Thematic CERN School of Computing on Security 2022
from
Sunday 19 June 2022 (11:00)
to
Saturday 25 June 2022 (12:00)
Sunday 19 June 2022
11:00
Registration
Registration
11:00 - 12:30
12:45
Lunch
Lunch
12:45 - 13:30
14:00
Registration
Registration
14:00 - 16:00
16:00
Welcome to the CERN School of Computing
-
Sebastian Lopienski
(
CERN
)
Welcome to the CERN School of Computing
Sebastian Lopienski
(
CERN
)
16:00 - 16:20
16:20
Self-presentation: 1 minute per person
Self-presentation: 1 minute per person
16:20 - 17:00
17:15
Visit of Split old town
Visit of Split old town
17:15 - 19:00
19:15
Outside Welcome Dinner
Outside Welcome Dinner
19:15 - 20:00
Monday 20 June 2022
08:45
Opening Session
-
Sebastian Lopienski
(
CERN
)
Opening Session
Sebastian Lopienski
(
CERN
)
08:45 - 09:45
09:45
Security in research and scientific computing
-
Stefan Lueders
(
CERN
)
Security in research and scientific computing
(Introduction)
Stefan Lueders
(
CERN
)
09:45 - 10:45
* computer security: past, present and future * current risk landscape * most common threats and attack vectors * "why are we here?"
10:45
Coffee break
Coffee break
10:45 - 11:15
11:15
Announcements
Announcements
11:15 - 11:30
11:30
Security operations - lecture 1
-
Sven Gabriel
(
Nikhef
)
Security operations - lecture 1
(Introduction)
Sven Gabriel
(
Nikhef
)
11:30 - 12:30
* security operations: history, CERT vs. CSIRT * CSIRT organisation and provided services * preparations: asset management, security monitoring etc. * incident response readiness * lessons learned from past incidents
12:45
Lunch
Lunch
12:45 - 13:30
13:30
Study time and/or daily sports
Study time and/or daily sports
13:30 - 14:45
14:45
Security operations - lecture 2
-
Sven Gabriel
(
Nikhef
)
Security operations - lecture 2
(Introduction)
Sven Gabriel
(
Nikhef
)
14:45 - 15:45
* security operations: history, CERT vs. CSIRT * CSIRT organisation and provided services * preparations: asset management, security monitoring etc. * incident response readiness * lessons learned from past incidents
15:45
Coffee break
Coffee break
15:45 - 16:00
16:00
Identity, authentication, authorisation
-
Hannah Short
(
CERN
)
Identity, authentication, authorisation
(Track 1: Protection and prevention)
Hannah Short
(
CERN
)
16:00 - 17:00
* authentication and authorisation for distributed research * federated identities, identity assurance, trust * SSO, OpenID, multifactor authentication, certificates, SAML, OAuth2 authentication tokens etc. * dealing with compromised identities
17:00
Security architecture
-
Barbara Krašovec
(
ISJ
)
Security architecture
(Track 1: Protection and prevention)
Barbara Krašovec
(
ISJ
)
17:00 - 18:00
* how to design and provide secure computing infrastructure * hardware and OS security, system hardening * configuration management, DevSecOps, monitoring * secure network design, network segmentation, IPv6 security
18:00
Network design - exercise
-
Barbara Krašovec
(
ISJ
)
Network design - exercise
(Track 1: Protection and prevention)
Barbara Krašovec
(
ISJ
)
18:00 - 19:00
19:15
Dinner at MEDILS
Dinner at MEDILS
19:15 - 20:00
Tuesday 21 June 2022
08:45
Risk and vulnerability management
-
Sven Gabriel
(
Nikhef
)
Risk and vulnerability management
(Track 1: Protection and prevention)
Sven Gabriel
(
Nikhef
)
08:45 - 09:45
* risk analysis and risk mitigation * vulnerability lifecycle, monitoring, scanning * CVE, CVSS, CPE, CWE and related standards * special cases: vulnerable hardware, EOL systems etc.
