• Making your firewall troubleshooting friendly
• Hygiene: block-policy, scrub and antispoof
• Adapting to changing needs, easily
• The practical sides of logging
• Keeping an eye on things with pftop
• Invisible gateway - bridge (you can filter even if you're invisible)
• Directing traffic with altq
• CARP and pfsync: redundancy and failover - a taste of what is possible
• Wireless networks and how to stop worrying about them
• Giving bruteforcers and spammers a hard time - stopping stupidity at $ext_if, greylisting and tarpitting

Topics not covered:

• Getting BSD to run on your hardware
• The intricacies of Microsoft networking
• Social engineering

Who should attend: Seasoned and aspiring network administrators looking for ways to make their environment more efficient and secure. Basic to intermediate familiarity with TCP/IP and unixes required.

This tutorial will cover the Service Management Facility (SMF), which is new in Solaris 10 and OpenSolaris. We'll give an overview of the SMF model and how to use it to manage services on Solaris. We'll talk about enhanced security and resource management features that SMF incorporates, and finally talk about creating SMF descriptions so you can include your own services in SMF.

Topics not covered:
We will not cover management of individual application services in Solaris, but focus on common tools available for all services.

Who should attend:
Any Solaris administrator or developer interested delivering services on Solaris and OpenSolaris systems will benefit from this session.

In this tutorial, we will take an in-depth look at MySQL's "Pluggable Storage Engine" architecture. Understanding the features and trade-offs in each engine allows developers to optimise their applications by making appropriate choices and tuning the MySQL server appropriately for their needs.

For example, logging of page clicks on a web site places completely different requirements on a database from say tracking customers and sales. Functionally, either can be done using generic solutions. But by utilising specific features available in specialised storage engines, extraordinary performance improvements can be attained.

This becomes particularly relevant when there are specific speed and scalability requirements for an application. Yahoo! uses the ARCHIVE storage engine to deal efficiently with the massive amounts of user traffic information that is continually generated. A general purpose storage system would simply not do.

In MySQL, the storage engine can be selected on a per-table basis. This means that different engines can be used from within a single application, as appropriate for the application's needs. In many cases, the application need not even be aware which engine is used.

In this tutorial, the different available storage engines will be compared. Also, the fundamentals of adding new storage engines will be discussed.

Overview of the MySQL Pluggable Storage Engine Architecture:

The MySQL pluggable storage engine architecture allows a database professional to select a specialized storage engine for a particular application need while being completely shielded from the need to manage any specific application coding requirements. The MySQL server architecture encapsulates the application programmer and DBA from all of the low-level implementation details at the storage level providing a consistent and easy application model and API. So while there are different capabilities across different storage engines, the application is shielded from these.

The pluggable storage engine architecture provides a standard set of management and support services that are common among all underlying storage engines. The storage engines themselves are the components of the database server that actually perform actions on the underlying data that is maintained at the physical server level.

This efficient and modular architecture provides huge benefits for those wishing to specifically target a particular application need -- such as data warehousing, transaction processing, high availability situations, etc. -- while enjoying the advantage of utilizing a set of interfaces and services that are independent of any one storage engine.

The application programmer and DBA interact with the MySQL database through Connector APIs and service layers that are above the storage engines. If application changes bring about requirements that demand the underlying storage engine change, or that one or more additional storage engines be added to support new needs, no significant coding or process changes are required to make things work. The MySQL server architecture shields the application from the underlying complexity of the storage engine by presenting a consistent and easy to use API that applies across storage engines.

Currently Available Storage Engines:

• MyISAM - the storage engine that is used the most in Web, data warehousing, and other application environments.
• InnoDB - used for transaction processing applications, and sports a number of features including ACID transaction support.
• BDB - an alternative transaction engine to InnoDB that supports COMMIT, ROLLBACK, and other transactional features.
• Memory - stores all data in RAM for extremely fast access in environments that require quick look ups of reference and other like data.
• Merge - allows a MySQL DBA or developer to logically group together a series of identical MyISAM tables and reference them as one object. Good for VLDB environments like data warehousing.
• Archive - provides the perfect solution for storing and retrieving large amounts of seldom-referenced historical, archived, or security audit information.
• Federated - offers the ability to link together separate MySQL servers to create one logical database from many physical servers. Very good for distributed or data mart environments.
• Cluster/NDB - the Clustered database engine of MySQL that is particularly suited for applications with high performance lookup needs that also require the highest possible degree of uptime and availability.
• Other - other storage engines include CSV (references comma-separated files as database tables), Blackhole (for temporarily disabling application input to the database) and an Example engine that helps jump start the process of creating custom pluggable storage engines.

