[Tuesday] [Tu01] [Tu02] [Tu03] [Tu04] [Tu05]
[W01] [W02] [W03] [W04] [W05]
Tu01 - Sendmail Configuration and Operation

Speaker: Eric Allman, Sendmail, Inc.

Who should attend: Systems administrators who want to learn more about the Sendmail program, particularly details of configuration and operational issues (this tutorial will not cover mail front ends). This will be an intense, fast-paced, full-day tutorial intended for people who have already been exposed to Sendmail. This tutorial describes the latest release of Sendmail from Berkeley, version 8.9.

After introducing a bit of the philosophy and history underlying Sendmail, this tutorial covers:

Eric Allman is the original author of Sendmail. He was the chief programmer on the INGRES database management project and an early contributor to the UNIX effort at Berkeley, authoring syslog, tset, the -me troff macros, and trek. He designed database user and application interfaces at Britton Lee (later Sharebase), and contributed to the Ring Array Processor project for neural-network-based speech recognition at the International Computer Science Institute. He is a former member of the Board of Directors of the USENIX Association.

Tu02 - Highlights of the C++ Standard Library

Speaker: Bjarne Stroustrup, AT & T Labs.

This talk is aimed at someone who knows C++ but is not an expert on the new standard library. The emphasis is on the structure of the library, principles, and fundamental uses; I do not attempt to cover every facility and every detail or to demonstrate every technique. Newer C++ language features are presented as needed to explain the library.

This talk is mostly based on part III of Stroustrup: ”The C++ Programming Language (3rd Edition)”.


  1. The significance of the standard library
  2. Container design
  3. Algorithms and function objects
  4. Strings, I/O streams, and Locales

Tu03 - Apache: The World's most Popular Web Server

Speaker: Simon Kenyon, Irial Limited

Perhaps one of the worst puns in the computer industry (a patchy server) Apache is one of the leading lights in the open source movement. According to the Apache Foundation:

”Apache has been the most popular web server on the Internet since April of 1996. The May 1999 WWW server site survey by Netcraft found that over 57% of the web sites on the Internet are using Apache (over 60% if Apache derivatives are included), thus making it more widely used than all other web servers combined.”

The Apache web server is a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The fact that the source is available means that Apache is continuously updated and maintained. The source code is fully modularized and there are a large number of modules available adding such functionality as proxy services, language support (Java/Perl) and SSL encryption.

The Apache tutorial will give you information about how to download, build and install the server. It will also cover the configuration of the server and some of the more commonly used modules. The tutorial will mainly deal with Apache running on UNIX (Linux) but will also give information about running Apache on Microsoft Windows.

Simon Kenyon recently founded Irial Ltd with Jan Säll. Simon is an expert in UNIX and Internet related technologies. Simon has held a leading technical role in a number of development projects. These include: various banking applications, a system for analyzing criminal intelligence data and numerous web and Internet based systems. Simon was a founder member of the UK Unix User Group.

Tu04 - An introduction to UNIX Kernel Internals: Data Structures and Algorithms

Observe: A 2 day tutorial

Speaker: Dr. Marshall Kirk McKusick, Author and Consultant

Who should attend: This course provides a broad overview of how the UNIX kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. This course is directed to users who have had at least a year of experience using the UNIX system and the C programming language. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays).

Description: This course will provide a firm background in the UNIX kernel. The course includes coverage of most BSD-derived kernels. The course will cover basic kernel services, process structure, virtual and physical memory management, scheduling, paging and swapping. The kernel I/O structure will be described showing how I/O is multiplexed, special devices are handled, character processing is done, and the buffer pool is managed. The implementation of the filesystem and its capabilities will be described. The filesystem interface will then be generalized to show how to support multiple filesystem types. The course will also cover the 4.4BSD socket-based network architecture, layering and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues will be included. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as device drivers.

Dr. Marshall Kirk McKusick writes books and articles, consults, and teaches classes on UNIX- and BSD-related subjects. While at the University of California at Berkeley, he implemented the 4.2BSD fast file system, and was the Research Computer Scientist at the Berkeley Computer Systems Research Group (CSRG) overseeing the development and release of 4.3BSD and 4.4BSD. His particular areas of interest are the virtual-memory system and the filesystem. He earned his undergraduate degree in Electrical Engineering from Cornell University, and did his graduate work at the University of California at Berkeley, where he received Masters degrees in Computer Science and Business Administration, and a doctoral degree in Computer Science. He is a past president of the Usenix Association, and is a member of ACM and IEEE.

Tu05 - Network Security profiles: A Small Collection (Hodgepodge) of What Stuff Hackers Know About You

Speaker: Brad C. Johnson, Vice President of Consulting - SystemExperts Corporation

Who should attend: Network, system, and firewall administrators; security auditors or those that are audited; people involved with responding to intrusions or responsible for network-based applications or systems which might be targets for hackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and TCL languages.

This course will be useful for anyone with any type of TCP/IP-based system, whether it is a UNIX, Windows, NT, or mainframe operating system or a router, firewall, or gateway network host.

Whether network-based host intrusions come from the Internet, an Extranet, or an Intranet, they typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the tools and techniques hackers (determined intruders) use to perform these activities. You will learn what types of protocols and tools to be aware of and you will become familiar with a number of current methods and exploits. The course will focus on how you can generate vulnerability profiles of your own systems. Additionally, it will review some of the important management policy and issues that are related to these network based probes.

The course will focus primarily on tools that exploit many of the common TCP/IP based protocols (such as WWW, SSL, DNS, and SNMP) which underlie virtually all of the Internet applications, including Web technologies, network management, and remote filesystems. Some topics will be addressed at a detailed technical level. This course will concentrate on examples drawn from public domain tools because these tools are widely available and commonly used by hackers (and are available for you to use for free!).

