This is part of the AfNOG 2008 Workshop, held in conjunction
with the AfNOG meeting in Rabat, Morocco, in May and June 2008.
Daily Time Schedule:
Morning
-------
Session-1 08:45am - 10:45am
Tea Break 10:45am - 11:00am
Session-2 11:00am - 1:00pm
Lunch Break 1:00pm - 2:15pm
Afternoon
---------
Session-3 2:15pm - 4:15pm
Coffee Break 4:15pm - 4:30pm
Session-4 4:30pm - 6:30pm
Evening
-------
Session-5 6:30pm - 7:30pm
Dinner 7:30pm - 8:30pm
In addition to this detailed timetable you can see a summary timetable as well.
Monday morning 8:45am
o Introduction and logistics -- Ayitey Bulley
o Why did we choose FreeBSD? -- Joe Abley
o FreeBSD Tutorial -- Frank Kuse
* FreeBSD Tutorial Materials.
* FreeBSD Tutorial Exercises.
+ Accounts information
+ Creating a user account for exim and yourself
+ Some basic FreeBSD commands
+ Post-installation configuration
+ Short example using FreeBSD commands
+ Getting FreeBSD 6.2 files and others
+ pkg_add: Adding packages or ports by hand
+ Network Information
- ifconfig
- rc.conf
- Stopping and starting the network
- Stopping and starting services
+ Installation Notes
+ Slices and partitions
+ Distribution sets
+ Quick installation guide (using CD-ROM)
+ The FreeBSD Directory Structure
+ A few differences from Linux
+ VI Tutorial
o Introduction to IPv6 -- Hari Kurup
* IPv6 Intro Materials.
+ Background and exhaustion of IPv4
+ The IPv6 datagram, neighbor discovery and autoconfiguration
+ IPv6 Addressing and address space
+ IPv4 to IPv6 Transition
+ Enabling IPv6 in Applications
Monday morning 11:00am
o DNS Session-1 (Fundamentals): -- Ayitey Bulley and Joe Abley
* DNS Materials.
* Goal: to understand overall purpse and structure of DNS
+ IP addresses vs. names
+ DNS as a distributed, hierarchical database
+ Domain names and resource records:
- A, PTR, MX, CNAME, TXT, SOA/NS
+ Domain name lookup responses
+ Reverse DNS
+ DNS as client-server model
- Resolver
- Cache
- Authoritative server
+ Testing DNS (dig)
+ Understanding output from dig
+ Practical Exercises:
- Configure Unix resolver
- Use dig { A, other (e.g. MX), non-existent answer, reverse lookup }
- Use tcpdump to show queries being sent to cache
Monday afternoon 2:00pm
o DNS Session-2 (DNS Caching Operation & DNS Debugging): -- Ayitey Bulley and Joe Abley
* Goal: to understand operation of a recursive nameserver
+ Recap of previous session
+ DNS as a distributed database.
+ Resource record NS: referral of answer
+ Caching nameserver and root servers
+ Caching used to reduce load (esp. top level servers)
+ Issue of stale data in caches (problems with distributed systems).
- TTL records on each record
- Negative TTL in SOA
+ Recursion and caching (dig +norec)
+ Demo: www.ticscali.co.uk
+ Practical Exercise:
- Debugging DNS Worksheet (with dig +norec ):
. Students work on their own examples
+ Configuring a caching nameserver
- check /var/named/etc/namedb/named.conf
- run tcpdump
- rndc start
- change /etc/resolv.conf to point to your nameserver
- querry two times - { Look at 'aa' flag, TTL, query time }
- rndc flush
- cache is authoritative for 127.0.0.1
Monday afternoon 2:00pm
o DNS Session-2 (Continued): -- Ayitey Bulley and Joe Abley
+ What sort of hardware would you choosing when building a DNS cache?
+ Improving the configuration of a cache NS
+ Managing a caching nameserver
+ Practical Exercise:
- Building your own cache nameserver
- Improving the configuration of the cache NS
+ Question and Answer session
+ Summary
Monday afternoon 4:15pm
o DNS Session-3 (Configuring Authoritative Name Servers): -- Ayitey Bulley and Joe Abley
* Goal: to properly configure an authoritative nameserver
+ Recap of caching NS
+ DNS Replication
+ Outside world cannot tell the difference between master and slave
+ When does replication take place?
+ Two (2) Dangers with serial numbers
+ Configuration of Master & Slave NS
- Format of Resource Records { SOA and NS }
+ Ten (10) Common DNS Operational and Configuration Errors (RFC1912)
Monday evening 6:30pm
o DNS Exercises
Tuesday morning 8:45am
o DNS Session-3 (Continued) Exercises: -- Ayitey Bulley and Joe Abley
* Setting up a an authoritative name services for a domain
+ Master & Slave nameserver exercises
Tuesday morning 11:00am
o DNS Session-4 (Delegation & Reverse DNS) -- Ayitey Bulley and Joe Abley
* Presentation:
+ Domain delegation
+ About Glue records
+ Reverse DNS (/24)
+ Reverse DNS (less than /24)
* Exercise:
+ Delegation
+ Reverse DNS (in-addr.arpa)
+ Setting up flexible logging
Tuesday afternoon 2:00pm
o RADIUS -- Frank Kuse
* RADIUS Materials
* Presentation:
+ What is RADIUS?
