Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis: Difference between revisions
From Gridkaschool
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 20: | Line 20: | ||
- Participants work on the case |
- Participants work on the case |
||
'''End of Day 1: having found the intruder's backdoor password''' |
'''End of Day 1: having found the intruder's backdoor password''' (Sites that finish early can receive an optional bonus challenge.) |
||
'''- Wednesday 10:50 - 18:30 ''' |
'''- Wednesday 10:50 - 18:30 ''' |
||
10:50 - 12:30 |
10:50 - 12:30 |
||
- First summary of day one, what was found, get all sites on the same level |
- First summary of day one, what was found, get all sites on the same level. |
||
- If there is a site that sticks out and solved everything - give them the Bonus-Challenge |
|||
- Scenario 2 |
|||
- Other sites: Keep working on the case |
|||
- Reports from teams |
|||
- Close case |
|||
- Lunch break |
- Lunch break |
Revision as of 11:36, 28 August 2012
- Tuesday 13:30 -- 18:30
Introduction to the Security Track at GKS 20min (Sven Gabriel) - Classical Incident / Grid-Incident, agenda - All attacks the participants will deal with have been seen recently at different sites, we compiled from these a fictionary scenario.... Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind rein zufällig und nicht beabsichtigt.:) - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram - Coffeebreak
Introduction to sites (Ursula)
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) - Tools, check-list
- Start Scenario 1 * Rules
- Participants work on the case End of Day 1: having found the intruder's backdoor password (Sites that finish early can receive an optional bonus challenge.)
- Wednesday 10:50 - 18:30
10:50 - 12:30 - First summary of day one, what was found, get all sites on the same level.
- Scenario 2
- Lunch break
14:00 - 18:30 14:00 - 14:30 - Introduction to the grid specific part of incident response (Sven Gabriel) (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning) - tracing a job to the originating WMS or UI - suspending a user at the site - trace activity of a certain DN
14:30 - 18:30 - Work on the case
End of day 2: - users banned
-Thursday 10:50 - 18:30
10:50 - 12:30 - First summary of day two, what was found, get all sites on the same level: 12:30 - 14:00 Lunch break
14:30 - 15:00 - Demo of CVE 4073 [Group that handled this case / Sven]
15:00 - 16:30 - Group Presentations (15 minutes per Group)
16:30 - 17:30 - Presentation of what the sites could have found / hints which attack was taken from which incident - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)
17:30 - 18:30 - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else