Topics include:

Profiles: what can an intruder determine about your site remotely? Review of profiling methodologies: different ”viewpoints” generate different types of profiling information. Techniques: scanning, on-line research, TCP/IP protocol ”mis”uses, denial of service, and hacking clubs. Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS Tools: including scotty, strobe, netcat, SATAN, SAINT/SARA, ISS, mscan, sscan, queso, curl, and Nmap. Management issues: defining policies and requirements to minimize intrusion risk.

Topics NOT covered:

Social engineering, buffer overflow exploits, browser (frame) exploits, host based vulnerabilities or inside jobs (e.g., shell privilege escalation), operating system or device specific problems.

W01 - Administering Windows NT: A Course for UNIX People

Speaker: Aeleen Frisch, Exponential Consulting

Who should attend: UNIX system administrators who are also responsible for Windows NT systems (or who may become responsible for them at some point in the future). Students attending this class should be comfortable with general system administration concepts (filesystems, processes, user accounts, backups, and the like) as well as the major tools and procedures used to manage them on UNIX systems. A sense of humor will also be beneficial when initially approaching Windows NT.

The primary goal of this course is to help you apply what you already know about system administration under UNIX to the tasks and challenges of the Windows NT environment, in an effort to make the UNIX and NT environment co-exist as smoothly as possible. The course will include a variety of real-world examples and will focus on practical techniques and strategies for NT system administration. You can expect a very fast-paced, information-rich course.

Topics covered:

A Walking Tour of a Windows NT Server. Tools to Aid in NT System Administration. Booting under Windows NT. Managing User Accounts. Disks and Filesystems on Windows NT systems. Networking under NT: Connecting to UNIX and Other Systems. Printing on and from Windows NT Systems. Overview of Windows NT Security.

Aeleen Frisch has been a system administrator for over 15 years. She currently looks after a very heterogeneus network of UNIX and Windows NT systems. She is the author of several books, including Essential Windows NT System Administration.

W02 - Advanced Topics in DNS and BIND

Speaker: Paul Vixie, Internet Software Consortium

Who should attend: Name server administrators and software developers who need a deeper understanding of the DNS protocol and of the internals of BIND. Participants should already be responsible for the operation of at least one name server, should be familiar with Internet protocols such as TCP and UDP, and should be able to recognize C source code when they see it.

This tutorial will survey the DNS protocol and describe upcoming extensions to it, as well as implementation considerations in BIND.

Topics will include:

After completing this tutorial, participants will know what the IETF has been up to lately, and what to expect in upcoming BIND releases. For attendees who have taken Paul's tutorials in the past, this tutorial will not be a rehearsal of prior material - new subjects will be covered.

Paul Vixie is the current maintainer of the BIND software system. BIND is the Berkeley Internet Name Domain, and it includes the name server named, used everywhere on the Internet. Paul is also a coauthor of Sendmail: Theory and Practice, and the moderator of the ”comp.sources.unix” newsgroup.

W03 - Hot topics in Modern System Administration

Speaker: Evi Nemeth, University of Colorado, Boulder

Who should attend: System and network administrators who want to learn about real-life solutions to everyday problems.

Topics include: wreq: Managing user requests and trouble tickets is an everyday task. We will discuss the freely available Web-based tool wreq, together with procedures that you can use to make your SA group serve the needs of its internal customers. LPRng: Tired of those nasty printing problems? This next-generation print spooler can ease many cross-platform printing hassles, as well as reduce time spent maintaining the printing system at your site. Optimizing Web server performance: Learn tricks of the trade to make your hot UNIX Web server even hotter. We will cover measuring UNIX Web server performance and how to tune your server for optimum throughput and response.

What is hot on the UNIX security battlefront: It has been a long year in UNIX security, and now is a great time to brush up on happenings in this area. We will talk about the most important holes you need to address and suggest approaches to general UNIX security.

Modern UNIX filesharing: NFS has a bunch of new features, but do you know what they do or how to use them? Learn how to maximize the benefits of NFS 3.0 at your site.

A new world, split by OS: Are you suffering from UNIX in the machine room with PCs on the desktop? This syndrome is affecting system administrators everywhere, but there are some cures. We will talk about strategies to handle this situation and tools to make it seamless.

Evi Nemeth (M2, T2), a faculty member in computer science at the University of Colorado, has managed UNIX systems for the past 20 years, both from the front lines and from the ivory tower. She is co-author of the UNIX System Administration Handbook.

W04 - Two days tutorial. Part 2 (See Tu04)


W05 - Intrusion Detection and Network Forensics

Speaker: Marcus J. Ranum, Network Flight Recorder, Inc

Who should attend: Network and system managers, security managers, and auditors. This tutorial will assume some knowledge of TCP/IP networking and client/server computing.

What can intrusion detection do for you? Intrusion detection systems are designed to alert network managers to the presence of unusual or possibly hostile events within the network. Once you have found traces of a hacker, what should you do? What kinds of tools can you deploy to determine what happened, how they got in, and how to keep them out? This tutorial provides a highly technical overview of the state of intrusion detection software and the types of products that are available, as well as basic principles to apply to building your own intrusion detection alarms. Methods of recording events during an intrusion are also covered.

Topics include:

Marcus J. Ranum is CEO and founder of Network Flight Recorder, Inc. He is the principal author of several major Internet firewall products, including the DEC SEAL, the TIS Gauntlet, and the TIS Internet Firewall Toolkit. Marcus has been managing UNIX systems and network security for over 13 years, including configuring and managing whitehouse.gov. Marcus is a frequent lecturer and conference speaker on computer security topics.