Difference between revisions of "Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis"

From Gridkaschool
Line 48: Line 48:
 
 
   
'''End of day 2: - users banned'''
 +
'''End of day 2: - users banned'''
 
 
   

Revision as of 12:01, 27 August 2012

- Tuesday 13:30 -- 18:30 

  Introduction to the Security Track at GKS 20min (Sven Gabriel)
  - Classical Incident / Grid-Incident, agenda
  - All attacks the participants will deal with have been seen recently at different sites, 
    we compiled from these a fictionary scenario.... 
    Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind 
    rein zufällig und nicht beabsichtigt.:)
  - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram

  - Coffeebreak

  - Ursula: Story/Introduction 
       
  - Give the Participants their sites, let them get familiar with it (Ursula)
  - Try to harden the systems 
    (Rules: don't remove Leifs access and ?? add general firewall rule?)

 Introduction to the Forensic Tools which might be of help here (Toby/Heiko)
  - Tools, check-list

  - Start Attack 1

  - Participants work on the case
  
  - Give the Participants a last Hint which makes clear what to head for
  End of Day 1: having found the password of the intruder

- Wednesday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day one, what was found, get all sites on the same level:
    - If there is a site that sticks out and solved everything as in Leifs scenario, give them the Bonus-Challenge
    - Other sites: Keep working on the case
  - Reports from teams
  - Close case

  - Lunch break

14:00 - 18:30
  14:00 - 14:30
  - Introduction to the grid specific part of incident response (Sven Gabriel)
  (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning)
    - tracing a job to the originating WMS or UI
    - suspending a user at the site
    - trace activity of a certain DN

  14:30 - 18:30
 

 End of day 2:  - users banned


-Thursday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day two, what was found, get all sites on the same level:
       
12:30 - 14:00 Lunch break

  14:30 - 15:00
  - Demo of CVE 4073 [Group that handled this case / Sven]

15:00 - 16:30
  - Group Presentations (15 minutes per Group)

16:30 - 17:30
  - Presentation of what the sites could have found / hints which attack was taken from which incident
  - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)

17:30 - 18:30
  - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else
Retrieved from "https://wiki.scc.kit.edu/gridkaschool/index.php?title=Security_Workshop:_Simulated_Security_Incident_in_Grid-_and_Cluster_environment_with_Forensic_Analysis&oldid=557"