usenix07 training proof

8/15/2019 usenix07 training proof

1/24

Join us in Santa Clara, CA,

June 1722, for the 2007

USENIX Annual Technical

Conference.

6 days of training byindustry experts, including:

Richard Bejtlich on TCP/IP

Weapons School, Layers 23

Tom Christiansen on Advanced

Perl Programming

Jacob Farmer on Next GenerationStorage Networking

Steve VanDevender on High-

Capacity Email System Design

And over 30 other full- and half-

day tutorials

3-day technicalprogram, including:

The latest research in the

Refereed Papers Track

Keynote Address by Mendel

Rosenblum, Stanford University

Expert-led Invited Talks Guru Is In Sessions

BoFs, a Poster Session, and more

New in 2007:

SANS Security Training

Register by June 1 and save! www.usenix.org/usenix2007

Santa Clara, CA June 1722, 2007

Dont miss the latest in groundbreakingresearch and cutting-edge practices in a widevariety of technologies and environments.

TRAINING PROGRAM


2/24

B REGISTER TODAY: WWW.USENIX.ORG/USENIX2007

CONTENTS

1 USENIX 07 Organizers

23 Training at a Glance

412 USENIX Training Program

1315 USENIX Training Instructors1619 SANS Training Program

20 Hotel & Travel Information

21 Registration Information & Fees

USENIX Annual Tech has always been the place to present groundbreakingresearch and cutting-edge practices in a wide variety of technologies and envi-ronments. USENIX 07 will be no exception.

The 2007 USENIX Annual Technical conference will feature:

6-Day Training Program: SundayFriday, June 1722, 2007

The training program at USENIX 07 provides in-depth and immediately useful training on the

latest techniques, effective tools, and best strategies. The 37 half- and full-day sessions are

taught by well-known industry experts, selected for their ability to teach complex subjects.

Topics include:

Hands-on Linux Security: From Hacked to Secure in Two Days, by Rik Farrow

Solaris 10 Security Features Workshop, by Peter Baer Galvin

Distributed Source Code Management Systems: Bzr, Hg, and Git (Oh My!), by

Theodore Tso

New in 2007: SANS at USENIX Annual Tech. In addition to the top-notch USENIX training,

Were partnering with the SANS Institute to offer two 6-day security classes:

SANS Security 504: Hacker Techniques, Exploits, and Incident Handling

SANS Security 617: Assessing and Securing Wireless Networks

Technical Sessions: WednesdayFriday, June 2022, 2007

The 3-day technical program includes:

The latest in cutting-edge research in the Refereed Papers Track

Expert-led invited talks, including the keynote address by Mendel Rosenblum, Stanford

University

Guru Is In sessions, where you can get answers to your most urgent technical ques-

tions

The opportunity to mingle with colleagues and industry leaders at the Birds-of-a-Feath-

er sessions and other evening social events, including poster and vendor sessions and

receptions

Register today at www.usenix.org/usenix2007.

Join leading researchers and practitioners for6 full days on the latest technology.

EARLY BIRDDISCOUNT

SAVE!Register by June 1, 2007, at

www.usenix.org/usenix2007

TOP 5 REASONS TO ATTEND

#1 Top-notch trainingHighly respected experts pro-

vide you with new information

and skills you can take back

to work tomorrow.

#2 Invited TalksIndustry luminaries discusstimely and important topics.

#3 Youll hear it here firstCheck out the latest develop-

ments in cutting-edge

research in the Refereed

Papers Track and poster

session.

#4 AnswersIndustry experts address your

toughest questions in the

Guru Is In sessions.

#5 The chance to mingleTalk with industry leaders and

network with peers in the

evening BoFs and receptions.


3/24

REGISTER BY JUNE 1 AND SAVE! 1

Program Co-ChairsJeff Chase, Duke University

Srinivasan Seshan, Carnegie Mellon

University

Program Committee

Atul Adya, Microsoft Research

Matt Blaze, University of Pennsylvania

George Candea, EPFLMiguel Castro, Microsoft Research,

Cambridge

Fay Chang, Google

Nick Feamster, Georgia Institute of

Technology

Marc Fiuczynski, Princeton University/

PlanetLab

Terence Kelly, Hewlett-Packard Labs

Eddie Kohler, University of California,

Los Angeles, and Mazu Networks

Z. Morley Mao, University of Michigan

Erich Nahum, IBM T.J. Watson Research

Center

Jason Nieh, Columbia University and

VMware

Brian Noble, University of Michigan

Timothy Roscoe, Intel Research, Berkeley

Emin Gn Sirer, Cornell University

Mike Swift, University of Wisconsin,

Madison

Renu Tewari, IBM Almaden Research

Center

Win Treese, SiCortex, Inc.

Andrew Warfield, Cambridge University

and XenSource

Matt Welsh, Harvard University

Yuanyuan Zhou, University of Illinois at

Urbana-Champaign

Poster Session Chair

Mike Swift, University of Wisconsin,Madison

The USENIX Association Staff

Every USENIX training program registration includes:

Admission to the tutorials you select

Lunch on the day of your tutorials

Training program CD-ROM, including all available tutorial presentations and

materials

Printed materials for your tutorials

Admission to the receptions, BoFs, and other evening events

Conference t-shirt

Wireless connectivity in the conference session area

Every SANS training program registration includes:


Lunch on the day of your tutorials

Complimentary one-year membership in the USENIX Association

Printed materials for your tutorials

Admission to the receptions, BoFs, and other evening events

Conference t-shirt

Wireless connectivity in the conference session area

Our Guarantee

If youre not happy, were not happy. If you feel a tutorial does not meet the high

standards you have come to expect from USENIX, let us know by the first breakand we will change you to any other available tutorial immediately.

USENIX 07 Organizers


4/242 REGISTER TODAY: WWW.USENIX.ORG/USENIX2007

SUNDAY, JUNE 17, 2007

S1 Simson L. Garfinkel Computer Forensics

S2 Dustin Whittle RAD 2.0: Developing Web

Applications with Symfony

S3Rik Farrow Hands-on Linux Security: From Hackedto Secure in Two Days (Day 1 of 2)

S4 Peter Baer Galvin Solaris 10 Administration Workshop

S5 Chip Salzenberg Higher-Order Perl

S6 Strata Rose Chalup Problem-Solving for IT Professionals

S7 Abe Singer Security Without Firewalls

S8 Chip Salzenberg Perl Program Repair Shop and Red

Flags

S9 John Sellens Performance Tracking with Cacti

S10 Theodore Tso Distributed Source Code Man-

agement Systems: Bzr, Hg, and Git(Oh My!)

MONDAY, JUNE 18, 2007

M1 leen Frisch Administering Linux in Production

Environments

M2 Abe Singer Building a Logging Infrastructure and

Log Analysis for Security

M3 Rik Farrow Hands-on Linux Security: From Hacked

to Secure in Two Days (Day 2 of 2)

M4 Marc Staveley System and Network PerformanceTuning

MONDAY, JUNE 18, 2007 (CONTINUED)

M5 Chip Salzenberg Regular Expression Mastery

M6 John Sellens Databases: What You Need to Know

M7 Jacob Farmer Disk-to-Disk Backup and Eliminating

Backup System Bottlenecks

M8 Strata Rose Chalup Practical Project Management for

Sysadmins and IT Professionals

M9 Gerald Carter Ethereal and the Art of Debugging

Networks

M10Jacob Farmer Next Generation Storage Networking

TUESDAY, JUNE 19, 2007

T1 Alan Robertson Configuring and DeployingLinux-HA

T2 Abe Singer Incident Response

T3 Peter Honeyman NFSv4 and Cluster File Systems

T4 Jim Mauro and Solaris 10 Performance, Observability,

Richard McDougall and Debugging

T5 leen Frisch Beyond Shell Scripts: 21st-Century

Automation Tools and TechniquesT6 John Sellens System and Network Monitoring:

Tools in Depth

T7 Steve VanDevender High-Capacity Email System

Design

NEW!

NEW!

SANS security 6-day tutorials: pp. 1619SANS



NEW!

NEW!

NEW!

NEW!

NEW!

NEW!

NEW!

FULL DAY: 9:00 A.M.5:00 P.M.

HALF DAY AFTERNOON: 1:30 P.M.5:00 P.M.

HALF DAY MORNING: 9:00 A.M.12:30 P.M.

FULL DAY: 9:00 A.M.5:00 P.M.

HALF DAY AFTERNOON: 1:30 P.M.5:00 P.M.

HALF DAY MORNING: 9:00 A.M.12:30 P.M.

FULL DAY: 9:00 A.M.5:00 P.M.