+ What does RADIUS do?
+ Why do we need RADIUS?
+ Other AAA services
+ About FreeRADIUS
* Exercise:
+ Build and install freeRADIUS.
+ Configure and start the RADIUS server.
+ Test authentication
+ Convert a service to support Radius.
Tuesday afternoon 4:15pm
o Web/SSL -- Chris Wilson
* Apache Materials
+ Installing Apache22 from FreeBSD ports
+ Configure Apache with basic configuration
+ Start Apache httpsd daemon and connect to local box
+ Verify local ssl certificate works
+ Configuring Apache with SSL
+ Example SSL Apache configuration file
+ Sample config for Virtual Hosting
Tuesday evening 6:30pm
o Web/SSL Exercises continued -- Chris Wilson
Wednesday morning 8:45am
o Mail/Exim -- Philip Hazel
* Exim Materials
+ Introduction to Internet Mail
- Mail agents - MUA and MTA
- Message format
- Authentication
- SMTP - Message in transit
- Use of DNS for email
- Delivering a message
- Relay control
- Policy control on email
Wednesday morning 11:00am
o Mail/Exim -- Philip Hazel
+ Practical Exercise:
- Install Exim, run basic tests
Wednesday afternoon 2:15pm:
o Mail/Exim -- Philip Hazel
+ Exim Routers and Transports configuration
- Configuration file
- Changing runtime configuraiton
- Configuration file sections
- Default configuration file layout
- Common global options
- Exim 4 routing
- Simple routing configuration
- Default routers
- Default transports
- Routing to smarthosts
- Virtual domains
- Message filtering
Wednesday afternoon 4:15pm
o Mail/Exim -- Philip Hazel
+ Practical Exercise:
- Modify routing, virtual domains practical exercises
Thursday morning 08:45am
o Mail/Exim -- Philip Hazel
+ Incoming message control features
- Access Control Lists
- Good and bad relaying
- Content scanning
- Large installations
+ Practical Exercise:
- Setting up a relaying host
- Configure TLS
- Demonstrate retry mechanisms
Thursday morning 11:00am
o Mail/Exim -- Philip Hazel
+ Practical Exercise continued
- Spamassassin Installation
- Modifying Exim configuration file for spam filtering
- ClamAV Installation
- Modifying Exim configuration file for virus filtering
+ Managing SPAM
- Filtering unwanted E-mails
- What are the main sources of junk E-mail?
- What are the costs?
- Where can you filter?
- Legal problems with filtering
- Ways to identify spam
- Exim implementation of SRS
- Minimising the joe-jobs we relay
- What should you do?
Thursday afternoon 2:15pm thru to the Evening Session
o POP, IMAP and Web email servers -- Chris Wilson & Frank Kuse
* POP3/Mail Materials:
+ Mailserver scalability
- Linear password files
- Linear mbox files
- Too many files in one directory
- CPU limits
- Disk performance
- Keep your SMTP (smarthost) and POP3 services separate
+ FreeBSD mailserver performance tuning
- Increase kernel limits
- Enable softupdates
- Use SCSI disks
- Spread mail directories across multiple disks
- Put in as much RAM as possible
- Use PCI cards, not ISA
- Maildir and courier-imap POP3/IMAP
+ Practical Exercise:
- Reconfigure exim for Maildir delivery
- Courier practical exercises
. Install courier-authlib from FreeBSD ports collection
. Install courier-imap from FreeBSD ports collection
. Configure the daemons
. Start the daemons
. POP3 and IMAP over SSL
. Install Sqwebmail from FreeBSD ports collection
+ Notes and Clustering and NFS
- Using Network File System (NFS)
- Using Proxies
- Load balancing
- Database backends
- FreeBSD NFS
Friday morning 8:45am
o POP, IMAP and Web email servers -- Chris Wilson & Frank Kuse
+ Practical Exercise ( continued ):
Friday morning 11:00am
o Security - Joe Abley
* Security Section Materials
+ Authentication
+ Authorisation
+ Integrity
+ Confidentiality
+ Availability (DoS)
+ Host access controls
+ Network access controls
+ Attacks on the host vs. attacks no the network
+ smurf attacks
+ Some Available Resources
+ Cryptographic Methods
- Private key or symmetric ciphers
- Hashing or one-way encryption
- Integrity checks
- Generating encryption keys
- Public key ciphers
- Digital signatures
- Man in the middle attacks
- PGP and SSH notes
+ SSH Discussion - Security at the Application Layer
- known_hosts files and authorization
- Password challenge authentication
- RSA/DSA Private/Public Key generation
- Public/Private Key use with SSH
- ssh-agent and ssh-add
- Using tunnels with SSH
Friday afternoon 2:00pm
o Monitoring IP Services -- Ayitey Bulley, Hari Kurup, Frank Kuse
* Monitoring Section Materials
+ Monitoring IP Services with Nagios
+ Monitoring of Exim Logs and Queues
Friday afternoon 4:15pm
o Monitoring IP Services -- Ayitey Bulley, Hari Kurup, Frank Kuse
+ Practical Exercise:
- Setting up nagios
- Setting up exim monitoring tools
- Setting up smokeping
o Other stuff:
+ Nagios config files
Return to AfNOG Workshop Main Page