Enterprise Security, Enterprise Linux
AUUG2K Conference & Tutorials
Enterprise Security, Enterprise Linux
Australian National University, Canberra
25-30 June 2000
|Sunday 25 June||Time||Tut No.||Tutorial Title and Outline|
|Full Day Tutorial||9:00am-5:00pm||S1||
Implementing SAMBA, by Richard Sharpe
This full-day tutorial will help you with many of the more advanced aspects of Samba on Linux. During this tutorial you will set up a Samba server to:
|Half Day Afternoon Tutorial||1:30pm-5:00pm||S2||
Writing Secure Software, by Michael Paddon
Today, it is more important than ever that the software we are writing is designed and built with security as a primary goal. The ubiquitous global connectivity of the Internet has created unparalleled opportunities for malicious attack and compromise of our systems.
Most compromises occur through the exercise of bugs, limitations and unintended functionality.
This tutorial covers the fundamentals of designing and implementing systems that are secure from the ground up.
|Half Day Afternoon Tutorial||1:30pm-5:00pm||S3||
Securing Linux for the Enterprise, by John Terpstra
This tutorial will step the delegate through the key steps that should be followed to ensure that a Linux system that serves the business back end can be rendered safe and secure.
We will examine key system intrusion and disabling mechanisms used by crackers, with a focus on how you can configure vital system components to minimize the risk at your site. The key areas we will consider includes:
|Half Day Afternoon Tutorial||1:30pm-5:00pm||S4||
AutoConf, by Ben Elliston
Autoconf is a tool for producing shell scripts that automatically configure software source code packages to adapt to many kinds of UNIX-like systems. The configuration scripts produced by Autoconf are independent of Autoconf when they run, so their users do not need to have Autoconf.
This workshop will cater to both kinds of Autoconf users: end-users, such as system administrators, who are running "configure" scripts and developers who want to use Autoconf to improve their package's portability.
The end-user section of the workshop will explain how to run configure and how to work through problems if the package fails to compile "out of the box".
The developer section of the workshop will give an overview of Autoconf and related programs and guide you through the process of "autoconfiscating" an existing package.
|Monday 26 June||Time||Tut No.||Tutorial Title and Outline|
|Full Day Tutorial||9:00am-5:00pm||M5||
FreeBSD Installation and Configuration, by Warren Toomey
FreeBSD is a free Unix system that makes an excellent platform for providing reliable, full-time network services on modest equipment. FreeBSD is the operating engine behind such systems as Yahoo!, Walnut Creek and Hotmail.com.
The aim of this workshop is to install FreeBSD on a Pentium platform and configure a number of useful network services, suitable for a small enterprise or department. We will:
Workshop attendees will receive a copy of the latest FreeBSD system on CD-ROM.
|Half Day Morning Tutorial||9:00am-12:30pm||M6||
Firewall Design & Management, by Lawrie Brown
With the ever increasing growth and pervasiveness of the Internet, more and more organisations find that they need to connect to the Internet in order to fulfil their goals. However, there are persistent security concerns with such a connection. The usual approach to reducing these concerns is to install a firewall to provide perimeter defence around private networks which supplies a single controlled and monitored point of connection. The design, installation, and ongoing management of a firewall though, is a non-trivial task. This workshop will provide an overview of this process. This starts with the determination of an appropriate security policy, and then the specification of services to be supported and policy applied. From this a suitable firewall architecture can be selected from the range available, specific equipment chosen and configured. Then there is the ongoing management of the firewall, maintaining its safe configuration, responding to security events, and monitoring its ongoing use. The workshop will not discuss particular products, rather it is aimed to assist those who need to manage this process.
|Half Day Morning Tutorial||9:00am-12:30pm||M8||
The Java Jini Distributed Programming Environment, by Jan
Jini is a new environment from Sun to give ``network plug and play'' for devices and software services. It is designed for the huge market in smart devices that can be connected to a network, and also for the supply of software services over a network. This tutorial covers the programming API for Jini. The material includes:
|Half Day Afternoon Tutorial||1:30pm-5:00pm||M9||
Advanced IP Packet Mangling in Linux 2.4, by Paul Rusty’Russell
This tutorial is aimed at those who have set up networking under Linux, and want to see what evil they can do to packets. It will cover the general kernel architecture which was introduced in 2.3 (netfilter), and why such an architecture was needed.
Then it will show how the architecture has been used for simple packet filtering (iptables), which is a close cousin of the established ipchains (Linux 2.2) and ipfwadm (Linux 2.0) tools.
We then move on to connection state tracking (ip_conntrack), showing the abilities and limitations of trying to keep information about the history of packets and their relationships.
This builds to a climax with the description of Network Address (Port) Translation (ipt_nat). This will cover loadsharing, port forwarding, masquerading and general NAT.