TRAINING AT A GLANCE


5/24REGISTER BY JUNE 1 AND SAVE! 3

WEDNESDAY, JUNE 20, 2007

W1 Richard Bejtlich Network Security Monitoring with Open

Source Tools

W2 Gerald Carter Using Samba 3.0

W3Peter Baer Galvin Solaris 10 Security Features Workshop

W4 Theodore Tso Inside the Linux 2.6 Kernel

THURSDAY, JUNE 21, 2007

R1 Tom Christiansen Advanced Perl Programming

R2 Richard Bejtlich TCP/IP Weapons School, Layers

23 (Day 1 of 2)

R3 Gerald Carter Implementing [Open]LDAP Directories

R4 Lee Damon Issues in UNIX Infrastructure Design

FRIDAY, JUNE 22, 2007

F1 John Arrasjid and Introduction to VMware Virtual

Shridhar Deuskar Infrastructure 3

F2 Richard Bejtlich TCP/IP Weapons School, Layers23 (Day 2 of 2)

NEW!

NEW!




FULL DAY: 9:00 A.M.5:00 P.M.

FULL DAY: 9:00 A.M.5:00 P.M.

FULL DAY: 9:00 A.M.5:00 P.M.

EARLY BIRDDISCOUNT

SAVE!Register by June 1, 2007, at

www.usenix.org/usenix2007



USENIX TRAINING PROGRAM

S1 Computer ForensicsSimson L. Garfinkel , Naval Postgraduate

School

Who should attend: Anyone interested

in forensics: recovering lost or deleted

data, hunting for clues, and tracking

information.Topics include:

Introduction to computer forensics

Disk forensics

Network forensics

Document forensics

Memory forensics

Cell phone forensics

Take back to work: An in-depth

understanding of computer forensics,why forensic tools are possible, what

they can do and their limits; modern

tools, and the legal environment that

governs U.S. forensics.

S2 RAD 2.0: Developing WebApplications with SymfonyDustin Whittle , Yahoo, Inc.

Who should attend: Technical project

managers and engineers interested in

learning how to build better Web 2.0

applications using symfony.

Topics include:

Overview and foundations

Is symfony right for your project?

Design patterns and best practices

Project management

Installation

Project creation

Configuring your environment

Setting up your project

Building your object model

Developing fast with scaffolding and

generators

Controlling your model

Developing and managing views

Adding your favorite JavaScriptframework

AJAX and JavaScript helpers via

Prototype

Command line interface

Plugins Unit and functional testing

Performance and security

Project deployment

Take back to work: All you need to

know to dive into your next Web 2.0

application.

S3 Hands-on Linux Security: FromHacked to Secure in Two Days(Day 1 of 2)Rik Farrow , Security Consultant

Who should attend: System adminis-

trators of Linux and other UNIX sys-

tems; anyone who runs a public UNIX

server.

Exercises include:

Searching for hidden files

TCP/IP and its relation to probesand attacks

Uses of ARP and Ethereal

hping2 probes

nmap (connect and SYN scans)

Buffer overflows in sample C pro-

grams

Weaknesses in Web scripts (using a

Perl example)

Take back to work: How to determineif a system has been exploited, use net-

work scanning/evaluation tools, improve

security of your systems, and check

Web scripts for weaknesses.

S4 Solaris 10 AdministrationWorkshopPeter Baer Galvin , Corporate

Technologies

Who should attend: Solaris systems

managers and administrators interested

in learning the new administration fea-

tures in Solaris 10 (and features in previ-

ous Solaris releases that they might not

be using).

Topics include:

Overview

Solaris releases Installing and upgrading to Solaris

10

Patching the kernel and applica-

tions

Service Management Facility

The kernel: update, /etc/system Crash and core dumps

Cool commands you need to know

Zfs, the new endian-neutral file sys-

tem

N1 Grid Containers (a.k.a. Zones)

DTrace

FMA (Fault Management Architec-

ture)

Sysadmin best practicesTake back to work: All you need to

consider in deploying, implementing,

and managing Solaris 10.

S5 Higher-Order Perl(AM) Chip Salzenberg, Consultant and Author

Who should attend: Programmersinvolved in the development and main-

tenance of large systems written partly

or mostly in Perl.

Topics include:

Dynamically replacing functions with

facades

Iterators

Building complex parserseasily!

Take back to work: How to write func-

tions that can manufacture or modify

other functions, instead of writing ten

similar functions that must be main-

tained separately.

S6 Problem-Solving for IT(AM) Professionals

Strata Rose Chalup , Project

Management Consultant

Who should attend: IT support people

who would like to have a better grasp of

problem-solving as a discipline.

Take back to work:

A solid grounding in the process of

solving problems

A framework on which to build trou-

bleshooting techniques that arespecific to your environment

Confidence in your ability to apply

logic and common sense to debug

problems in complex interacting

systems

NEW!

NEW!

NEW!

FULL DAY 9:00 A.M.5:00 P.M.

SUNDAY, JUNE 17, 2007

HALF DAY 9:00 A.M.12:30 P.M.



S7 Security Without Firewalls(AM) Abe Singer , San Diego Supercomputer

Center

Who should attend: Administrators

who want or need to explore strong,

low-cost, scalable security without fire-

walls.

Topics include:

The threat perspective from a data-

centric point of view

How to implement and maintain

centralized configuration manage-

ment using cfengine, and how to

build reference systems for fast and

consistent (re)installation of hosts

Secure configuration and manage-

ment of core network services such

as NFS, DNS, and SSH

Good system administration prac-tices

Implementing strong authentication

and eliminating use of plaintext

passwords for services such as

POP/IMAP

A sound patching strategy

An overview of how we were com-

promised, how we recovered, and

what we learnedTake back to work: How to build

effective, scalable host-based security

without firewalls.

S8 Perl Program Repair Shop and Red(PM) Flags

Chip Salzenberg, Consultant and Author

Who should attend: Anyone who

writes Perl programs regularly.

Topics include:

Families of variables Making relationships explicit

Refactoring

Programming by convention

Why you should avoid the . opera-

tor

Elimination of global variables

The use strict zombies

What can go wrong with if and

else The Condition that Ate Michigan

Structural vs. functional code

Boolean values

Programs that take two steps for-

ward and one step back

Programs that are 10% backslash-

es

Unnecessary shell calls

How (and why) to let undef be the

special value

Take back to work: How to improve

your own code and the code of others,

making it cleaner, more readable, more

reusable, and more efficient, while at

the same time making it 3050% small-

er.

S9 Performance Tracking with Cacti(PM)

John Sellens, SYONEX

Who should attend: Network and sys-

tem administrators ready to implement

a graphical performance and activity

monitoring tool, who prefer an integrat-

ed, Web-based interface.

Topics include:

Installation: Basic steps, prerequi-sites, common problems and solu-

tions

Configuration, setup options, and

how to manage larger and non-triv-

ial configurations

User management and access con-trol

Special cases: How to deal with

interesting problems

Extending Cacti: How to write

scripts or programs to extend the

functionality of the basic package

Security concerns and access con-

trol

Ongoing operationsTake back to work: The information

needed to immediately implement and

use Cacti to monitor systems and

devices on their networks.

S10 Distributed Source Code(PM) Management Systems: Bzr, Hg, and

Git (Oh My!)

Theodore Tso , IBM Linux TechnologyCenter

Who should attend: Developers, proj-

ect leaders, and system administrators

dealing with source code management

systems who want to take advantage of

the newest distributed development

tools.

Topics include:

Basic concepts of distributed SCMs

Advantages of peer-to-peer sys-

tems

How distributed SCMs work

Strengths and weaknesses of each

distributed SCM

Guidance and suggestions on

choice criteria

Take back to work: An understanding

of the basic concepts of distributed

SCMs, how these systems work, how

to use them, and the information you

need to choose the distributed SCM

that is most appropriate for your proj-

ect.

NEW!

NEW!

See www.usenix.org/usenix07/training for complete training program information.

HALF DAY 1:30 P.M.5:00 P.M.



MONDAY, JUNE 18, 2007

M1 Administering Linux in ProductionEnvironments

leen Frisch , Exponential Consulting

Who should attend: Both current

Linux system administrators and admin-

istrators from sites considering convert-

ing to Linux or adding Linux systems totheir current computing resources.

Topics include:

Recent kernel developments

High-performance I/O

Advanced compute-server environ-

ments

High availability Linux: fault-toler-

ance options

Enterprise-wide authentication andother security features

Automating installations and other

mass operations

Linux performance tuning

Take back to work: The knowledge

necessary to add reliability and availabil-

ity to their systems, and to assess and

implement tools needed for production-

quality Linux systems.

M2 Building a Logging Infrastructureand Log Analysis for Security

Abe Singer , San Diego Supercomputer

Center

Who should attend: System, network,

and security administrators who want to

be able to separate the wheat of warn-

ing information from the chaff of normalactivity in their log files.

Topics include:

Problems, issues, and scale of han-

dling log information

Generating useful log information:

improving the quality of your logs

Collecting log information

Storing log information

Log analysis How to handle and preserve log

files for HR and legal folks

Take back to work: How to get a han-dle on your log files, which can help you

run your systems and networks more

effectively and can provide forensic

information for post-incident investiga-

tion.

