pre-SANOG VI Workshop Outline - Detailed
Dates: January 10 to 15, 2005
Location: The Royal Institute of Management, Thimpu, Bhutan
Organizers: Bhutan Telecom Ltd
NSRC (Network Startup Resource Center)
Primary Instructors: Hervey Allen (HA), Network Startup Resource Center
Brian Candler (BC), Volunteer, Network Startup Resource Center
Daily Time Schedule
Morning
-------
08:45-10:45
Break
11:00-13:00
Lunch from 13:00 to 14:00
Afternoon
---------
14:00-16:00
Break
16:15-18:15
Monday: Day 1, January 10
Morning (HA/BC)
* Welcome to the workshop and Introductions
* Workshop setup, including accounts, machines, and schedules
* Why we are using FreeBSD
* Introduction to FreeBSD
* Presentation covering basic FreeBSD structure and concepts
- Command line (shell) vs. GUI under FreeBSD
- Configuration done with files vs. Registry
- FreeBSD vs. Windows/Linux partitioning
- How FreeBSD boots
- Where files reside
- Admin and user accounts
- Basics of permissions
- Basics of commands
- Software installation (packages vs. ports vs. source)
* Hands-on Installation of FreeBSD version 5.3
- Installation from CD-ROM
- Disk partitioning
- Install Kernel Developer (Binaries, docs, kernel sources)
- Configure network
- Configure timezone
- First time boot
- /stand/sysinstall
Afternoon (HA)
* FreeBSD Exercises
- Initial login
- Additional package installs with pkg_add and /stand/sysinstall
- Account creation
- Account maintenance using pw
- General job control (ctrl-c, ctrl-z, bg)
- Basic file editing with vi
- Using vipw to edit user entry
- Getting help (man, docs and HandBook)
- Practice with basis filesystem commands
- Installation of software using ports
- Review of the /etc/rc.conf and /usr/local/etc/rc.conf files
- How to see what is running using ps and top
- How to start a process
- How to stop a process using kill
* Additional FreeBSD topics and excercises if there is time:
- FreeBSD shell/environmental variables
- Viewing, mounting, and unmounting filesystems
- Virtual memory using vmstat
- Shell scripts
- Use of pipes for more complex commands
- Userid (uid), Groupid (gid), permissions and passwords
* Discuss cvs and cvsup
- Finish by starting a cvsup of the ports collection
Tuesday: Day 2, January 11
Morning (BC)
* IP Internetworking 1
- Overview of OSI 7 layer model
- Focus on using OSI model to test networks.
- Overview of IP datagram
- Simple IP number allocation
- Prefixes
- Exercises:
+ ifconfig
+ ping
+ traceroute
+ telnet
* IP Internetworking 2
- Summary of common ethernet lay 1 types
- ethernet MAC layer
- IP encapsulation and ARP
- Building a network using hubs, switches, and routers
- Exercise
+ Demonstrate ARP with ping and tcpdump
Afternoon (HA/BC)
* Security Summary Presentation
- Summarize major security issues.
- Issues with passwords.
- IP-based authentication
- Bash host-based access controls
- libwrap
- Demo of security issues (Nessus)
- Exercises
+ Initial attempt to lock down student server boxes
+ Strong password checking
+ Use of nmap
+ Use of logs
+ Rsync for data backup
* General Cryptography Presentation
- Cryptographic methods
- Ciphers
- md5 (hashes)
- Public/private keys
- ssh, ssl, pgp
* SSH Presentation
- Host keys
- Public/private key pairs
- Date is encrypted
- Tunnels
- Exercises
+ Generate public/private key pairs
+ Exchange host keys
+ Copy public key and connect to other server with private key passphrase
Wednesday: Day 3, January 12
Morning (HA)
* Discuss SSL and Apache
* Install the Apache web server with SSL support
- Discuss issues with local vs. signed certificates
- Install Apache with SSL using mod_ssl
- Configure Apache to start at boot
- Verify Apache and SSL are working using openssl s_client
- Change DocumentRoot for Apache
Afternoon (BC)
(Note: DNS may start last hour of morning session)
* DNS Session 1
- Goal: to understand overall purpse and structure of DNS
- IP addresses vs. names
- DNS as a distributed, hierarchical database
- Domain names and resource records:
+ A, PTR, MX, CNAME, TXT, SOA/NS
- Domain name lookup responses
- Reverse DNS
- DNS as client-server model
+ Resolver
+ Cache
+ Authoritative server
- Testing DNS (dig)
- Exercises:
+ Configure Unix resolver
+ Use dig
- A
- other (e.g. MX)
- non-existent answer
- reverse lokup
+ use tcpdump to show queries being sent to cache
* DNS Session 2
- Goal: to understand operation of a recursive nameserver
- Recap of previous session
- DNS as a distributed database.