While the above brief descriptions will give you a general idea of what type of application might benefit from a particular storage engine, a more detailed look at various common database tasks and needs across the various engines may help delineate the differences a little more.

Of course, you can use multiple storage engines in a single application; you are not limited to using only one storage engine in a particular database. So, you can easily mix and match storage engines for the given application need. This is often the best way to achieve optimal performance for truly demanding applications: use the right storage engine for the right job.

This tutorial is intended for DNS administrators looking to broaden and deepen their understanding of how to configure and operate name servers. Topics include name server management with rndc and configuring BIND9's logging facilities. DNS for IPv6 devices and its deployment issues will be explained. The tutorial will show how to use Dynamic Updates to update zone contents instead of editing zone files. A short explanation of the interoperability issues between DNS and Active Directory will also be covered.

Topics included:

• Using the Logging subsystem:
• Getting the most from the name server's logging capabilities
• Managing the name server with rndc
• Configuring split DNS:
• Internal and external versions of a domain
• Using the views mechanism of BIND9 to implement split DNS
• IPv6 Deployment considerations for DNS
• Dynamic DNS (DDNS):
• Dynamic updates with nsupdate
• DDNS and Active Directory

Who should attend?
DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a BIND8 or BIND9 name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf. This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"

This tutorial will cover VoIP security and some counteract measures to address security concerns.

VoIP and PSTN vulnerabilities will be discussed and compared to better understand both technologies. The tutorial also features VoIP security best practices in terms of encryption, firewall and identifying threats such as:

• Wire tapping / eavesdropping
• DoS attacks
• Spam over IP telephony
• Theft of service

Through examples, attendees will leverage their abilities to discover potential danger of an existing system and to impose security on VoIP systems.

Who should attend?
Managers, systems administrators who are responsible for security measures of VoIP systems. Participants should have basic knowledge of the operations VoIP and be familiar with network protocols. Attendees will come away from this tutorial with exposure to common vulnerabilities, counter measures and some of their drawbacks.

Cfengine is a tool for setting up and maintaining a configuration across a network of hosts. It is sometimes called a tool for "Computer Immunology" -- your computer's own immune system. You can think of cfengine as a very high level language, much higher-level than Perl or shell, together with a smart agent. The idea behind cfengine is to create a single "policy" or set of configuration files that describes the setup of every host on your network, without sacrificing their autonomy.

Cfengine runs on every host and makes sure that it is in a policy-conformant state; if necessary, any deviations from policy rules are fixed automatically. Unlike tools such as rdist, cfengine does not require hosts to open themselves to any central authority, nor to subscribe to a fixed image of files. It is a modern tool, supporting state-of-the-art encryption and IPv6 transport, that can handle distribution and customization of system resources in huge networks (tens of thousands of hosts). Cfengine runs on hundreds of thousands of computers all over the world.

Topics include:

• The components of cfengine and how they are used
• How to get the system running
• How to develop a suitable policy, step by step
• Security
• Examples
• How to customize cfengine for special tasks

Who should attend:
System administrators with a minimal knowledge of a scripting language who wish to start using cfengine to automate the maintenance and security of their systems. UNIX administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.

Topics included:

• How the kernel is organized (scheduler, virtual memory system, filesystem layers, device driver layers, networking stacks)
  • The interface between each module and the rest of the kernel
  • Kernel support functions and algorithms used by each module
  • How modules provide for multiple implementations of similar functionality
• Ground rules of kernel programming (races, deadlock conditions)
• Implementation and properties of the most important algorithms
  • Portability
  • Performance
  • Functionality
• Comparison between Linux and UNIX kernels, with emphasis on differences in algorithms
• Details of the Linux scheduler
  • Its VM system
  • The ext2fs filesystem
• The requirements for portability between architectures

Topics not covered:
This class will not contain a detailed examination of the kernel source, but will rather offer an overview and roap of Linux's design and functionality, as the ground work for future exploration.

Who should attend:
Application programmers and beginning kernel developers. You should be reasonably familiar with C programming in the UNIX environment, but no prior experience with the UNIX or Linux kernel code is assumed.

Updateable Views, SQL standard stored procedures, and triggers have long been considered a basic requirement of an enterprise-ready DBMS. Now, MySQL 5.0 introduces support for these flagship features, as well as for a standard SQL-compliant INFORMATION_SCHEMA data dictionary, bringing the popular open-source DBMS several steps closer to matching all the capabilities of the competition.

MySQL 5.1 also introduces support for table partitioning.

In this tutorial, each of these features are discussed in-depth for syntax and functionality, with examples. Interesting for all users at intermediate and advanced levels, but particularly useful for existing MySQL users who may not be familiar with these features from other databases.