M3 Hands-on Linux Security: FromHacked to Secure in Two Days

(Day 2 of 2)Rik Farrow , Security Consultant


trators of Linux and other UNIX sys-

tems; anyone who runs a public UNIX

server.

Topics include:

John the Ripper, password cracking

Misuses of suid shells, finding back-

doors

Uncovering dangerous network

services

Searching for evidence of rootkits

and bots

Sleuth Kit (looking at intrusion time-

lines)

netfilter

Take back to work: How to uncover

the more subtle indicators of compro-

mise such as backdoors and rootkits,

and improve the network security of

your systems.

M4 System and Network PerformanceTuningMarc Staveley , Soma Networks

Who should attend: Novice andadvanced UNIX system and network

administrators, and UNIX developers

concerned about network performance

impacts.

Topics include:

Performance tuning strategies

Server tuning

NFS performance tuning

Network performance, design, andcapacity planning

Application tuning

Take back to work: Procedures andtechniques for tuning your systems,

networks, and application code, along

with guidelines for capacity planning

and customized monitoring.

M5 Regular Expression Mastery

(AM) Chip Salzenberg, Consultant and Author


trators and users who use Perl, grep,

sed, awk, procmail, vi, or emacs.

Topics include:

Inside the regex engine

Disasters and optimizations

Take back to work: Fixes for all your

regexes: unexpected results, hangs,unpredictable behaviors.

M6 Databases: What You Need to Know(AM) John Sellens, SYONEX

Who should attend: System and

application administrators who need to

support databases and database-

backed applications.

Topics include:

An introduction to database con-

cepts

The basics of SQL (Structured

Query Language)

Common applications of databases

Berkeley DB and its applications

MySQL installation, configuration,

and management

PostgreSQL installation, configura-tion, and management

Security, user management, and

access controls

Ad hoc queries with standard inter-

faces

ODBC and other access methods

Database access from other tools

(Perl, PHP, sqsh, etc.)

Take back to work: A better under-standing of databases and their use

and of how to deploy and support com-

mon database software and database-

backed applications.


HALF DAY 9:00 A.M.12:30 P.M.




M7 Disk-to-Disk Backup and(AM) Eliminating Backup System

BottlenecksJacob Farmer , Cambridge Computer

Services


trators involved in the design and man-

agement of backup systems and policy-

makers responsible for protecting their

organizations data.Topics include:

Identifying and eliminating backup

system bottlenecks

Conventional disk staging

Virtual tape libraries

Removable disk media

Incremental forever and synthetic

full backup strategies

Block- and object-level incrementalbackups

Information lifecycle management

and nearline archiving

Data replication

CDP (Continuous Data Protection)

Snapshots

Current and future tape drives

Capacity Optimization (Single-

Instance File Systems)

Minimizing and even eliminating

tape drives

iSCSI

Take back to work: Immediate ideas

for effective, inexpensive improvements

to your backup systems.

M8 Practical Project Management for(PM) Sysadmins and IT Professionals

Strata Rose Chalup , Project

Management Consultant


trators who want to stay hands-on as

team leads or system architects andneed a new set of skills with which to

tackle bigger, more complex challenges.

Topics include:

Quick basics of project manage-

ment

Skill sets

Problem areas

Project management tools

Take back to work: A no-nonsensegrounding in methods that work with-

out adding significantly to ones work-

load. You will be able to take an arbi-

trarily daunting task and reduce it to a

plan of attack that will be realistic, will

lend itself to tracking, and will have

functional, documented goals. You will

be able to give succinct and useful

feedback to management on overallproject viability and timelines and easily

deliver regular progress reports.

M9 Ethereal and the Art of Debugging(PM) Networks

Gerald Carter, Centeris/Samba Team

Who should attend: System and net-

work administrators who are interested

in learning more about the TCP/IP pro-tocol and how network traffic monitor-

ing and analysis can be used as a

debugging, auditing, and security tool.

Topics include:

Introduction to Ethereal for local

and remote network tracing

TCP/IP protocol basics

Analysis of popular application pro-

tocols such as DNS, DHCP, HTTP,NFS, CIFS, and LDAP

How some kinds of TCP/IP network

attacks can be recognized

Take back to work: How to use theEthereal protocol analyzer as a debug-

ging and auditing tool for TCP/IP net-

works.

M10 Next Generation StorageNetworking

(PM) Jacob Farmer , Cambridge Computer

Services

Who should attend: Sysadmins run-

ning day-to-day operations and those

who set or enforce budgets.

Topics include:

Fundamentals of storage virtualiza-

tion: the storage I/O path

Shortcomings of conventional SAN

and NAS architectures

In-band and out-of-band virtualiza-

tion architectures

The latest storage interfaces: SATA

(serial ATA), SAS (serial attached

SCSI), 4Gb Fibre Channel, Infini-

band, iSCSI

Content-Addressable Storage

(CAS)

Information Life Cycle Management

(ILM) and Hierarchical Storage Man-

agement (HSM) The convergence of SAN and NAS

High-performance file sharing

Parallel file systems

SAN-enabled file systems

Wide-area file systems (WAFS)


of general architectures, various

approaches to scaling in both perfor-

mance and capacity, relative costs ofdifferent technologies, and strategies for

achieving results on a limited budget.

HALF DAY 1:30 P.M.5:00 P.M.



10/24

8 REGISTER TODAY: WWW.USENIX.ORG/USENIX2007


T1 Configuring and Deploying Linux-HA

Alan Robertson , IBM Linux Technology

Center


trators and IT architects who architect,

evaluate, install, or manage critical com-puting systems. It is suggested that par-

ticipants have basic familiarity with sys-

tem V/LSB-style startup scripts, shell

scripting, and XML.

Topics include:

General HA principles

Compilation and installation of the

Linux-HA (heartbeat) software

Overview of Linux-HA configuration Overview of commonly used

resource agents

Managing services supplied with

init(8) scripts

Sample Linux-HA configurations for

Apache, NFS, DHCP, DNS, and

Samba

Writing and testing resource agents

conforming to the Open ClusterFramework (OCF) specification

Creating detailed resource depen-

dencies

Creating co-location constraints

Writing resource location con-

straints

Causing failovers on user-defined

conditions

Take back to work: Both the basictheory of high-availability systems and

practical knowledge of how to plan for

and install and configure highly available

systems using Linux-HA.

T2 Incident Response Abe Singer , San Diego Supercomputer

Center

Who should attend: Security folks,system administrators, and operations

staff (e.g., help desk). Examples are pri-

marily from UNIX systems, but most of

what is discussed will be operating sys-

tem neutral.

Topics include:

Goals: What results do you want?

Policies: Having the authority to do

the job

Tools: Having the stuff to do the job

Intelligence: Having the information

to do the job Initial suspicion: Complaints,

alarms, anomalies

The oh, sh*t moment: When you

realize its a compromise

Gathering information on your

attacker

Assessing the extent of the com-

promise

Communicating: Inquiring minds

want to know

Recovery: Kicking em out and fix-

ing the damage

Evidence handling

The law: Dealing with law enforce-

ment, lawyers, and HR


of how to prepare for security incidents

and how to handle incidents in an

organized, effective manner, without

panicking.

T3 NFSv4 and Cluster File Systems

Peter Honeyman, CITI, University of

Michigan

Who should attend: System builders

developing storage solutions for high-end computing, system administrators

who need to anticipate and understand

the state of the art in high performance

storage protocols and technologies,

and researchers looking for an intensive

introduction to an exciting and fertile

area of R&D.

Topics include:

Features of NFSv4 and cluster filesystems

Major coordination issues of lock-

ing, delegation, and shares, giving

special attention to fair queuing for

NFSv4, NLM, and POSIX locks

Efficient client recovery and migra-

tion for NFSv4 on cluster file sys-

tems

An introduction to pNFS, the

emerging parallel extension to

NFSv4, which offers the potential to

deliver the bisectional bandwidth ofa cluster file system to a single

client.

Take back to work: Knowledge of the

challenges and solutions in marrying

NFSv4 with cluster file systems.

T4 Solaris 10 Performance,Observability, and DebuggingJim Mauro and Richard McDougall,Sun Microsystems


supports or may support Solaris 10

machines.

Topics include:

Solaris 10 features overview

Solaris 10 tools and utilities

Understanding memory use and

performance

Understanding thread execution

flow and profiling

Understanding I/O flow and

performance

Looking at network traffic and

performance

Application and kernel interaction

Putting it all together

Take back to work: How to apply the

tools and utilities available in Solaris 10

to resolve performance issues and

pathological behavior, and simply to

understand the system and workload

better.

NEW!

NEW!

NEW!




