Difference between revisions of "Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis"
From Gridkaschool
Line 10: | Line 10: | ||
- Coffeebreak |
- Coffeebreak |
||
− | + | Introduction to sites (Ursula) |
|
+ | Introduction to the Forensic Tools which might be of help here (Toby/Heiko) |
||
− | |||
− | Introduction to the Forensic Tools which might be of help here (Toby/Heiko) |
||
- Tools, check-list |
- Tools, check-list |
||
Revision as of 12:06, 27 August 2012
- Tuesday 13:30 -- 18:30
Introduction to the Security Track at GKS 20min (Sven Gabriel) - Classical Incident / Grid-Incident, agenda - All attacks the participants will deal with have been seen recently at different sites, we compiled from these a fictionary scenario.... Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind rein zufällig und nicht beabsichtigt.:) - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram - Coffeebreak
Introduction to sites (Ursula)
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) - Tools, check-list
- Start Attack 1
- Participants work on the case End of Day 1: having found the password of the intruder
- Wednesday 10:50 - 18:30
10:50 - 12:30 - First summary of day one, what was found, get all sites on the same level: - If there is a site that sticks out and solved everything as in Leifs scenario, give them the Bonus-Challenge - Other sites: Keep working on the case - Reports from teams - Close case
- Lunch break
14:00 - 18:30 14:00 - 14:30 - Introduction to the grid specific part of incident response (Sven Gabriel) (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning) - tracing a job to the originating WMS or UI - suspending a user at the site - trace activity of a certain DN
14:30 - 18:30 - Work on the case
End of day 2: - users banned
-Thursday 10:50 - 18:30
10:50 - 12:30 - First summary of day two, what was found, get all sites on the same level: 12:30 - 14:00 Lunch break
14:30 - 15:00 - Demo of CVE 4073 [Group that handled this case / Sven]
15:00 - 16:30 - Group Presentations (15 minutes per Group)
16:30 - 17:30 - Presentation of what the sites could have found / hints which attack was taken from which incident - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)
17:30 - 18:30 - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else