Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis

From Gridkaschool
Revision as of 12:06, 27 August 2012 by Ue (talk | contribs)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

- Tuesday 13:30 -- 18:30 

  Introduction to the Security Track at GKS 20min (Sven Gabriel)
  - Classical Incident / Grid-Incident, agenda
  - All attacks the participants will deal with have been seen recently at different sites, 
    we compiled from these a fictionary scenario.... 
    Die Geschichte ist frei erfunden, Ähnlichkeiten zu wahren Gegebenheiten und Personen sind 
    rein zufällig und nicht beabsichtigt.:)
  - The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram

  - Coffeebreak

  Introduction to sites (Ursula)

  Introduction to the Forensic Tools which might be of help here (Toby/Heiko)
  - Tools, check-list

  - Start Attack 1

  - Participants work on the case
  
  End of Day 1: having found the password of the intruder

- Wednesday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day one, what was found, get all sites on the same level:
    - If there is a site that sticks out and solved everything as in Leifs scenario, give them the Bonus-Challenge
    - Other sites: Keep working on the case
  - Reports from teams
  - Close case

  - Lunch break

14:00 - 18:30
  14:00 - 14:30
  - Introduction to the grid specific part of incident response (Sven Gabriel)
  (Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning)
    - tracing a job to the originating WMS or UI
    - suspending a user at the site
    - trace activity of a certain DN

  14:30 - 18:30
  - Work on the case

 End of day 2:  - users banned


-Thursday 10:50 - 18:30 

10:50 - 12:30
  - First summary of day two, what was found, get all sites on the same level:
       
12:30 - 14:00 Lunch break

  14:30 - 15:00
  - Demo of CVE 4073 [Group that handled this case / Sven]

15:00 - 16:30
  - Group Presentations (15 minutes per Group)

16:30 - 17:30
  - Presentation of what the sites could have found / hints which attack was taken from which incident
  - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)

17:30 - 18:30
  - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else
Retrieved from "https://wiki.scc.kit.edu/gridkaschool/index.php?title=Security_Workshop:_Simulated_Security_Incident_in_Grid-_and_Cluster_environment_with_Forensic_Analysis&oldid=561"