11/24


T5 Beyond Shell Scripts: 21st-CenturyAutomation Tools and Techniques

leen Frisch , Exponential Consulting

Who should attend: System administra-

tors who want to explore new ways of

automating administrative tasks. Shell

scripts are appropriate for many jobs, butmore complex operations will often bene-

fit from sophisticated tools.

Topics include:

Cfengine configurations, sample

uses, and limitations

Expect: Automating interactive

processes

Bacula, an enterprise backup man-

agement facility Network and system monitoring

tools: SNMP overview, Nagios, RRD-

Tool, Ethereal

Take back to work: You will be ready to

begin using these packages in your own

environment, and to realize the efficiency,

reliability, and thoroughness that they offer

compared to traditional approaches.

T6 System and Network Monitoring:Tools in DepthJohn Sellens , SYONEX

Who should attend: Network and sys-

tem administrators ready to implement

comprehensive monitoring of their sys-

tems and networks using the best of the

freely available tools.

Topics include, for each of Nagios,

Cricket, MRTG, and Orca:

Installation: Basic steps, prerequi-

sites, common problems and solu-

tions

Configuration, setup options, and

how to manage larger and nontrivial

configurations

Reporting and notifications, both

proactive and reactive

Special cases: How to deal with inter-

esting problems

Extending the tools: How to write

scripts or programs to extend the

functionality of the basic package

Dealing effectively with network

boundaries and remote sites

Security concerns and access control

Ongoing operationsTake back to work: The information

needed to immediately implement,

extend, and manage popular monitoring

tools on your systems and networks.

T7 High-Capacity Email System Design

Steve VanDevender , University of Oregon

Who should attend: Anyone who needs

to design a high-volume, secure email

system or upgrade an existing one.

Topics include:

Mail system architecture and compo-

nents

MTAs and SMTP

Spam!

LDAs and the mail store

POP, IMAP

Coping with MUAs

Scaling and reliability methods

Take back to work: An overview of

available choices in software and meth-

ods, with their tradeoffs and domains of

applicability.

NEW!



ATTENTION MANAGERS: WHY

YOU SHOULD SEND YOUR

EMPLOYEES TO USENIX 07

Hiring the best and the brightest isthe ultimate goal for any employer.

However, keeping current employ-ees up to par is just as important.Technology continues to evolve:

truly to stay ahead of the game,your employees must continue toenhance their skills.

The training program at USENIX 07offers a cost-effective, one-stopshop for training current IT anddevelopment employees. Over 35

full- and half-day tutorials taughtby the most respected leaders inthe field provide an unparalleled

opportunity to learn from the best.Tutorials cover a multitude of topicsincluding open source technologies,system administration, and security.

Combining full days of training withdays of technical sessions ongroundbreaking research makes the

USENIX 07 experience even morevaluable. Additionally, the recep-tions, Poster Session, and Birds-of-

a-Feather sessions provide yourstaff with a chance to network withpeers and industry leaders to gainthat all-important insider IT knowl-edge that will keep your companycurrent and running smoothly.

Keeping up with technology can becostly and time-consuming in thisunforgiving economy: take fulladvantage of this opportunity to

have your staff learn from the topresearchers, practitioners, andauthors all in one place, at onetime.


12/24


WEDNESDAY, JUNE 20, 2007

W1 Network Security Monitoring withOpen Source ToolsRichard Bejtlich, TaoSecurity


wants to know what is happening on

their network. I assume command-line

knowledge of UNIX and familiarity withTCP/IP. Anyone with duties involving

intrusion detection, security analysis,

incident response, or network forensics

will profit from this course.

Topics include:

NSM theory

Building and deploying NSM sen-

sors

Accessing wired and wireless traffic Full content tools: Tcpdump, Ethe-

real/Tethereal, Snort as packet log-

ger

Additional data analysis tools:

Tcpreplay, Tcpflow, Ngrep, Netdude

Session data tools: Cisco NetFlow,

Fprobe, Flow-tools, Argus, SANCP

Statistical data tools: Ipcad, Traf-

show, Tcpdstat, Cisco accountingrecords

Sguil (sguil.sf.net)

Case studies, personal war stories,

attendee participation

Take back to work: You will immedi-

ately be able to implement numerous

new techniques and tools to discover

normal, malicious, and suspicious net-

work events.

W2 Using Samba 3.0Gerald Carter, Centeris/Samba Team


trators who are currently managing

Samba servers or are planning to

deploy new servers this year. This

course will outline the new features of

Samba 3.0, including working demon-strations throughout the course session.

Topics include:

How to provide common file and

print services

How to integrate Samba with Active

Directory

How to enable Samba as a Domain

Controller in its own domain

Take back to work: You will under-

stand not only how to configure Samba

in a variety of environments, but alsohow to troubleshoot the unpredictable

glitches that occur at the most inoppor-

tune times.

W3 Solaris 10 Security FeaturesWorkshopPeter Baer Galvin , Corporate

Technologies

Who should attend: Solaris systems

managers and administrators interested

in the new security features in Solaris 10

(and features in previous Solaris releas-

es that they might not be using).

Topics include:

Overview

N1 Grid Containers (a.k.a. Zones)

RBAC: Role Based Access Control

Privileges

NFSv4

Flash archives and live upgrade

(automated system builds)

Moving from NIS to LDAP

DTrace

FTP client and server enhance-

ments for security, reliability, and

auditing

PAM enhancements for moredetailed access control

Auditing enhancements

BSM (the Basic Security Module)

Service Management Facility (a

replacement for rc files)

Solaris Cryptographic Framework

Kerberos enhancements

Packet filtering with IPfilters

BART (Basic Audit Reporting Tool)Take back to work: During this explo-

ration of the important new features of

Solaris 10, youll not only learn what it

does and how to get it done, but also

best practices. Also covered is the sta-

tus of each of these new features, how

stable it is, whether it is ready for pro-

duction use, and expected future

enhancements.

W4 Inside the Linux 2.6 KernelTheodore Tso , IBM Linux Technology

Center

Who should attend: Application pro-

grammers and kernel developers.

Topics include:

How the kernel is organized

(scheduler, virtual memory system,

filesystem layers, device driver lay-

ers, networking stacks)

Ground rules of kernel program-

ming (races, deadlock conditions)

Implementation and properties of

the most important algorithms

Comparison between Linux and

UNIX kernels, with emphasis on

differences in algorithms

Details of the Linux scheduler

The requirements for portabilitybetween architectures

Take back to work: An overview and

roadmap of the kernels design and

functionality.




13/24


R1 Advanced Perl ProgrammingTom Christiansen , Consultant

Who should attend: Anyone with a

journeyman-level working knowledge of

Perl programming who wants to hone

Perl skills.

Topics include:

Symbol tables and typeglobs

Modules

References

Fancy object-oriented programming

Managing exceptions and warnings

Regular expressions

Programming with multiple

processes or threads

Unicode and I/O layers

Take back to work: With a much rich-

er understanding of Perl, you will be

better able to make it part of your daily

routine.

R2 TCP/IP Weapons School, Layers23 (Day 1 of 2)Richard Bejtlich, TaoSecurity

Who should attend: Junior and inter-

mediate analysts and system adminis-

trators who detect and respond to

security incidents.

Topics for Day 1 include:

Layer 2

What is layer 2?

Ethernet in brief

packet delivery on the LAN Ethernet interfaces

ARP basics, ARP request/reply, ARP

cache, Arping, Arpdig, Arpwatch

VLANs

Dynamic Trunking Protocol

Layer 2 attacks

MAC address trickey

MAC flooding: Macof

ARP denial of service: arp-sk

Port stealing: Ettercap

Layer 2 man-in-the-middle: Ettercap

Dynamic Trunking Protocol attack:

Yersinia

Take back to work: The fundamentals

of TCP/IP networking. You will learn

how to interpret network traffic by ana-

lyzing packets generated by network

security tools and how to identify secu-

rity events on the wire.

R3 Implementing [Open]LDAPDirectories

Gerald Carter, Centeris/Samba Team

Who should attend: Both LDAP direc-

tory administrators and architects.

Topics include:

Replacing NIS domains

Integration with Samba file and print

servers

Integrating MTAs such as Sendmail

and Postfix Creating customized LDAP schema

items

Examining scripting solutions for

developing your own directory

administration tools

Take back to work: Comfortable with

LDAP terms and concepts, you will

understand how to extend that knowl-

edge to integrate future applicationswith it into your network.

R4 Issues in UNIX InfrastructureDesignLee Damon , University of Washington

Who should attend: Anyone who is

designing, implementing, or maintaining

a UNIX environment with 2 to 20,000+

hosts; system administrators, archi-tects, and managers who need to main-

tain multiple hosts with few admins.

Topics include:

Administrative domains: Who is

responsible for what, and what can

users do for themselves?

Desktop services vs. farming: Do

you do serious computation on the

desktop, or do you build a computefarm?

