pDNSSOC workshop

1 Jun 2023, 09:00 → 2 Jun 2023, 16:00 Europe/Zurich

28/S-029 (CERN)

Romain Wartel (CERN)

This workshop focuses on the different means DNS logging information can be used to help protect the Research & Education (R&E) sector as a whole.

It covers architecture aspects (DNS, pDNS, logs vs aggregation, etc.), tooling (dnstap, pDNSSOC, MISP, etc.) and deployment strategies. It also explores cooperation avenues with initiatives like SIE Europe.

The overall intent of the workshop is to improve daily security operations and cooperation between R&E organisations, ranging from mature security teams to smaller, understaffed organisations.

pDNSSOC: "Correlating DNS logs with threat intel from MISP as a poor man’s SOC."

https://github.com/CERN-CERT/pDNSSOC

Thursday, 1 June

09:00 → 09:30 Introductions & round table

09:30 → 10:30 Discussion: Problem definition & communities involved

e-infrastructure problem space, pDNS data collections in Europe, key stakeholders.
In short, what are we trying to achieve with DNS/pDNS?

10:30 → 11:00 Coffee break

11:00 → 12:00 QUIC Transport Protocol

https://indico.cern.ch/event/1289144/

Speaker: Paul Vixie

12:00 → 13:30 Lunch

13:30 → 14:00 Trials and tribulations of getting pDNS from Higher Ed

Speaker: Chris O'Donnell

14:00 → 16:00 pDNSSOC

• pDNSSOC overview, design, functionalities, limitation, deployment model, and future.
• Integration options with SIE Europe

https://github.com/CERN-CERT/pDNSSOC

Speakers: Pau Cutrina Vilalta (CERN), Romain Wartel (CERN)

16:00 → 19:00 CERN Tour

A VIP guided tour of CERN facilities
16h CERN Antimatter factory (https://home.cern/science/accelerators/antiproton-decelerator)
17h CERN Data Center (https://home.cern/science/computing/data-centre)
18h CERN Control Centre (CCC), where LHC operations are conducted (https://op-webtools.web.cern.ch/Vistar/vistars.php)

Speaker: Stefan Lueders (CERN)

19:00 → 19:20 Dinner

Location and logistics will be confirmed.
Cheese likely.

Friday, 2 June

09:30 → 10:30 Technical session: pDNSSOC, dnstap, pDNS

Continued technical discussions, demo and hands-on technical work

Speakers: Dr David Crooks (UKRI STFC), Pau Cutrina Vilalta (CERN), Romain Wartel (CERN)

10:30 → 11:00 Coffee break

And possibly French pastries

11:00 → 12:00 Technical session: pDNSSOC, dnstap, pDNS

Continued technical discussions, demo and hands-on technical work

Speakers: Dr David Crooks (UKRI STFC), Pau Cutrina Vilalta (CERN), Romain Wartel (CERN)

12:00 → 13:30 Lunch

13:30 → 15:00 Technical session: pDNSSOC, dnstap, pDNS

Continued technical discussions, demo and hands-on technical work

Speakers: Dr David Crooks (UKRI STFC), Pau Cutrina Vilalta (CERN), Romain Wartel (CERN)

15:00 → 15:30 Wrap up and next steps