Topics not covered:

• Other 5.0/5.1 features in depth, there is simply not enough time.

Who should attend:

• Existing MySQL users who want to use the new MySQL 5.0/5.1 features.
• Users of other RDBMS who are evaluating MySQL 5.0/5.1 for new projects.

Name servers are often misconfigured in ways that expose them and the applications or services that depend on them to a variety of attacks: denial of service, spoofing, traffic amplification and so on. The tutorial explains how to restrict and control access to name servers. It also discusses the application of the principle of least privilege to DNS administration. Techniques for authenticating DNS transactions -- queries, zone transfers and dynamic updates -- are described. The DNS Security protocol extensions, DNSSEC are explained: the new resource records, how to sign a zone, what DNSSEC does and doesn't do, an overview of deployment and on-going development issues.

Topics included:

• Setting up an internal root server
• Securing the name server
• Setting up a chroot()'ed environment
• Using BIND9's access control lists
• Preventing unwanted access
• Transaction Signatures
• Using TSIG & SIG(0)
• Secure DNS (DNSSEC)
• RRSIG, NSEC, DS & DNSKEY Resource Records
• How to sign zones with dnssec-keygen and dnssec-signzone
• Deployment considerations
• Last mile issues

Who should attend?
DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND9. Attendees should have some experience of running a BIND8 or BIND9 name server and be familiar with DNS jargon for resource records, as well as the syntax of zone files and named.conf. This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"

From a stand-alone client attached to the Internet to a distributed network of web servers, Systems Administrators are being tasked with bring their office environments on-line. The Network Services that need to be configured in order to do this can be daunting to Administrators who aren't familiar with the required applications. Configuration examples as well as overviews of the underlying protocols will give the usable examples that work after the conference. The following areas will be covered with a special emphasis on security:

• Networking for Linux Overview
• Network Services including:
  • SSH - Secure Shell with OpenSSH
  • FTP - Explore vsftpd
  • HTTP - Apache and Tux and Squid
  • SMTP - Postfix MTA
  • NFS - Network File Systems
  • LDAP - Global authentication with OpenLDAP
  • DHCP - DHCPD and PXE
  • DNS - ISC's BIND
  • NTP - Network Time
  • LPD - Printing with cups
• Host based Security with TCP Wrappers and Xinetd
• Overview of Linux Packet Filtering
• Network Monitoring and Logging
• Network Utilities you should be using

At the completion of the course attendees should feel confident in their ability to setup and maintain secure network services. The tutorial will be conducted in an open manner that encourages question and answer interruption.

This tutorial is directed at System Administrators who are implementing Network Services and are looking for a background in the configuration of those services as well as basics of the protocols. Attendees should have some network client/server experience and have a basic knowledge of Unix Administration, but do not need to be experienced Network Administrators. Both new and intermediate Network Administrators will leave the tutorial having learned something.

Cfengine contains many features and facilities that make it a powerful tool for system administration, but it has a large manual that is difficult to absorb without training. In this tutorial we assume that attendees have a basic understanding of how cfengine works and would like to develop a number of "best practices" and examples to maximize their returns.

Topics include:

• Review of some basics
• Automating deployment of software throughout your infrastructure
• UNIX/Mac/Windows
• update.conf
• cron and cfexecd
• When to run
• Integrating data from information sources
• Structure and organization of config
• The overlapping-set model
• Import
• Modules
• Methods
• When to use these tools
• Special functions and variables
• Variables, scalars, arrays
• Associative arrays and their limitations
• ExecResult, ReturnsZero, etc.
• ReadArray, ReadList, etc.
• IsNewerThan, IsDir, etc.
• Searching, matching, and wildcards
• Search filters
• Regular expressions
• Wildcard expansions
• How does cfagent evaluate things?
• Thinking declaratively
• Ordering: When does it matter?
• Locks; What are they, and why are they there?
• Iteration over lists
• Control, actionsequence, alerts
• Services and security
• PP keys and exchange (trust model)
• Authentication stages
• Rule orderings
• IPv6 issues
• Peer-to-peer services
• Example: Backing up laptops
• Host monitoring
• cfenvd
• Interfacing to tcpdump
• Understanding cfenvgraph output
• PeerCheck neighborhood watch
• FriendStatus function
• Future developments and discussion

Who should attend:
System administrators with a working knowledge of cfengine (or who have attended the introductory course) and who wish to extend their understanding of cfengine with examples and usage patterns. UNIX and Mac OS X administrators will be most at home in this tutorial, but cfengine can also be used on Windows 2000 and above.