Disk layout: How do you plan for an

upgrade? Where do things go?

Free vs. purchased solutions:

Should you write your own, or hire a

consultant or company?

Homogeneous vs. heterogeneous:

Homogeneous is easier, but will it

do what your users need?

The essential master database:

How can you keep track of what

you have? Policies to make life easier

Push vs. pull

Getting the user back online in 5

minutes

Remote administration: Lights-out

operation; remote user sites; keep-

ing up with vendor patches, etc.

Scaling and sizing: How do you

plan on scaling?

Security vs. sharing: Your users

want access to everything. So do

the crackers . . .

Single sign-on: How can you do it

securely?

Single system images: Can users

see just one environment, no matter

how many OSes there are?

Tools: The free, the purchased, the

homegrown

Take back to work: The answers to all

the questions you should ask while

designing and implementing the mixed-

architecture or single-architecture UNIX

environment that will meet your needs.

NEW!


THURSDAY, JUNE 21, 2007



14/24


FRIDAY, JUNE 22, 2007

F1 Introduction to VMware VirtualInfrastructure 3John Arrasjid and Shridhar Deuskar,

VMware


trators and architects who are interest-

ed in deploying a VMware Virtual Infra-structure, including ESX Server and

VirtualCenter, in a production environ-

ment. No prior experience with VMware

products is required. Knowledge of

Linux is helpful; basic knowledge of

SANs is useful but not required.

Topics include:

Virtual Infrastructure overview

ESX Server and VirtualCenteroverview

Installation and configuration

Virtual machine creation and opera-

tion

Migration technologies such as

VMware Converter

Operations and administration best

practices

Advanced configuration (SAN and

networking)

Take back to work: How to deploy a

VMware virtual infrastructure effectively

on your own site.

F2 TCP/IP Weapons School, Layers23 (Day 2 of 2)Richard Bejtlich, TaoSecurity

Who should attend: Junior and inter-

mediate analysts and system adminis-

trators who detect and respond to

security incidents.

Topics for Day 2 include:

Layer 3

What is layer 3?

Internet Protocol

Raw IP: Nemesis

IP options: Fragtest

IP time-to-live: Traceroute

Internet Control Message Protocol:

Sing ICMP Error Messages: Gnetcat

IP Multicast: Iperf

IP Multicast: Udpcast

IP fragmentation: Fragtest

Layer 3 attacks

IP IDs: Isnprober

IP IDs: Idle Scan

IP TTLs: LFT

IP TTLs: Etrace and Firewalk

ICMP Covert Channel: Ptunnel

IP fragmentation: Fragroute and Pf

Take back to work: The fundamentals

of TCP/IP networking. You will learn

how to interpret network traffic by ana-

lyzing packets generated by network

security tools and how to identify secu-

rity events on the wire.

NEW!


CONTINUING EDUCATION

UNITS (CEUS)

USENIX provides Continuing

Education Units for a small addi-

tional administrative fee. The CEUis a nationally recognized stan-

dard unit of measure for continu-

ing education and training and is

used by thousands of organiza-

tions.

Each full-day tutorial qualifies for

0.6 CEUs. You can request CEU

credit by completing the CEU

section on the registration form.USENIX provides a certificate for

each attendee taking a tutorial for

CEU credit and maintains tran-

scripts for all CEU students.

CEUs are not the same as college

credits. Consult your employer or

school to determine their applica-

bility.

WANT MORE INFO?

For full tutorial desccriptions, see

www.usenix.org/usenix07/training.



15/24

REGISTER BY MONTH JUNE 1 AND SAVE! 13

John ArrasjidF1

John Arrasjid has 20 years

of experience in the com-

puter science field, includ-

ing work with AT&T,

Amdahl, 3Dfx Interactive,

Kubota Graphics, Roxio, and his own com-

pany, WebNexus Communications, where

he developed consulting practices and builta cross-platform IT team. John is currently a

senior member of the VMware Professional

Services Organization.

Richard Bejtlich

W1, R2, F2

Richard Bejtlich is founder

of TaoSecurity LLC(http://www.taosecurity

.com), a company that

helps clients detect, con-

tain, and remediate intru-

sions using network security monitoring

(NSM) principles. Richard wrote the Tao of

Network Security Monitoring: Beyond Intru-

sion Detection and the forthcoming Extru-

sion Detection: Security Monitoring for Inter-

nal Intrusions and Real Digital Forensics.

Gerald Carter

M9, W2, R3

Gerald Carter has been a

member of the Samba

Development Team since

1998. He has been devel-

oping, writing about, andteaching on open source

since the late 1990s. Currently employed by

Centeris as a Samba and open source

developer, Gerald has written books for

SAMS Publishing and for OReilly Publish-

ing.

Strata Rose ChalupS6, M8

Strata Rose Chalup has

been leading and manag-

ing complex IT projects

for many years. She has

written a number of arti-

cles and has volunteered

for BayLISA and SAGE. Strata has built a

successful consulting practice around beingan avid early adopter of new tools. Another

MIT dropout, Strata founded VirtualNet Con-

sulting in 1993.

Tom Christiansen

R1

Tom Christiansen has

been involved with Perlsince day zero of its initial

public release in 1987.

Author of several books

on Perl, including the Perl

Cookbook and Programming Perl from

OReilly, Tom is also a major contributor to

Perls online documentation. He holds

undergraduate degrees in Computer Sci-

ence and Spanish and a Masters in Com-

puter Science. He now lives in Boulder, Col-

orado.

Lee Damon

R4

Lee Damon has been a

UNIX system administra-

tor since 1985 and has

been active in SAGE(U.S.) and LOPSA since

their inceptions. He assist-

ed in developing mixed environments at IBM

Watson Research, Gulfstream Aerospace,

and QUALCOMM. He is currently leading

the development effort for the Nikola project

at the University of Washington Electrical

Engineering department. He is past chair of

the SAGE Ethics and Policies workinggroups, and he was the chair of LISA 04.

Shridhar Deuskar

F1

Shridhar Deuskar has

over 10 years of experi-

ence in system adminis-

tration of UNIX and Win-

dows servers. He has

consulted with companies such as Caterpil-

lar, HP, and EMC. Currently he is a Consult-

ing Architect in VMwares Professional Serv-ices organization and is responsible for

delivering services tied to virtualization to

clients worldwide.

Jacob Farmer

M7, M10

Jacob Farmer has written

numerous papers andarticles and is a regular

speaker at trade shows

and conferences. In addi-

tion to his expert advice

column in the Reader I/O section of InfoS-

tor Magazine, Jacob serves as the publica-

tions senior technical advisor. Jacob has

over 18 years of experience with storage

technologies and is the CTO of CambridgeComputer Services, a national integrator of

data storage and data protection solutions.

Rik Farrow

S3, M3

Rik Farrow provides UNIX

and Internet security con-

sulting and training. He

has been working with

UNIX system security

since 1984 and with

TCP/IP networks since 1988. He has taught

at the IRS, Department of Justice, NSA,

NASA, US West, Canadian RCMP, Swedish

Navy, and for many U.S. and European user

groups. He is the author ofUNIX System

Security and System Administrators Guide

to System V. Farrow is the editor of ;login:and works passionately to improve the state

of computer security.

USENIX TRAINING INSTRUCTORS


16/24


leen Frisch

M1, T5

leen Frisch has been

working as a system

administrator for over 20

years. She currently looks

after a pathologically het-

erogeneous network of UNIX and Windows

systems. She is the author of several books,

including Essential System Administration(now in its 3rd edition from OReilly). leen

was the program chair for LISA 03 and is a

frequent presenter at USENIX events, as

well as presenting classes for universities

and corporations worldwide.

Peter Baer Galvin

S4, W3

Peter Baer Galvin is the

Chief Technologist for Cor-

porate Technologies, Inc.,

a systems integrator and

VAR. He has written arti-

cles for Byte and other

magazines. He wrote the Petes Wicked

World and Petes Super Systems columns

at SunWorld. He is currently contributing

editor for Sys Admin, where he manages the

Solaris Corner. Peter is co-author of the

Operating Systems Concepts and Applied

Operating Systems Concepts textbooks.

Simson L. Garfinkel

S1

Simson L. Garfinkel is an

Associate Professor atthe Naval Postgraduate

School in Monterey, CA,

and a fellow at the Center

for Research on Computa-

tion and Society at Harvard University. He is

also the founder of Sandstorm Enterprises,

a computer security firm. Garfinkel writes a

monthly column for CSO Magazine and is

the author or co-author of fourteen bookson computing. He is perhaps best known

for his bookDatabase Nation: The Death of

Privacy in the 21st Century.

