Difference between revisions of "Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis"

From Gridkaschool
Line 16: Line 16:
   
 
- Start Scenario 1
  
- Start Scenario 1
  +
* [[Security_Workshop:Rules|Rules]]
   
 
- Participants work on the case
  
- Participants work on the case

Revision as of 11:30, 28 August 2012

- Tuesday 13:30 -- 18:30 

  Introduction to the Security Track at GKS 20min (Sven Gabriel)
  - Classical Incident / Grid-Incident, agenda
  - All attacks the participants will deal with have been seen recently at different sites, 
    we compiled from these a fictionary scenario.... 
    Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind 
    rein zufällig und nicht beabsichtigt.:)
  - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram

  - Coffeebreak

  Introduction to sites (Ursula)

  Introduction to the Forensic Tools which might be of help here (Toby/Heiko)
  - Tools, check-list

  - Start Scenario 1
      * Rules

  - Participants work on the case
  
  End of Day 1: having found the intruder's backdoor password

- Wednesday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day one, what was found, get all sites on the same level:
    - If there is a site that sticks out and solved everything - give them the Bonus-Challenge
    - Other sites: Keep working on the case
  - Reports from teams
  - Close case

  - Lunch break

14:00 - 18:30
  14:00 - 14:30
  - Introduction to the grid specific part of incident response (Sven Gabriel)
  (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning)
    - tracing a job to the originating WMS or UI
    - suspending a user at the site
    - trace activity of a certain DN

  14:30 - 18:30
  - Work on the case

 End of day 2:  - users banned


-Thursday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day two, what was found, get all sites on the same level:
       
12:30 - 14:00 Lunch break

  14:30 - 15:00
  - Demo of CVE 4073 [Group that handled this case / Sven]

15:00 - 16:30
  - Group Presentations (15 minutes per Group)

16:30 - 17:30
  - Presentation of what the sites could have found / hints which attack was taken from which incident
  - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)

17:30 - 18:30
  - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else
Retrieved from "https://wiki.scc.kit.edu/gridkaschool/index.php?title=Security_Workshop:_Simulated_Security_Incident_in_Grid-_and_Cluster_environment_with_Forensic_Analysis&oldid=615"