PacNOG I Workshop Outline
Location: Tanoa Hotel in Nadi, Fiji,
Organizers: Pacific Network Operators Group (PACNOG), The
Network Startup Resource Center (NSRC), and Cisco Systems
Primary Instructors: Hervey Allen, NSRC
Joel Jaeggli, NSRC/Univ. of Oregon
Philip Smith, Cisco Systems
Assisted By: Save Vocea, APNIC
Amante Alvaran, APNIC
Daily Time Schedule
Monday
------
* Welcome to workshop (HA/JJ/PS)
* FreeBSD Materials
* Why we are using FreeBSD (HA)
- Note some differences from Linux
- FreeBSD Command Reference:
* Install FreeBSD (HA)
* Post-Install Exercises
- Include install of Gnome/KDE
- Additional exercises for those who want practice
* Cryptography overview (HA)
- [OpenOffice | pdf 1-up | pdf 4-up | ps.gz 1-up | ps.gz 4-up]
- symmetric ciphers, public/private keys,
hashing, integrity checks, key lengths,
digital signatures,
* Install/configure Apache with SSL (JJ)
- [html | Postscript]
* Configure local ssl certificate (JJ)
- Connect to web server using https
- Possible php example to force secure page (HA)
* Mail Materials
* Introduction to Exim (MTA) (HA)
- Overview of internet mail
- Overview of how Exim works
* Install Exim (HA)
- Verify that mail send/receive works
Tuesday
-------
* Review what we did
* Mail Materials
* Dealing with unwanted email (JJ)
- filtering, blacklists, filter by content,
whitelists, viruses, unwanted bounces, issues
* Overview of Spamassassin (HA)
* Install Spamassassin (HA)
- How to use Spamassassin with Exim
* Overview of ClamAV (HA)
* Install ClamAV (HA)
- Send infected message to test functionality
* Security overview/review (HA)
- [OpenOffice | pdf 1-up | pdf 4-up | PowerPoint]
- Best practices
- FreeBSD specific steps
* Scan with Nessus (HA)
- See if we can find security issues in our lab
* Secure what we find (JJ)
- Based on security scans take first steps to secure
- lockdown/reconfigure services
- Turn off services
- Update required services
- Do we need a firewall? Discuss this.
Wednesday
---------
* SNORT Materials
* Overview of SNORT (Intrusion Detection) (JJ)
* Install and use SNORT (JJ)
- Configure SNORT in NIDS mode
- Define rules and actions
- Verify rulesets are working
* SSH Materials
* SSH Overview (HA)
- Review public/private key
- Importance of private key
- "man-in-the-middle" attacks
* SSH lab (HA)
- scp/sftp, including scp between two
remote servers.
- Login/scp without passwords
- Exectute commands
- Tunneling
* Discuss how to avoid ssh tunneling (HA)
- [OpenOffice | pdf 1-up | pdf 4-up | PowerPoint]
- https/ssl
- pops/imaps using courier and with ssl
* Load balancing/cluster overview and example (JJ)
* Materials
- Front end services load balancer
- Backend storage solution
Routing & Multihoming
Instructor: Philip Smith, Cisco Systems
Assistant: Amante Alvaran, APNIC
Thursday
--------
* Introduction, Objectives
* Presentations
- Routing Basics: [pdf 1-up | pdf 6-up]
- Introduction to OSPF: [pdf 1-up | pdf 6-up]
- OSPF for ISPS: [pdf 1-up | pdf 6-up]
- Introduction to BGP: [pdf 1-up | pdf 6-up]
* Workshop Module 11 (lab) - Advanced Router Configuration
* Presentations
- BGP Attirbutes: [pdf 1-up | pdf 6-up]
* Workshop Module 11 cont.
Friday
------
* Presentations
- BGP Best Current Practices: [pdf 1-up | pdf 6-up]
- BGP Scaling: [pdf 1-up | pdf 6-up]
- BGP Multihoming (Part I): [pdf 1-up | pdf 6-up]
* Workshop Module 12 (lab) - Multihoming to the same ISP
* Presentation
- BGP Multihoming (Part II): [pdf 1-up | pdf 6-up]
* Workshop Module 13 (lab) - Multihoming to different ISPs
(not completed during class)
Saturday
--------
* Presentation
- Service Provider Multihoming Examples: [pdf 1-up | pdf 6-up]
* Workshop Module 21 (lab) - Multihoming Case Study
* Gateway border router configuration for PacNOG and .1q setup
for Module 21: [text]
* Same configuration file as above but includes Module 21,
Scenario 5 configuration: [text]
* Switch .1q configuration for lab setup for Module 21: [text]
* Q&A, examples
* Books
* Close of workshop
Last modified: Sat Jun 25 16:17:31 FJT 2005