Peter Honeyman

T3

Peter Honeyman is

Research Professor of

Information at the Univer-

sity of Michigan and Sci-

entific Director of the Cen-

ter for Information Technology Integration,

where he leads a team of scientists, engi-

neers, and students developing the Linux-

based open source reference implementa-

tion of NFSv4 and its extensions for high

end computing. With 25 years of experience

building middleware for file systems, securi-

ty, and mobile computingincluding Honey

DanBer UUCP, PathAlias, MacNFS, Discon-

nected AFS, and WebCard (the first Internet

smart card)Honeyman is regarded as one

of the worlds leading experimental comput-er scientists.

James Mauro

T4

James Mauro is a Senior

Staff Engineer in the Per-

formance and Availability

Engineering group at SunMicrosystems. Jims cur-

rent interests and activities

are centered on benchmarking Solaris 10

performance, workload analysis, and tool

development. This work includes Suns new

Opteron-based systems and multicore per-

formance on Suns Chip Multithreading

(CMT) Niagara processor. He spent most of

his spare time in the past year working on

the second edition ofSolaris Internals. Jim

co-authored the first edition ofSolaris Inter-

nals with Richard McDougall.

Richard McDougallT4

Richard McDougall, had

he lived 100 years ago,

would have had the hood

open on the first four-

stroke internal combus-

tion gasoline-powered

vehicle, exploring new techniques for mak-

ing improvements. These days, McDougalluses technology to satisfy his curiosity. He is

a Distinguished Engineer at Sun Microsys-

tems, specializing in operating systems

technology and system performance. He is

co-author ofSolaris Internals and Resource

Management.

Alan Robertson

T1

Alan Robertson founded

the High-Availability Linux

(Linux-HA) project in 1998

and has been project

leader for it since then.

He worked for SuSE for a

year, then in March 2001 joined IBMs Linux

Technology Center, where he works on it full

time. Before joining SuSE, he was a Distin-

guished Member of Technical Staff at Bell

Labs. He worked for Bell Labs for 21 years

in a variety of roles. These included provid-

ing leading-edge computing support, writing

software tools and developing voicemail

systems.

TRAINING INSTRUCTORS

FPO


17/24

REGISTER BY MONTH JUNE 1 AND SAVE! 15

Chip SalzenbergS5, S8, M5

Chip Salzenberg is Princi-

pal Engineer at Cloud-

mark, where he fights

spam with flair and

aplomb. Chip is also chief

coder (pumpking) of the

Parrot virtual machine (http://parrotcode

.org), with which he plans to bring alldynamic languages together and, in the

darkness, dynamically bind them. He was

pumpking for Perl release 5.4. He created

the automated Linux install-and-test system

for VA Linux Systems and was VAs Kernel

Coordinator. Chip has been published by

OReilly and Prentice Hall on Perl and other

topics.

John Sellens

S9, M6, T6

John Sellens has been

involved in system and

network administration

since 1986 and is the

author of several related

USENIX papers, a number

of;login: articles, and the SAGE Short Top-ics in System Administration booklet #7,

System and Network Administration for

Higher Reliability. He is the proprietor of

SYONEX, a systems and networks consul-

tancy, and is currently a member of the sys-

tems team at Magna International. From

1999 to 2004, he was the General Manager

for Certainty Solutions in Toronto. Prior to

joining Certainty, John was the Director ofNetwork Engineering at UUNET Canada and

was a staff member in computing and infor-

mation technology at the University of

Waterloo for 11 years.

Abe SingerS7, M2, T2

Abe Singer is a Computer

Security Researcher in the

Security Technologies

Group at the San Diego

Supercomputer Center. In

his operational security responsibilities, he

participates in incident response and foren-

sics and in improving the SDSC logginginfrastructure. His research is in pattern

analysis of syslog data for data mining. He is

co-author of of the SAGE booklet Building a

Logging Infrastructure and author of a forth-

coming OReilly book on log analysis.

Marc Staveley

M4

Marc Staveley works with

Soma Networks, where

he is applying his many

years of experience with

UNIX development and

administration in leading

their IT group. Previously Marc had been an

independent consultant and also held posi-

tions at Sun Microsystems, NCR, PrincetonUniversity, and the University of Waterloo.

He is a frequent speaker on the topics of

standards-based development, multi-

threaded programming, system administra-

tion, and performance tuning.

Theodore Tso

S10, W4

Theodore Tso has been a

Linux kernel developer

since almost the very

beginnings of Linux: he

implemented POSIX job

control in the 0.10 Linux

kernel. He is the maintainer and author of

the Linux COM serial port driver and the

Comtrol Rocketport driver, and he architect-

ed and implemented Linuxs tty layer. Out-side of the kernel, he is the maintainer of the

e2fsck filesystem consistency checker. Ted

is currently employed by IBM Linux Technol-

ogy Center.

Steve VanDevenderT7

By once not knowing to

be afraid of Sendmail,

Steve VanDevender has

ended up specializing in

email system administra-

tion for much of his system administration

career. At efn.org between 1994 and 2002,

he ended up managing a mail system thatgrew to 10,000 users; at the University of

Oregon since 1996, he has helped manage

a mail system that has grown from 20,000

to 30,000 users and, more important, has

grown even more in message volume and

user activity, with many corresponding

changes to cope with that growth. Since

2000, he has taught a popular course in

system administration for the University ofOregons Department of Computer and

Information Science.

Dustin Whittle

S2

Dustin Whittle is a Techni-

cal Yahoo in the Social

Search Group at Yahoo!.He is also a contributing

developer on the symfony

project and the developer

of several plugins. Before joining Yahoo!, he

was a self-employed technology consultant,

working around the world to make the Web

a better place for everyone and was the lead

developer at The Web Freaks. As a consult-

ant and trainer, Dustin has taught tutorials

and given talks at many conferences andinstitutions on such topics as enterprise

Web development and symfony.

FPO

FPO


18/24


SANS TRAINING PROGRAM

SANS Security 504:Hacker Techniques, Exploits,and Incident HandlingJohn Strand , Northrop Grumman

Overview: Instead of merely teaching a few

hack attack tricks, this course includes atime-tested, step-by-step process for

responding to computer incidents, a

detailed description of how attackers under-

mine systems so you can prepare, detect,

and respond to them, and a hands-on work-

shop for discovering holes before the bad

guys do. Additionally, the course explores

the legal issues associated with responding

to computer attacks, including employee

monitoring, working with law enforcement,

and handling evidence.

Who should attend: Individuals who lead

or are a part of an incident handling team;

system administrators and security person-

nel; ethical hackers/penetration testers.

SUNDAY, JUNE 17, 2007504.1 Incident Handling Step-by-Step

and Computer Crime

Investigation

The first part of the course looks

at the invaluable Incident Handling

Step-by-Step model. This section is

designed to introduce the incident

handling process, using the six steps

(preparation, identification, contain-

ment, eradication, recovery, and les-

sons learned) needed to prepare for

and deal with a computer incident.

The second part examines case stud-

ies to understand what works in iden-

tifying computer attackers. This sec-

tion provides valuable information on

the steps a systems administrator can

take to improve the chances of catch-

ing and prosecuting attackers.

Topics include:

Preparation

Identification

Containment

Eradication

Recovery

Special actions for responding to

different types of incidents

Incident record keeping

Incident follow-up

MONDAY, JUNE 18, 2007504.2 Computer and Network Hacker

Exploits: Part 1

Seemingly innocuous data leaking

from your network could provide the

clue needed by an attacker to blow

your systems wide open. This day-

long course covers the details associ-

ated with reconnaissance and scan-

ning, the first two phases of many

computer attacks. If you dont have

the skills needed to understand these

critical phases of an attack in detail,

you wont be able to protect your net-

work.

Topics include:

Reconnaissance

Scanning

Intrusion detection system evasion

Hands-on exercises with the follow-

ing tools:

What is layer 3?

NetStumbler for wireless LAN discov-

ery

Nmap port scanner and operating

system fingerprinting tool Nessus Vulnerability Scanner

Enum for extracting Windows data

through null sessions


504.3 Computer and Network Hacker

Exploits: Part 2

Computer attackers are ripping ournetworks and systems apart in novel

ways, while constantly improving their

techniques. This day-long course cov-

ers the third step of many hacker

attacks: gaining access.

This section covers the attacks in

depth, from the details of buffer over-

flow and format string attack tech-

niques to the latest in session hijack-

ing of supposedly secure protocols.

For each attack, the course explains

the vulnerability, how various toolsexploit it, the signature of the attack,

and how to harden the system or

application against the attack.

Topics include:

Network-level attacks

Gathering and parsing packets

Operating system and application-

level attacks

Netcat: The attackers best friend Hands-on exercises with the follow-

ing tools:

Sniffers, including Tcpdump

Sniffer detection tools, including

ifconfig, ifstatus, and promiscdetect

Netcat for transferring files, creating

backdoors, and setting up relays

Format string vulnerabilities in Win-

dows

WEDNESDAY, JUNE 20, 2007504.4 Computer and Network Hacker

Exploits: Part 3

This course starts out by covering one

of the attackers favorite techniques

for compromising systems: worms.