- Resource record NS: referral of answer
- Caching nameserver and root servers
- Caching used to reduce load (esp. tol level servers)
- Issue of stale data in caches.
+ TTL records on each record
+ Negative TTL in SOA
- Recursion and caching (dig +norec)
- Example: www.ticscali.co.uk
- Practical:
Worksheet:
+ Students work on their own examples
- Configuring a caching nameserver (may go in to next day)
+ check /etc/named.conf
+ run tcpdump
+ ndc start
+ change /etc/resolv.conf to point to your nameserver
+ queries twice - Look at 'aa' flag, TTL, query time
+ ndc flush
+ cache is authoritative for 127.0.0.1
- Summary and Question and Answer session
* Patch/Secure Windows Installation
- Go through step-by-step what is required to patch a
Windows 2000 Server and a Windows XP Server
- Discuss Windows firewall features
- Discuss Windows client-side necessary measures
* Configure X and KDE for FreeBSD
- Install KDE lite
- Start KDE using .xinitrc configuration
- Discuss Xorg
- Note xorg.conf
- Discuss why not to use X/KDE on a server
Thursday: Day 4, January 13
Morning (BC/HA)
* Summary of Mail Materials
* Simple Mail Transfer Protocol (SMTP) Introduction
- MTA, POP, IMAP and Web email servers.
* Exim Introduction
- Introduction to Internet Mail
+ Mail agents - MUA and MTA
+ Message format
+ Authentication
+ SMTP - Message in transit
+ Use of DNS for email
+ Delivering a message
+ Relay control
+ Policy control on email
* Installation of Exim and basic tests
* Exim cont.
- Exim Routers and Transports configuration
+ Configuration file
+ Changing runtime configuraiton
+ Configuration file sections
+ Default configuration file layout
+ Common global options
+ Exim 4 routing
+ Simple routing configuration
+ Default routers
+ Default transports
+ Routing to smarthosts
+ Virtual domains
+ Access control lists
+ Good and bad relaying
+ Message filtering
+ Large installations
+ Separating mail functions
- Modify routing practical exercises
* User support and Help Desk
- Issues when supporting users
- Scalability
- What issues are faced in Bhutan?
- Possible solutions
- Resources
Afternoon
* Break - No class
Friday: Day 5, January 14
Morning (BC)
* Exim
- Reconfigure Exim for Maildir delivery
* Scaling Issues
* FreeBSD Mailserver Tuning
- Maildir
- Linear password files
- Linear mbox files
- Too many files in one directory
- CPU limits
- Disk performance
- Keep your SMTP (smarthost) and POP3 services separate
- Maildir and qmail-pop3d practical exercises
* POP/IMAP (Courier)
- Ensure that MTA is working.
- Install Courier IMAP
- Configure daemons
- Configure for use with ssl
- Create user accounts on machines.
- Test pop/imap over ssl from neighboring machines.
Afternoon (HA/BC)
* Webmail (SqWebMail)
- Install SqWebMail
- Verify you can read email sent
- Verify you can send email
- Verify that ssl (https) is working to read email
* Antiviral for MTA
- Access Control Lists
- Exiscan ACL
- ClamAV Install and Testing
+ (Install from source/package)
+ Update clamav.conf
+ Update Exim config to recognize ClamAV install
Saturday: Day 6, January 16
Morning (BC)
*Routing Overview
- Subnets Review
* Static Routing Excercises using FreeBSD boxes with two nics
- Configure static routes under FreeBSD
- Configure IP addresses on FreeBSD nic interfaces
- Configure static default routes on FreeBSD hosts
- Change ip addresses on nic interfaces in FreeBSD
- Add static routes to the FreeBSD system (route, netstat)
- Understand the use of FreeBSD as a serial console
- Perform basic network troubleshooting tasks such as ping
and traceroute.
- Review default routes
* P/EGP Overview
Afternoon (HA/BC)
* Questions and Answers
- Students and instructors informal review of the week
* Review of the week
* Exam
- Covering topics studied during the week. Approx. 30 min
* Workshop Closing and Certificates
- Formal closing of the workshop
- Handout of certificates of participation to each attendee
Last modified: Fri Jan 14 23:41:31 GMT 2005