Security Workshop: Simulated Security Incident in Grid- and Cluster environment with Forensic Analysis
From Gridkaschool
Jump to navigationJump to search
- Tuesday 13:30 -- 18:30
Introduction to the Security Track at GKS 20min (Sven Gabriel)
- Classical Incident / Grid-Incident, agenda
- All attacks the participants will deal with have been seen recently at different sites,
we compiled from these a fictional scenario....
- The Players and their roles here: Leif, Toby, Heiko, Ursula, Aram
Introduction to sites (Ursula)
Introduction to the Forensic Tools which might be of help here (Toby/Heiko) - Tools, check-list
- Start Scenario 1
* Scenario details and scoring
* Rules
- Participants work on the case End of Day 1: having found the intruder's backdoor password (Sites that finish early can receive an optional bonus challenge.)
- Wednesday 10:50 - 18:30
10:50 - 12:30 - First summary of day one, what was found, get all sites on the same level.
- Scenario 2
* Scenario details and scoring
- Lunch break
14:00 - 18:30
14:00 - 14:30
- Introduction to the grid specific part of incident response (Sven Gabriel)
(Working on certificate-DNs, what takes how long to take effect (CA/VOMS/local banning)
- tracing a job to the originating WMS or UI
- suspending a user at the site
- trace activity of a certain DN
14:30 - 18:30 - Work on the case
End of day 2: - users banned
-Thursday 10:50 - 18:30
10:50 - 12:30
- First summary of day two, what was found, get all sites on the same level:
12:30 - 14:00 Lunch break
14:30 - 15:00 - Demo of CVE 4073 [Group that handled this case / Sven]
15:00 - 16:30 - Group Presentations (15 minutes per Group)
16:30 - 17:30 - Presentation of what the sites could have found / hints which attack was taken from which incident - Presentation on SSC-Framework (15 - 30 min.), how to use it for a site training. (Aram)
17:30 - 18:30 - Ursula: wrap up, hand out prices, gather feedback ... Meeting in TenForward with a "Tannenzaepfle" or something else