Well analyze worm developments

over the past two years and get a feelfor the Super Worms well face in the

future. Then the course turns to

another vital area often exploited by

attackers: homegrown Web applica-

tions. Attackers exploit these targets

using SQL injection, cross-site script-

ing, session cloning, and a variety of

other mechanisms discussed in detail.

The course also presents a taxonomyof nasty denial of service attacks, illus-

trating how attackers can stop servic-

es or exhaust resources and how to

prevent their nefarious deeds.

SUNDAYFRIDAY, JUNE 1722, 2007, 9:00 A.M.5:00 P.M.

USENIX is pleased to partner with SANS at USENIX 07 to offer two 6-day training courses focused on security.



19/24


Topics include:

Password cracking

Web application attacks

Denial of service attacks

Hands-on exercises with the following

tools:

John the Ripper password cracker Web application attack tools, including

Achilles

THURSDAY, JUNE 21, 2007504.5 Computer and Network Hacker

Exploits: Part 4

This course covers the fourth and fifth

steps of many hacker attacks: maintain-

ing access and covering their tracks. In

this course, well analyze the most com-

monly used malicious code specimens,

as well as explore future trends in mal-

ware, including BIOS-level and combo

malware possibilities. This course gives

you the tools and techniques you need

to detect and respond to these activities

on your computers and network.

Topics include:

Maintaining access

Covering their tracks

Putting it all together

Hands-on exercises with the following

tools:

Virtual Network Computing (VNC) and

Shovelling GUI

RootKits and detection

Detecting backdoors with Netstat, Lsof,and Fport

Hidden file detection with LADS

Covert Channels using Covert_TCP

FRIDAY, JUNE 22, 2007504.6 Hacker Tools Workshop

This workshop lets you put what you

have learned over the past week into

practice. You will be connected to one

of the most hostile networks on planet

Earth. This network simulates the Inter-

net and allows students to try actual

attacks against live machines and learn

how to protect against these attacks.

This workshop will give students flight

time with the attack tools to better

understand how they work. Additionally,

students can participate in the work-

shops Capture the Flag event. By pene-

trating systems, discovering subtleflaws, and using puzzle-solving tech-

niques, you can test the skills youve

built over the week in this engaging con-

test. The Capture the Flag victors will

win a prize.

Topics include:

Hands-on analysis

General Exploits

Other attack tools and techniques

John Strand

John Strand started working in information

security at Accenture Consulting at the Depart-

ment of the Interior, where he worked incident

response, vulnerability assessment, and intru-

sion detection. He is currently employed with

Northrop Grumman in Denver doing Information

Assurance. John currently holds the CISSP and

GIAC GCIH and GCFW certifications.

LAPTOP REQUIRED

See www.usenix.org/usenix07

/training for more information.

PLEASE NOTE

Each SANS class runs for 6

days. Attending a SANS

course precludes attending

USENIX training courses or

technical sessions. See p. 22

for registration information.

SATISFACTION

GUARANTEED

If you feel a SANS tutorial

does not meet your needs, let

us know by the first break and

we will change you into any

other available SANS or

USENIX tutorial immediately.



20/24

SANS TRAINING PROGRAM

SANS Security 617:Assessing and SecuringWireless NetworksJames Tarala , Enclave

Overview: Few fields are as complex as

wireless security. This course breaks downthe issues and relevant standards that affect

wireless network administrators, auditors,

and information security professionals. With

hands-on labs and instruction from industry

wireless security experts, you will gain an

intimate understanding of the risks threaten-

ing wireless networks. After identifying risks

and attacks, well present field-proven tech-

niques for mitigating these risks, leveraging

powerful open-source and commercial tools

for Linux and Windows systems.

Who should attend: Operations profes-

sionals who are responsible for designing

and implementing secure wireless networks;

security professionals who are concerned

about the weaknesses of wireless networks;

penetration testers who want to include

wireless network security assessments in

their organizations services offerings; audi-

tors who must evaluate wireless networks

to ensure they meet an acceptable level of

risk and are compliant with organizational

policy. Students should have a working

knowledge of wireless networks, with expe-

rience in the design or deployment of wire-

less technology.

SUNDAY, JUNE 17, 2007617.1 Wireless Architecture, RF

Fundamentals

The field of wireless networking is

vastly complex, with umpteen proto-

cols, standards, and nonstandard

software packages. This day intro-

duces the architecture of wireless net-

works, varying wireless protocols, andradio-frequency concepts.

Topics include:

Radio frequency characteristics

Interference in wireless networks

Calculating signal gain and loss

Wireless organizers and standards

bodies

Antenna signal propagation and

characteristics

Building home-brew antennas from

parts Conducting effective site surveys

MONDAY, JUNE 18, 2007617.2 Auditing Wireless Networks

Hands-on

This day examines the process of

auditing wireless networks through

passive network analysis using popu-

lar sniffer tools. Well also examine the

various threats that target wireless

networks, take an in-depth look at the

802.11 MAC layer, and leverage tools

such as Kismet to map the range and

exposure of wireless networks.

Topics include:

Common misconceptions about

wireless security

Using satellite maps to document

wireless signal leakage

Understanding 802.11 addressing

Passive WLAN traffic sniffing

Leveraging TCPDump, Ethereal,

and Kismet

Analyzing wireless traffic with post-

processing tools

TUESDAY, JUNE 19, 2007617.3 WLAN Hacker Tools and

Techniques, Part IHands-on

With the flurry of wireless standards

and specifications has come a flurry of

attack tools that leverage protocol and

implementation weaknesses to com-

promise wireless security. This first of

three days exploring tools and tech-niques focuses on the threats and mit-

igation techniques surrounding rogue

APs, WEP-based security, and 802.1x

with dynamic WEP security.

Topics include:

Exploring how rogue APs can be

used against your organization

Wireless-side techniques for identi-

fying and locating rogue APs

Automating centralized wired-side

scanning for rogue APs Triangulation techniques for locating

transmitters

Understanding the RC4 cipher used

in WEP security

Weaknesses in WEP and dynamic

WEP implementations

Evaluating your network using pop-

ular hacker tools

WEDNESDAY, JUNE 20, 2007617.4 WLAN Hacker Tools and

Techniques, Part IIHands-on

This second of three days exploring

tools and techniques focuses on the

threats and mitigation techniques for

outdoor wireless MAN networks,

Cisco LEAP networks, networks using

VPN, and WPA pre-shared key imple-mentations.

Topics include:

Understanding different types of

wireless MAN networks

Software and hardware for sniffing 5

GHz networks

Evaluating WMAN information dis-

closure

Weaknesses in MS-CHAPv2 andMD4 hashing techniques

Operation and weaknesses in Cisco

LEAP Networks

Recovering user passwords from

LEAP transactions

Common vulnerabilities in wireless

IPSec/VPN deployments

Leveraging IP-over-DNS to bypass

VPN security Understanding the TKIP algorithm

and pre-shared key vulnerabilities

SUNDAYFRIDAY, JUNE 1722, 2007, 9:00 A.M.5:00 P.M.

USENIX is pleased to partner with SANS at USENIX 07 to offer two 6-day training courses focused on security.



21/24

THURSDAY, JUNE 21, 2007617.5 WLAN Hacker Tools and

Techniques, Part IIIHands-on

This third of three days exploring tools

and techniques focuses on the threats

and mitigation techniques for assessing

PEAP networks using WPA security,

DoS attacks against wireless networks,

hotspot security, and WLAN IDS moni-

toring techniques.

Topics include:

Understanding RADIUS and key dis-

tribution in 802.1x networks

Leveraging weaknesses to compro-

mise PEAP+WPA security

Evaluating the impact of WLAN DoS

attacks

Understanding Layer 1 and Layer 2

WLAN DoS techniques

Assessing hotspot security as a

provider, subscriber, and security

administrator

Service theft risks on wireless

hotspots

Rogue APs and hotspot networks Compromising SSL security on

hotspot networks

Designing and deploying WLAN intru-

sion detection services

Implementing WLAN intrusion preven-

tion services

Open-source and commercial tools

for WLAN monitoring

FRIDAY, JUNE 22, 2007617.6 Designing a Secure Wireless

InfrastructureHands-on

This sixth day of the course shifts from

learning about different attack tech-

niques and vulnerabilities to the steps

we can take to design a secure infra-

structure that will be resistant to attacks.

Using the knowledge gathered from the

previous days, well review the deploy-

ment or migration steps that organiza-

tions can take to mitigate the weakness-

es in other architectures, using

commercial or open-source tools.

