09-20, 11:00–17:00 (Europe/Dublin), Beech
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and sister operating systems in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
-
The basics of and network design and taking it a bit further
-
Building rulesets
-
Keeping your configurations readable and maintainable
-
Filtering, diversion, redirection, Network Address Translation
-
Handling services that require proxying (ftp-proxy and others)
-
Address tables and daemons that interact with your setup through them
-
The whys and hows of network segmentation, DMZs and other separation techniques
-
Tackling noisy attacks and other pattern recognition and learning tricks
-
Annoying spammers with spamd
-
Basics of and not-so basic traffic shaping
-
Monitoring your traffic
-
Resilience, High Availability with CARP and pfsync
-
Troubleshooting: Discovering and correcting errors and faults
-
Your network and its interactions with the Internet at large
-
Common mistakes in internetworking and peering
-
Keeping the old IPv4 world in touch with the new of IPv6
Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
Speakers:
Peter N. M. Hansteen, Senior Technical Specialist at Tietoevry. Author of The Book of PF (https://nostach.com/pf3), occasional blogger (https://bsdly.blogspot.com) and lecturer on IT security with a strong preference for OpenBSD.
Massimiliano Stucchi, Technical Advisor at The Internet Society, IPv6 enthusiast, frequent lecturer on network security and IPv6 matters.
Tom Smyth, CTO wireless Connect Ltd, Maintainer of the NSH network Shell for OpenBSD.
Senior Technical Specialist at Tietoevry. Author of The Book of PF (https://nostach.com/pf3), occasional blogger (https://bsdly.blogspot.com) and lecturer on IT security with a strong preference for OpenBSD.
CEO and CTO wireless Connect Ltd, Maintainer of the NSH network Shell for OpenBSD.
Is a voluntary representative of Irish SME ISPs on policy matters in Europe and in Ireland. Tom is an advocate for Technical solutions to Technical problems and advocates against the use of Technical solutions to prop up misguided policies be them political or business policies. Tom is a political activist and optimist who believes in the power of patient persuasion the use of facts that are presented in an accessible and easy to comprehend form.
Technical Advisor at The Internet Society, IPv6 enthusiast, frequent lecturer on network security and IPv6 matters.