The school will focus on the theme of Security of research computing infrastructures. The complete programme will offer around 30 hours of lectures, workshops and hands-on exercises, as well as a student presentations session, and special evening lectures. Classes are prepared and given by speakers who are security professionals with many years of experience in academia and research.
(Please note that this programme may be subject to minor changes.)
-
Introduction
Security in research and scientific computing (1h introduction talk)
by Stefan Lüders (CERN)- computer security: past, present and future
- current risk landscape
- most common threats and attack vectors
- "why are we here?"
Security operations (2h lectures)
by Sven Gabriel (Nikhef, The Netherlands)- security operations: history, CERT vs. CSIRT
- CSIRT organisation and provided services
- preparations: asset management, security monitoring etc.
- incident response readiness
- lessons learned from past incidents
-
Track 1: Protection and prevention
Identity, authentication, authorisation (1h lecture)
by Hannah Short (CERN)- authentication and authorisation for distributed research
- federated identities, identity assurance, trust
- SSO, OpenID, multifactor authentication, certificates, SAML, OAuth2 authentication tokens etc.
- dealing with compromised identities
Security architecture (2h lectures and 1h exercises)
by Barbara Krašovec (ISJ, Slovenia)- how to design and provide secure computing infrastructure
- hardware and OS security, system hardening
- configuration management, DevSecOps, monitoring
- secure network design, network segmentation, IPv6 security
- virtualisation and cloud security
Container security (1h lectures and 1h exercises)
by Daniel Kouřil (CESNET, Czech Republic)- key concepts of containers (namespaces, cgroups etc.) and Docker
- container security, threat landscape
- vulnerability and patch management
Risk and vulnerability management (1h lecture)
by Sven Gabriel (Nikhef, The Netherlands)- risk analysis and risk mitigation
- vulnerability lifecycle, monitoring, scanning
- CVE, CVSS, CPE, CWE and related standards
- special cases: vulnerable hardware, EOL systems etc.
Introduction to web penetration testing (2h lectures and 1h exercises)
by Sebastian Łopieński (CERN)- web application security, typical web vulnerabilities
- ethical hacking
- introduction to pentesting
-
Track 2: Detection
Logging and traceability (1h lecture)
by David Crooks (UKRI-STFC, United Kingdom)- host-based logs (system and application level), network monitoring
- the importance of central logging
- tools and technologies
- data privacy, dealing with personal and sensitive data, log retention
- traceability challenges
Intrusion detection with SOC (2h lectures and 3h exercises)
by David Crooks (UKRI-STFC, United Kingdom)- indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
- tools and technologies: MISP, Zeek, OpenSearch etc.
- deploying a Security Operation Center
- security incidents: detecting and alerting
-
Track 3: Response
Digital forensics (2h lecture and 3h exercises)
by Daniel Kouřil (CESNET, Czech Republic)- digital evidence handling
- data acquisition (live systems, storage etc.)
- data analysis (OS, file system, network, executables etc.)
- reporting
Incident response (2h lectures)
by Romain Wartel (CERN)- incident management and coordination
- Sirtfi and trust frameworks
- communication with local users, external communities, and other stakeholders
- working with law enforcement
- privacy aspects
Coordination of security incidents (3h role-playing exercise)
by Romain Wartel (CERN)- basic forensics
- incident response procedures
- central coordination
- collaboration between organizations
- dealing with the media and the law enforcement
-
Additional talks
Special evening talk
Ransomware - and much more!
by Romain Wartel (CERN)
TBC Special evening talk
Future of the Universe and of Humanity
by Ivica Puljak (University of Split, Croatia)
Student lightning talks session