Topics include:

Steps for migrating from WEP to WPA

to WPA2

Introduction to public key infrastruc-

ture (PKI) authentication

Deploying PKI using low-cost tools

Automating client setup and configu-

ration for secure wireless

Integrating RADIUS with existing

authentication databases

Securing 802.1x and RADIUSauthentication

Deploying PEAP for enterprise wire-

less security

Deploying secure VPN connectivity

for wireless networks

James Tarala

James Tarala is a principal consultant with

Enclave Hosting, LLC, and is based in Venice,

FL. He is a regular speaker and senior instruc-

tor with the SANS Institute, as well as a course-

ware author and editor for many of their audit-

ing and security courses. As a consultant

he has spent the past few years architecting

large enterprise IT security and infrastructure

architectures, specifically working with many

Microsoft-based, directory services, email, ter-

minal services, and wireless technologies.

LAPTOP REQUIRED

See www.usenix.org/usenix07

/training for more information.

PLEASE NOTE

Each SANS class runs for 6

days. Attending a SANS

course precludes attending

USENIX training courses or

technical sessions. See p. 22

for registration information.

SATISFACTION

GUARANTEED

If you feel a SANS tutorial

does not meet your needs, let

us know by the first break and

we will change you into any

other available SANS or

USENIX tutorial immediately.




22/24


SANTA CLARA,CALIFORNIA

HOTEL & TRAVELHyatt Regency Santa Clara

5101 Great America ParkwaySanta Clara, CA 95054Tel: (408) 200-1234Fax: (408) 980-3990http://santaclara.hyatt.com/hyatt/hotels/

Hotel Reservation Discount Deadline: May 29, 2007

USENIX has negotiated special rates for conference attendees at the Hyatt Regency Santa Clara.Please make your reservation as soon as possible by contacting the hotel directly. You must men-

tion USENIX to get the special group rate.Special Attendee Room Rate

$169 per night, plus 9.5% state and local tax, $0.12 California State Tourism Tax, and $1.00 Dis-trict Improvement Tax

Note: When the rooms in the USENIX block are sold out, requests will be handled on a space-available basis at the hotel's standard rate. Make your reservations early!

Why should you stay in the headquarters hotel?

We encourage you to stay in the conference hotel and when making your reservation to identifyyourself as a USENIX conference attendee.

It is by contracting rooms for our attendees that we can significantly reduce hotel charges formeeting room rental. When the sleeping rooms are not utilized, we face significant financial penal-ties. These penalties ultimately force us to raise registration fees.

We recognize, however, that not everyone can afford to stay in the conference hotel, so we alwaystry to book venues that have some low-cost alternatives available near the conference.

With costs going higher and higher, we are working hard to negotiate the very best hotel rates andkeep other conference expenses down in order to keep registration fees as low as possible. Weappreciate your help in this endeavor.

Airports & Ground Transportation

The hotel is located 5 miles from San Joses Norman Y. Mineta International Airport (SJC) and 30miles from San Francisco International Airport (SFO). Shuttle service from SJC to the hotel costsapproximately $1621 per person, and taxi service costs approximately $1530. Shuttle servicefrom SFO to the hotel costs approximately $36 per person, and taxi service costs approximately$80100. Valet parking at the hotel costs $10 per day and self-parking is complimentary. Seewww.usenix.org/usenix07/hotel for more information.

Traveling to USENIX 07 from Outside the U.S.A.

See detailed advice from the National Academies about visiting the United States at http://www7.nationalacademies.org/visas/Traveling_to_US.html.

About Santa Clara

USENIX is pleased to bring the Annual Technical Conference to Santa Clara. Santa Clara and itsenvirons offer a wide array of activities to occupy your free time, including a vibrant cultural sceneand exciting amusement park. Here are just a few ideas:

Paramounts Great America, http://www.pgathrills.com

Intel Museum, http://www.intel.com/museum

Tech Museum of Innovation, http://www.thetech.org NASA Ames Exploration Center, http://www.nasa.gov/centers/ames/home/exploration.html

Rosicrucian Egyptian Museum & Planetarium, http://www.egyptianmuseum.org

See the Santa Clara Convention & Visitors Bureaus Web site, http://www.santaclara.org, for more.


23/24


REGISTRATION INFORMATION & FEESRegister or make a reservation on the Web today athttp://www.usenix.org/usenix07/registration.

Pay today with a credit card, or make a reservation online and then payby check, phone, or fax. Have the best of both worlds: the convenienceof online registration without the hassle of hand-written forms, and theability to pay as you want, when you want!

Early Bird Registration Deadline: June 1, 2007

TRAINING PROGRAM REGISTRATION

Every USENIX training program registration includes:


Lunch on the day of your tutorials Training program CD-ROM, including all available

tutorial presentations and materials

Printed tutorial materials for your courses

Admission to the evening activities

Conference t-shirt

Wireless connectivity in conference session area

Every SANS training program registration includes:


Lunch on the day of your tutorials Complimentary one-year membership in the USENIX Association

Printed tutorial materials for your courses


Conference t-shirt


TECHNICAL SESSIONS REGISTRATION

Every technical sessions registration includes:

Admission to all technical sessions on the days of your choice Copy of the Conference Proceedings (in print or on CD-ROM)


Conference t-shirt


Multiple Employee DiscountWe offer discounts for organizations sending 5 or more employees toUSENIX 07. Please email [email protected] for more details.

The group discount cannot be used in conjunction with any other dis-

counts, and it cannot be applied retroactivelythat is, refunds will not beissued to those meeting the discount requirement after they have alreadyregistered.

REGISTRATION FEES

USENIX is pleased to offer Early Bird Registration Discounts of up to$300 to those who register for USENIX 07 by June 1, 2007. After June 1,registration fees increase.

*Each SANS class runs for 6 days. Attending a SANS course precludes

attending USENIX training courses or technical sessions.

For maximum savings, combine Package A with Package B or C.

If you are not a member of USENIX, EurOpen.SE, or NUUG, $120 will beadded to your technical sessions fees.

Optional CostsContinuing Education Units (CEUs): $15 per training day

Registration Fees for Full-Time StudentsUSENIX offers full-time students special low registration fees for USENIX07 that are available at any time. See www.usenix.org/usenix07/studentsfor more information.

Students who are not members of USENIX: $45 will be added to yourtechnical sessions fee.

Workshop RegistrationUSENIX 07 will be co-located with the 3rd Workshop on Steps toReducing Unwanted Traffic on the Internet (SRUTI 07) and with the FAST-OS PI Meeting and Workshop. Please see www.usenix.org/sruti07 formore information and to register for SRUTI 07, and www.usenix.org

/fastos07 for more information and to register for the FAST-OS workshop.

Daily Rates for Full-Time Students

1 day of technical sessions $110

1 day of USENIX trainingA limited number of USENIX tutorial seats are reserved for full-timestudents at this very special rate. Students must reserve their tuto-

rial seats before registering. If you plan to take half-day tutorials,you must take both half-days to qualify for the student rate. Thereis no special student rate for SANS training.

$200

SAVE! Choose One of Our SpecialDiscount Packages

Before

June 1

After

June 1

A. 3 Days of Technical Sessions SAVE $100! $680 $830

B. 2 Days of USENIX Training SAVE $50! $1220 $1320

C. 3 Days of USENIX Training SAVE $100! $1805 $1955

D. 4 Days of USENIX Training SAVE $200! $2340 $2540

E. 5 Days of USENIX Training SAVE $300! $2875 $3125

F. 6 Days of USENIX Training SAVE $600! $3210 $3510

G. 6 Days of SANS Training* $3210 $3510

Daily RatesBefore

June 1

After

June 1

1 day of technical sessions $260 $310

1 day of USENIX training $635 $685

1 half-day of USENIX training;second half-day only $300

$335 $385

Refund/Cancellation Deadline: Monday, June 11, 2007All refund requests must be emailed to [email protected] byMonday, June 11, 2007. You may substitute another in your place.

Please Read: This is not a registration form. Please use our onlineform to register or make a reservation. If you choose to make a reser-vation and pay later by check or credit card, you will receive a print-able summary of your session selections, the cost breakdown, andthe total amount due. If you are paying by check or phone, submit a

copy of this summary along with your payment or have it with youwhen you call. Tutorial bookings cannot be confirmed until paymenthas been received. Purchase orders, vouchers, and telephone reser-vations cannot be accepted.


24/24

USENIX ASSOCIATION

2560 Ninth Street, Suite 215

Berkeley, CA 94710

510.528.8649

510.548.5738 fax

Register with the prioritycode on your mailing labelto receive a $25 discount!

Non-Profit

Organization

US Postage

PAID

Permit #110

Hopkins, MN

Hewlett-Packard Labs

THANKS TO OUR SPONSOR THANKS TO OUR MEDIA SPONSORS

Santa Clara, CA June 1722, 2007

ACM Queue

Dr. Dobbs Journal

IEEE Security & Privacy

ITtoolboxLinux Journal

No Starch Press

SNIA

Sys Admin

Join leading researchers and practitioners for 6 full days on the latest technologies.

Documents

usenix07 training proof