Difference between revisions of "Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis"
From Gridkaschool
Line 7: | Line 7: | ||
rein zufällig und nicht beabsichtigt.:) |
rein zufällig und nicht beabsichtigt.:) |
||
- The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram |
- The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram |
||
+ | |||
− | |||
− | |||
− | |||
− | |||
− | |||
- Coffeebreak |
- Coffeebreak |
||
- Ursula: Story/Introduction |
- Ursula: Story/Introduction |
||
− | + | ||
− | |||
- Give the Participants their sites, let them get familiar with it (Ursula) |
- Give the Participants their sites, let them get familiar with it (Ursula) |
||
+ | - Try to harden the systems |
||
− | - Give some intro to what the systems usually do, user communities -> Space wheather, typical usage, basically what you produced |
||
− | with the load generator. |
||
− | |||
− | - Try to harden their systems |
||
(Rules: don't remove Leifs access and ?? add general firewall rule?) |
(Rules: don't remove Leifs access and ?? add general firewall rule?) |
||
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) |
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) |
||
− | - |
+ | - Tools, check-list |
- Start Attack 1 |
- Start Attack 1 |
||
Line 63: | Line 55: | ||
10:50 - 12:30 |
10:50 - 12:30 |
||
- First summary of day two, what was found, get all sites on the same level: |
- First summary of day two, what was found, get all sites on the same level: |
||
− | + | ||
− | - Network Forensics found CnC |
||
− | - Other sites: Keep working on the case |
||
− | |||
12:30 - 14:00 Lunch break |
12:30 - 14:00 Lunch break |
||
14:30 - 15:00 |
14:30 - 15:00 |
||
− | -Demo of CVE 4073 [Group that handled this case / Sven] |
+ | - Demo of CVE 4073 [Group that handled this case / Sven] |
15:00 - 16:30 |
15:00 - 16:30 |
Revision as of 11:58, 27 August 2012
- Tuesday 13:30 -- 18:30
Introduction to the Security Track at GKS 20min (Sven Gabriel) - Classical Incident / Grid-Incident, agenda - All attacks the participants will deal with have been seen recently at different sites, we compiled from these a fictionary scenario.... Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind rein zufällig und nicht beabsichtigt.:) - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram - Coffeebreak
- Ursula: Story/Introduction - Give the Participants their sites, let them get familiar with it (Ursula) - Try to harden the systems (Rules: don't remove Leifs access and ?? add general firewall rule?)
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) - Tools, check-list
- Start Attack 1
- Participants work on the case - Give the Participants a last Hint which makes clear what to head for End of Day 1: having found the password of the intruder
- Wednesday 10:50 - 18:30
10:50 - 12:30 - First summary of day one, what was found, get all sites on the same level: - If there is a site that sticks out and solved everything as in Leifs scenario, give them the Bonus-Challenge - Other sites: Keep working on the case - Reports from teams - Close case
- Lunch break
14:00 - 18:30 14:00 - 14:30 - Introduction to the grid specific part of incident response (Sven Gabriel) (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning) - tracing a job to the originating WMS or UI - suspending a user at the site - trace activity of a certain DN
14:30 - 18:30
End of day 2
- users banned
-Thursday 10:50 - 18:30
10:50 - 12:30 - First summary of day two, what was found, get all sites on the same level: 12:30 - 14:00 Lunch break
14:30 - 15:00 - Demo of CVE 4073 [Group that handled this case / Sven]
15:00 - 16:30 - Group Presentations (15 minutes per Group)
16:30 - 17:30 - Presentation of what the sites could have found / hints which attack was taken from which incident - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)
17:30 - 18:30 - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else