The last section of the tutorial will cover extending the capabilities of the Linux kernel, handling specialised protocols, and dealing with packets in userspace.
|Half Day Afternoon Tutorial||1:30pm-5:00pm||M10||
Version Control Using CVS, by Ben Elliston
Configuration management is a crucial aspect of sound software engineering practice. Collaborative software development requires a suitably capable version control system. The Concurrent Versions System, CVS, is one such system, providing support for concurrent development and operation over a wide-area network. CVS enjoys widespread use in industry and by free software projects world-wide.
This workshop will provide a tour of the CVS system, its features, and how to use it appropriately in various (hopefully familiar) software development scenarios. I hope to provide running examples as the tour unfolds.
|Half Day Afternoon Tutorial||1:30pm-5:00pm||M11||
Cluster Computing Technologies and Applications, by Rajkumar
The availability of high-speed networks and increasingly powerful commodity microprocessors are making the usage of clusters, or networks, of computers an appealing vehicle for cost effective parallel computing. Clusters, built using commodity-of-the-shelf (COTS) hardware components as well as free, or commonly used, software, are playing a major role in redefining the concept of supercomputing.
In this tutorial, we discuss the motivation for the transition from using dedicated parallel supercomputers, to COTS-based cluster supercomputers. We also describe the enabling technologies and then present a number of case studies of cluster-based projects to support our discussion.
Finally, we summarise our findings and draw a number of conclusions relating to the usefulness and likely future of cluster computing. The question naturally arises: How does Clusters, redefine concepts of traditional supercomputing?; How is this different from traditional supercomputing or MPP computing?; Are cluster offering a completely different programming paradigm?; Can one make a cluster based Supercomputer? and what are its implications of do so? This tutorial offers answers to these and other questions related to the use and exploitation of clusters as a vehicle for high performance applications.
|Tuesday 27 June||Time||Tut No.||Tutorial Title and Outline|
|Full Day Tutorial||9:00am-5:00pm||T12||
Linux Installation, by Chris Levanes
This full-day introductory tutorial to the complete features of the Red Hat Linux set will cover the following areas and include:
|Full Day Tutorial||9:00am-5:00pm||T13||
Cryptographic Algorithms Revealed, by Greg Rose
In this advanced tutorial, attendees will get a fairly detailed overview of what makes cryptographic algorithms work, and when they don't work, how they are broken. The tutorial will be as up-to-the-minute as possible with respect to the development of the Advanced Encryption Standard.
This tutorial will require some mathematical background from attendees. At the very least, familiarity with common mathematical notation, polynomials, and some elementary statistical knowledge will be needed. You've been warned.
Topics covered (unless time runs out):
|Half Day Morning Tutorial||9:00am-12:30pm||T14||
DNS and BIND, by Chris Vance
This tutorial covers the use of the Domain Name System and the Berkeley Internet Name Daemon which provides this service on Unix and similar systems.
|Half Day Morning Tutorial||9:00am-12:30pm||T15||
Debugging Programs with GDB, by Andrew Cagney
GDB, the GNU project debugger, is arguably the most widely used debugger in the world. As well as supporting most host platforms it has also been ported to almost every target architecture in existence.
This tutorial will first provide the programmer with an introduction to GDB. It will then go on to explain some of GDB's more advanced features including inferior calls, watchpoints, conditionals and scripting. A brief introduction to embedded debugging will also be provided.
|Half Day Afternoon Tutorial||1:30pm-5:00pm||T16||
Practical IPSEC, by Adrian Close
Networks on the Internet are increasingly turning to firewalls as a means of protecting themselves against external network-based attacks, creating their own small islands of trust. However, the increasing need for secure, inter-network communications requires extending that trust across the Internet itself - a risky proposition in an increasingly hostile network environment.
Implementing IPSEC is one plausible solution and this tutorial will cover the fundamentals of doing this in the real world.
Practical demonstrations of the technology involved will be given throughout the tutorial, which will include debugging techniques useful for successful deployment and interoperability of various IPSEC implementations.
|Half Day Afternoon Tutorial||1:30pm-5:00pm||T17||
Vinum Volume Manager Administration, by Greg Lehey
The Vinum Volume Manager is an Open Source software implementation of virtual disks and RAID levels 0, 1, 4 and 5. It provides a flexible disk abstraction that can increase disk size, speed and reliability. Performance is comparable with and in many cases exceeds that of hardware RAID solutions. Vinum currently runs on the FreeBSD platform, but other platforms are in planning.
This tutorial demonstrates how to set up Vinum for a number of typical configurations, and how to deal with tradeoffs between media cost, performance and reliability. Participants are encouraged to submit details of their own storage problems in advance for discussion during the tutorial.
AUUG2K Home | AUUG Home | Site Map | Email comment