LISA 99 Conference Reports
Presented by: Vincent Davis
| On the seventh to the twelveth of November, I had the privilege to attend the 1999 LISA (Large Installation Systems Administration)Conference. This conference was held at the Washington Convention Center in Seattle, Washington. This conference featured daily tutorials,workshops, an exhibition, and several hospitality suites. I attended the Invited Talks and one Practicum. There was a joint opening session on Wednesday morning where Joe Ruga spoke. He is the lead of the engineering computing center for design, analysis, and support of each shuttle flight. He discuss the ins and outs of system administration for the space shuttle. The next session I attended was called Deep Space Bind. After having been relatively stable and reliable for about fifteen years, DNS is undergoing inevitable rototilling, and BIND with it. Paul Vixie, an Internet Software Consortium, discussed DNS Protocol. DNS stands for Domain Name Server. He discussed DNS Protocol from two view points. DNS Protocol, as amended brought in the addition of new RR types and clarifications, how RFC can be somewhat ambiguous,and the notifications. DNS Protocol, as proposed brought in sixteen possible RCODES) constraining of octets per UDP messages, and TSIG(Translation Signature). The next was called the Four-Star Approach to Network management. Experience shows that large network-management platforms that promise to be all things to all people usually don't solve the problems we need them to. An alternative to using a big tool is to assemble a collection of smaller tools that do precisely what you need. Jeff R. Allen, Web TV Networks, Inc. and David Williamson, GNAC,Inc., explained how Web TV chooses and uses tools, giving particular attention to Cricket, a tool which has given great visibility in the behavior of our systems. They discussed two approaches to the four star approach. The vendor approach is to deploy monolithic application into the framework. The vendor can solve problems directly, or with add-ons.Their approach is to select small tools to do precisely what's needed from the menu of choice. The menu of choice is divided into two parts.The first part deals with alert management, change management, trending and thresholding, intrusion detection, project management and work flow automation. The second part deals with time management, inventory control software distribution, public relation, and monolithic systems. The practicum I attended was called "How We Manage with Web pages". Anne Salemme discussed the various sites that are unknown to people that can be a big help for web pages. The Web has become an essential part of day-to-day life at MIT, and supporting the rapidly changing needs of the web publishers at MIT is a challenge, given the staff and funding resources of MIT Information Systems. Web service has been provided for static content for thousands of users and millions of web pages by supporting web servers as basically an add-on to the necessary underlying services we already provided. This model is challenged by potential future needs, such as dynamically generated content and authenticated access for publishers to their content by the web. On Thursday, I attended a session called Real World Intrusion Detection. As e-commerce and extranet applications introduce riskier internet protocols, system administrators need intrusion detection techniques in order to distribute security countermeasures on increasingly open networks. Mark K. Melis, Consultant of Systems Experts Corporation,talked about the types of intrusion detection. The first one, network,are the smart sniffers. The record traffic for subsequent analysis,reconfigurate fire wall to block attacks, and sue sensors as a distribute model. The second one, host, is the instrumentation. It is the look out for authentication events, such as successes and failures.The third one, web application ruins DMZ, speaks SQL to database, and generates by bug-free codes.The last one, analysis, checks for centralized logging, event correlation, and deployment. The last session was called "The System Administrator's Body of Knowledge". Geoff Halprin discussed how the increasing field of system administration is affecting society. The maturing field of system administration to date lacks a form a understanding of the profession which organizations can sue to assess their maturity and individuals can consult to plan their career development. The System Administration Body of Knowledge is working toward defining the duties and responsibilities of the profession and capturing industry best practices.
