Difference between revisions of "Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis"
(→Agenda) |
|||
| Line 25: | Line 25: | ||
10:50 - 12:30 |
10:50 - 12:30 |
||
| − | - |
+ | - '''Oh dear, under attack again''', next levels, enjoy the game |
- Lunch break |
- Lunch break |
||
| Line 31: | Line 31: | ||
14:00 - 18:30 |
14:00 - 18:30 |
||
14:00 - 17:45 |
14:00 - 17:45 |
||
| − | - '''Your site is still up and running? '''Well we will work on this, |
+ | - '''Your site is still up and running? '''Well, we will work on this, |
17:45 - 18:30 |
17:45 - 18:30 |
||
Revision as of 15:35, 3 June 2013
Introduction
The participants will learn basic incident response and forensic skills in a virtualized environment. After a couple of introductory lectures on field forensics and incident response, most of the 3 days will be taken up by a tournament where the participants form teams that are given full root access to simulated HPC/Grid sites. Their task is to defend against and analyze realistic attacks of increasing sophistication, while keeping their systems up and running. The teams will be scored on their performance, and the winning team will be celebrated the most l33t admins. There may even be prizes.
Practical Issues
You will need to bring your own laptop. The only required software is an ssh client (although access to a unixoid operating system doesn't hurt). If you use the Putty ssh client, please be aware that we will be using OpenSSH keys during the exercise; see e.g. these instructions on how to use them together with Putty.
Agenda
- Tuesday 13:30 -- 18:30
Introduction to the Security Track at GKS 15min (Sven Gabriel) - Classical Incident / Grid-Incident, agenda - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram
Presentation: Leif Nixon: An Introduction to Quick and Dirty Forensics (60 min)
Introduction to the game (15 min) - build teams - get comfortable with your new job as cluster admin
15:00 - 15:30
Coffee / get the teams ready to roll, feel free to harden your system Your Cluster is under attack, better get your fingers dirty now...
- Wednesday 10:50 - 18:30
10:50 - 12:30 - Oh dear, under attack again, next levels, enjoy the game
- Lunch break
14:00 - 18:30 14:00 - 17:45 - Your site is still up and running? Well, we will work on this, 17:45 - 18:30 - Wrap up, findings, defense strategies and discussions
-Thursday 10:50 - 18:30 Incident Response in a Grid-Environment
10:50 - 12:30 - Introduction, Incident Response for Grid Admins (30min) - Teams get introduced to their Grid-Site - 12:30 - 14:00 Lunch break
14:30 - 15:00 - Demo of CVE 4073 [Group that handled this case / Sven]
15:00 - 16:30 - Group Presentations (15 minutes per Group)
16:30 - 17:30 - Presentation of what the sites could have found / hints which attack was taken from which incident - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)
17:30 - 18:30 - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else
