[Tech] Lisa 2005 - Day 6

LISA 2005 Trip Log: 12/08/2005
==================
Day 6 - Tech Sessions and Referreed Papers

Tech Sessions and Refereed Papers
-------------------------------
Refereed Papers

Toward a Cost Model for System Administration, by Alva L. Couch, Ning Wu, and Hengky Susanto, Tufts University

notes:
The intangible cost of system administration is approx proportional to the amount of time to complete requests.
Holy shit, perhaps one of the most mind blowing talks I have attended. Their findings show an elegant proof-positive of what most SAs feel.
Documentation is the best cure for long wait times (and hence reduces cost).
His results show that ticket trends follow a Poisson analysis.
He applies statistical analysis to determine average time to resolution.
Temporal conditional probability.
For <2 Admins available, you get a chaotic response to the request queue, whereas if you have 2 or greater, you get a better smoother response characteristic to the request queue. With 1 Admin, running at capacity, you cannot predict a recovery/uncontrolled model.

links:

Voluntary Cooperation in Pervasive Computing Services, by Mark Burgess and Kyrre Begnum, Oslo University Colle\ge

notes:
Systems are not computers, they are human-computer interactions.
Theory around decentralized management.
Hive and collective relationships.
links:

Network Configuration Management via Model Finding, Sanjai Narain, Telcordia Technologies, Inc.

notes:
links:

-------------------------------
Lunch - skipped
-------------------------------

Tech Session
-------------------------------
Network Black Ops: Extracting Unexpected Functionality from Existing Networks
by Dan Kaminsky, DoxPara Research

notes: rescheduled presentation of Wednesday.
IDS make a promise of security, but serious vulnerabilities exist due to limited packet-centric view.
Applications do not live in packet-space.
All major firewall vendors have their own weaknesses. No single tool right now can address all issues.
IPS systems should NOT ban invalid traffic.
DNS poisoning, used to selectively hijack network traffic.
Automatic network shunning very bad idea.

Dan has a tool to dynamic display interdepencies of active networks in a living, organism-like display. Was amazing to view even a small netowrk.
Streamed video via DNS...had to see it to believe it.

links:
http://www.doxpara.com/
http://www.prolexic.com/
http://www.securityfocus.com/pen-test
http://www.securitydocs.com/Vulnerability_Management/Auditing/Pen_Test
http://tor.eff.org/
http://www.doxpara.com/?q=/node/1129
http://www.adultswim.com/shows/robotchicken/

Plenary Session:
-------------------------------
Picking Locks with Cryptology, by Matt Blaze

notes:
Spoke 3 slides about mechnical locks and switch topics to eavesdropping, countermeasures, policy, and wiretapping.
TNEC (Trustyworthy Network Eavesdropping and Countermeasures) - NSF funded research project
Wiretaps for legal use, are broken into two types "Pen Register" and "Full Audio".
Wiretapping technologies:
-telco records; get phone records from telco, retrospective, like pen register
-loop extender/dialup slave; real-time connection to law enforcement
-CALEA/J-STD-025A; standard interface between agency and telco, new (1996)
Possesion of wiretapping equipment is a felony offense (18USC2512).

links:
http://www.countermeasures.pimall.com
security article
http://netsec.blogspot.com/

-------------------------------
Dinner - LISA Reception, buffet food, $500 of funny money, gambling. Met someone from a smaller regional hospital who uses some of the same tools we do.
-------------------------------

BoFs, did not make it to any of them because I went to the SUN Reception.

The SUN reception was a good choice. I was able to meet many, many, many talented people from SUN, from a kernel engineer to a tech writer for http://docs.sun.com (chief writer), to a security expert on PKI. My colleague and myself spent the better part of two hours engaged in very good discussion about OpenSolaris, OpenSPARC, Solaris 10, zones, patch management (updatemanager, smpatch, etc), systems management (SunMC), new technologies (T1) and cost vs power analysis of various platforms. I need to give a lot of credit to SUN for sending engineers and technical writers to this conference, it shows a committment to the SysAdmins and the engineers are able to get real-world experience (and ancedotes) about the products they work on.

Tomorrow is the last day of the conference. I miss home. The conference started out strange and slow, but these last few days have been what it is all about, SAs from all over the world, as well vendors, scientists, managers, and security experts coming together and sharing ideas and experiences. BoFs are nice, but I actually value the 'Hallway Track' more as you can get to know the other people on a personal level as well as a technical level. I will leave here this year with new contacts and a new friends.