09:45
Virtualisation and cloud security
-
Barbara Krašovec
(
ISJ
)
Virtualisation and cloud security
(Track 1: Protection and prevention)
Barbara Krašovec
(
ISJ
)
09:45 - 10:45
10:45
School photo
School photo
10:45 - 10:50
10:50
Coffee break
Coffee break
10:50 - 11:15
11:15
Announcements
Announcements
11:15 - 11:30
11:30
Logging and traceability
-
David Crooks
(
UKRI STFC
)
Logging and traceability
(Track 2: Detection)
David Crooks
(
UKRI STFC
)
11:30 - 12:30
* host-based logs (system and application level), network monitoring * the importance of central logging * tools and technologies * data privacy, dealing with personal and sensitive data, log retention * traceability challenges
12:45
Lunch
Lunch
12:45 - 13:30
13:30
Study time and/or daily sports
Study time and/or daily sports
13:30 - 14:45
14:45
Student lightning talks
Student lightning talks
(Additional talks)
14:45 - 15:45
15:45
Coffee break
Coffee break
15:45 - 16:00
16:00
Intrusion detection with SOC: threat intelligence, monitoring, integration and processes
-
David Crooks
(
UKRI STFC
)
Intrusion detection with SOC: threat intelligence, monitoring, integration and processes
(Track 2: Detection)
David Crooks
(
UKRI STFC
)
16:00 - 17:00
* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting
17:00
Introduction to web penetration testing
-
Sebastian Lopienski
(
CERN
)
Introduction to web penetration testing
(Track 1: Protection and prevention)
Sebastian Lopienski
(
CERN
)
17:00 - 18:00
* web application security, typical web vulnerabilities * ethical hacking * introduction to pentesting
18:00
Penetration testing - exercises
-
Sebastian Lopienski
(
CERN
)
Penetration testing - exercises
(Track 1: Protection and prevention)
Sebastian Lopienski
(
CERN
)
18:00 - 19:00
19:15
Dinner at MEDILS
Dinner at MEDILS
19:15 - 20:00
Wednesday 22 June 2022
08:45
Container security
-
Daniel Kouřil
(
CESNET
)
Container security
(Track 1: Protection and prevention)
Daniel Kouřil
(
CESNET
)
08:45 - 09:45
* key concepts of containers (namespaces, cgroups etc.) and Docker * container security, threat landscape * vulnerability and patch management
09:45
Container security - exercises
-
Daniel Kouřil
(
CESNET
)
Container security - exercises
(Track 1: Protection and prevention)
Daniel Kouřil
(
CESNET
)
09:45 - 10:45
10:45
Coffee break
Coffee break
10:45 - 11:15
11:15
Announcements
Announcements
11:15 - 11:30
11:30
Intrusion detection with SOC: deployment and operation
-
David Crooks
(
UKRI STFC
)
Intrusion detection with SOC: deployment and operation
(Track 2: Detection)
David Crooks
(
UKRI STFC
)
11:30 - 12:30
* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting
12:45
Lunch
Lunch
12:45 - 13:30
13:30
Outdoor excursion
Outdoor excursion
13:30 - 19:00
19:15
Outside dinner
Outside dinner
19:15 - 20:00
Thursday 23 June 2022
08:45
Digital forensics: essentials and data acquisition
-
Daniel Kouřil
(
CESNET
)
Digital forensics: essentials and data acquisition
(Track 3: Response)
Daniel Kouřil
(
CESNET
)
08:45 - 09:45
09:45
Incident response: policies and procedures
-
Romain Wartel
(
CERN
)
Incident response: policies and procedures
(Track 3: Response)
Romain Wartel
(
CERN
)
09:45 - 10:45
* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects
10:45
Coffee break
Coffee break
10:45 - 11:15
11:15
Announcements
Announcements
11:15 - 11:30
11:30
Digital forensics: data analysis
-
Daniel Kouřil
(
CESNET
)
Digital forensics: data analysis
(Track 3: Response)
Daniel Kouřil
(
CESNET
)
11:30 - 12:30
12:45
Lunch
Lunch
12:45 - 13:30
13:30
Study time and/or daily sports
Study time and/or daily sports
13:30 - 14:45
14:45
Responding to security incidents as a community
-
Romain Wartel
(
CERN
)
Responding to security incidents as a community
(Track 3: Response)
Romain Wartel
(
CERN
)
14:45 - 15:45
* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects
15:45
Coffee break
Coffee break
15:45 - 16:00
16:00
Intrusion detection with SOC - exercises
-
David Crooks
(
UKRI STFC
)
Intrusion detection with SOC - exercises
(Track 2: Detection)
David Crooks
(
UKRI STFC
)
16:00 - 19:00
* indicators of compromise, threat intelligence sharing, TLP protocol * tools and technologies * deploying a Security Operation Center * detecting security incidents
19:15
Dinner at MEDILS
Dinner at MEDILS
19:15 - 20:00
20:00
Special evening talk: Ransomware - and much more!
-
Romain Wartel
(
CERN
)
Special evening talk: Ransomware - and much more!
(Additional talks)
Romain Wartel
(
CERN
)
20:00 - 21:00
This is not about ransomware. It's about (double) extortion!
Friday 24 June 2022
08:45
Digital forensics - exercises
-
Daniel Kouřil
(
CESNET
)
Digital forensics - exercises
(Track 3: Response)
Daniel Kouřil
(
CESNET
)
08:45 - 10:15
10:15
Coffee break
Coffee break
10:15 - 10:30
10:30
Introduction to forensics - exercises
Introduction to forensics - exercises
(Track 3: Response)
10:30 - 11:45
11:45
Announcements
Announcements
11:45 - 12:00
12:00
Penetration testing - exercise debriefing
-
Sebastian Lopienski
(
CERN
)
Penetration testing - exercise debriefing
(Track 1: Protection and prevention)
Sebastian Lopienski
(
CERN
)
12:00 - 12:30
12:45
Lunch
Lunch
12:45 - 13:30
13:30
Study time
Study time
13:30 - 14:15
14:15
Exam
Exam
14:15 - 15:00
15:00
Coffee break
Coffee break
15:00 - 15:15
15:15
Incident response - exercise
-
Romain Wartel
(
CERN
)
Incident response - exercise
(Track 3: Response)
Romain Wartel
(
CERN
)
15:15 - 18:15
* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects
18:30
Closing Session
-
Sebastian Lopienski
(
CERN
)
Closing Session
Sebastian Lopienski
(
CERN
)
18:30 - 19:30
19:45
Outside Closing Dinner
Outside Closing Dinner
19:45 - 20:30
Saturday 25 June 2022
08:45
Departure
Departure
08:45 - 10:45