Paul Vixie

Dr. Paul Vixie is Chairman and Founder of Internet Systems Consortium. He served as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he also served as Chairman in 2008 and 2009. He is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC).

Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8, and he hired many of the people who wrote BIND 9 and the people now working on BIND 10. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his Ph.D. from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC).

AusCERT2012 Tutorial

Topics in Operational Network Security - 1 day tutorial

Date: Monday 14th May 2012
Time: 9:00 am - 5:00 pm
Room: Norfolk Room
Price: $575 AusCERT members / $990 standard delegates

As a network of networks, the Internet makes it possible for anybody to be attacked by anybody, including attackers of both high and low still, and automated attack tools with nearly infinite patience. The criteria for success network operations includes staying in business, keeping your job, and having your evenings and weekends mostly free from emergencies. Success requires understanding the security implications of your network's topology as well as your configuration choices in servers, services, switches, routers, and firewalls of all kinds. There are also important considerations in your diagnostic and monitoring infrastructure, your I.T. policies, and your I.T. culture.

In this one day class, Dr. Vixie will lead the students through an examination of both the theoretical and practical design choices to be considered while building, managing, and auditing networks, and will describe the current or best (and worst) industry practices. Topics will include: IP and IPv6 issues such as fragmentation and reassembly; Ethernet issues such as vlans, jumbograms, and spanning tree; policy matters such as the lifetime and distribution methods of shared passwords; cultural matters like mostly open vs. mostly closed, and centralized revocation of SSH access vs. wide spread "authorized_hosts" files; configuration security considerations in Postfix, Apache, and BIND; an overview of Secure DNS technologies including DNSSEC, TSIG, UDP source port randomization, and future applications such as DANE which may supplant X.509 for SSL startup.

If there's time within the class period, we will also discuss the need for industry and peer engagement and continuing research and education, vendor patches and upgrades, CERT advisories, planning and documentation, and secret handshake societies including Op Sec Trust. Otherwise we'll continue after class in the hotel bar.

Students should be experienced system and network administrators with problems of their own and home grown solutions they'd like to get input on from peers. This class will give students a great opportunity to take a fresh look at old challenges and a first look at hidden and upcoming challenges.