Presented by: Katrina Banks
| I recently attended the 13th annual Lisa 99 system administration conference sponsored by the USENIX association. The conference was from November 7-12. We left for Seattle on the 9th of November and came back on the 12th. I was awarded a student stipend of $900 dollars to pay for my expenses. This was a wonderful opportunity for me to learn more about system administration because I was able to attend some of the technical sessions offered at the conference. I also had the change to talk to representatives from various companies about internship opportunities and job openings. The first session we attended was the opening remarks given by Joe Rugaon Wednesday November 10, 1999. During this session he talked mainly about this experiences in the field of system administrations and his time spent working in Rockwell's shuttle division. That same day we also attended three other technical sessions, "Deep Space bind", "the Fur Star Approach to Network Management", and "A Couple of Web Servers, A Small Staff, Thousands of Users, and Millions of Web Pages...How We Manage". On Thursday November 11, 1999 we attended"Real World Intrusion Detection" and "The System Administrators body of Knowledge". Deep Space Bind was a discussion on Bind versions 8.22 and 9. This talk was given by Paul Vixie, chairman of the Internet Software Consortium. The Main focus of his talk was about DNS protocols and security. Also apart of bind called a rotate that is used to transfer a lot of IP addresses into domain names. The Four Star Approach to Network Management was a talk given by Jeff R. Allen and David Williamson. They mainly talked about the cricket system which is used for storing and viewing them series data on a large network platform. They also talked about the best ways to effectively manage a large network. Our last session of the day was about effective ways to provide internet services to millions of users.
Presented by: Keisha Harrison
| The 13th annual LISA 99 Conference in Seattle, Washington was a very good experience. The conference gave us an opportunity to meet people who are already in the System Administration field. It also gave us an opportunity to learn about what people in the System Administration field have to go through. The conference provided a number of technical sessions and exhibits. Paul Vixie, from Internet Software Consortium presented a session on Deep Space Bind. After fifteen years DNS and BIND are both undergoing inevitable rototilling. Some of the issues that were discussed in the session were the disadvantages of BIND 4 and some of the features of BIND 8.2 The disadvantages of BIND 4 is that request and response don't match, there are a lot of false calls, and it uses compression on all names. The features of BIND8.2 include security, performance, useability, and greater RFC conformance. Jeff Allen from WebTV Networks Inc. and David Williamson from GNAC Inc.presented the session on the Four-Star Approach to Network Management.Experience has showed that large network-management platforms are usually not what they promise to be. Jeff and David presented an alternative assembling a collection of smaller tools that do precisely what you need instead of using one big tool. They explained how WebTV chooses and sues tools. They gave special attention to Cricket, a tool that has provided they with great visibility into the behavior of their systems. Cricket is a very flexible tool used for storing and viewingtime-series data. It runs every five minutes and uses CGI Script to view the data. In addition to Cricket they also discussed the pros and cons of Remedy. Remedy's pros include its ability to be very customizable. Remedy can handle almost any problem, is scalable and is very reliable. On the other hand Remedy's downfall is also that it is very customizable, which means that consulting help is required to set it up. Curt Cummings from Microsoft Information Technology Group presented a session on Microsoft Internal Deployment of Windows 2000. on a global scale. The tools that were added between 1994 and 1997 included email forms, image map support, restricted access, search image, web publishing training, and certificate based authentication. The web tools added between 1998 and 1999 include discussion groups, a search engine,secure file transfers, WYSIWYG web editor(dream weaver), and webpage usage statistics. Mike Mellis from Consultant System experts Corp. presented a session on Real World Intrusion Detection. The advantage of intrusion detection include its sophisticated opponents, complex system protocol through firewall, and the compensating control that it provides. The types of instrusion detection are network, host application, and analysis. When dealing with the network intrusion detection keep in mind that some analyze traffic in real time. Also look to attack signatures. Vendors of commercial tools supply updated signatures on a more or less frequent basis. Network intrusion detection is no-trivial to set up and support.When dealing with host intrusion detection the instrumentation used is tripwire, tcpwrappers, and commercial tools. When dealing with analysis remember that many events are logged but few are chose. Mellis also discussed deploying. It is best to deploy in areas where traffic is concentrated and in areas where traffic is particularly sensitive. Area traffic is concentrated adjacent to access routers and firewalls. Traffic is sensitive inside protected networks. All infrastructure machines should have host intrusion detection installed.All exposed machines should also have host intrusion detection.Deploying should be done one step at a time. You should expect to spend at least a month fixing misconfigured systems. Deploying is not a project, it is a process.
| Return to ONR |