Login

Thematic CERN School of Computing on Security 2023

8–14 Oct 2023
MedILS, Split, Croatia
Europe/Zagreb timezone

CERN School of Computing

Contribution List

49 out of 49 displayed
Export to PDF
  1. 88. Self-presentation: 1 minute per person
    08/10/2023, 16:00
  2. 97. Welcome to the CERN School of Computing
    Alberto Pace (CERN), Toni Sculac (University of Split)
    08/10/2023, 16:40
  3. 79. Opening Session
    Alberto Pace (CERN), Ivica Puljak (Mayor of Split), Mile Dzelalija (University of Split)
    09/10/2023, 09:00
  4. 101. Security in research and scientific computing
    Stefan Lueders (CERN)
    09/10/2023, 09:45
    Lecture
    • computer security: past, present and future
    • current risk landscape
    • most common threats and attack vectors
    • "why are we here?"
    Go to contribution page
  5. 99. Announcements
    09/10/2023, 10:45
  6. 105. Identity, authentication, authorisation
    Mr Tom Dack (Science and Technology Facilities Council STFC (GB))
    09/10/2023, 11:30
    Lecture

    • An introduction to the concepts of Identity, Authentication, and Authorization
    • Authentication and authorisation for distributed research
    • Methods for communicating authentication and authorization: Certificates, SAML, OAuth
    • How these technologies fit within research infrastructures

    Go to contribution page
  7. 130. Study time and/or daily sports
    09/10/2023, 13:15
  8. 106. Security architecture fundamentals
    Barbara Krašovec (IJS)
    09/10/2023, 14:45
    Lecture

    Security architecture fundamentals
    • fundamental security principles
    • develop skills to be a security architect
    • how to design and provide secure computing infrastructure
    • security standards and frameworks
    • physical security
    • network security: segmentation, firewalls, VPNs

    Go to contribution page
  9. 103. Security operations - lecture 1
    Sven Gabriel
    09/10/2023, 16:15
    Lecture
    • security operations: history, CERT vs. CSIRT
    • CSIRT organisation and provided services
    • preparations: asset management, security monitoring etc.
    • incident response readiness
    • lessons learned from past incidents
    Go to contribution page
  10. 104. Security operations - lecture 2
    Sven Gabriel
    09/10/2023, 17:15
    Lecture
    • security operations: history, CERT vs. CSIRT
    • CSIRT organisation and provided services
    • preparations: asset management, security monitoring etc.
    • incident response readiness
    • lessons learned from past incidents
    Go to contribution page
  11. 107. Network design - exercise
    Barbara Krašovec (ISJ)
    09/10/2023, 18:15
    Exercise
  12. 108. Virtualisation and cloud security
    Barbara Krašovec (IJS)
    10/10/2023, 08:45
    Lecture

    Virtualisation and cloud security
    • virtualisation security fundamentals
    • cloud service models
    • authentication and key management
    • data security in the cloud
    • DevSecOps
    • security in private and public cloud
    • common threats in the cloud
    • security tools

    Go to contribution page
  13. 111. Risk and vulnerability management
    Sven Gabriel
    10/10/2023, 09:45
    Lecture
    • risk analysis and risk mitigation
    • vulnerability lifecycle, monitoring, scanning
    • CVE, CVSS, CPE, CWE and related standards
    • special cases: vulnerable hardware, EOL systems etc.
    Go to contribution page
  14. 74. Announcements
    10/10/2023, 10:45
  15. 92. School photo
    10/10/2023, 11:00
  16. 114. Logging and traceability
    David Crooks (UKRI STFC)
    10/10/2023, 11:30
    Lecture
    • host-based logs (system and application level), network monitoring
    • the importance of central logging
    • tools and technologies
    • data privacy, dealing with personal and sensitive data, log retention
    • traceability challenges
    Go to contribution page
  17. 129. Study time and/or daily sports
    10/10/2023, 13:15
  18. 115. Intrusion detection with SOC: threat intelligence, monitoring, integration and processes
    David Crooks (UKRI STFC)
    10/10/2023, 14:45
    Lecture
    • indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
    • tools and technologies: MISP, Zeek, OpenSearch etc.
    • deploying a Security Operation Center
    • security incidents: detecting and alerting
    Go to contribution page
  19. 81. Student lightning talks
    10/10/2023, 16:15
  20. 112. Introduction to web penetration testing
    Sebastian Lopienski (CERN)
    10/10/2023, 17:15
    Lecture
    • web application security, typical web vulnerabilities
    • ethical hacking
    • introduction to pentesting
    Go to contribution page
  21. 113. Penetration testing - exercises
    Sebastian Lopienski (CERN)
    10/10/2023, 18:15
    Exercise
  22. 109. Container security
    Daniel Kouřil (CESNET)
    11/10/2023, 08:45
    Lecture
    • key concepts of containers (namespaces, cgroups etc.) and Docker
    • container security, threat landscape
    • vulnerability and patch management
    Go to contribution page
  23. 110. Container security - exercises
    Daniel Kouřil (CESNET)
    11/10/2023, 09:45
    Exercise
  24. 75. Announcements
    11/10/2023, 10:45
  25. 116. Intrusion detection with SOC: deployment and operation
    David Crooks (UKRI STFC)
    11/10/2023, 11:30
    Lecture
    • indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
    • tools and technologies: MISP, Zeek, OpenSearch etc.
    • deploying a Security Operation Center
    • security incidents: detecting and alerting
    Go to contribution page
  26. 118. Digital forensics: essentials and data acquisition
    Daniel Kouřil (CESNET)
    12/10/2023, 08:45
    Lecture

    digital evidence handling
    data acquisition (live systems, storage etc.)
    data analysis (OS, file system, network, executables etc.)
    reporting

    Go to contribution page
  27. 121. Defensible security architecture: how to implement security principles
    Barbara Krašovec (IJS)
    12/10/2023, 09:45
    Lecture

    • data security
    • endpoint security: hardware, host, OS, BMC security, system hardening
    • application security
    • future security trends

    Go to contribution page
  28. 77. Announcements
    12/10/2023, 10:45
  29. 119. Digital forensics: data analysis
    Daniel Kouřil (CESNET)
    12/10/2023, 11:30
    Lecture
  30. 128. Study time and/or daily sports
    12/10/2023, 13:15
  31. 122. Incident response management
    Barbara Krašovec (IJS)
    12/10/2023, 14:45
    Lecture

    • incident management and coordination
    • incident analysis and investigation
    • communication with stakeholders
    • containment and eradiction
    • recovery
    • lessons learnt

    Go to contribution page
  32. 117. Intrusion detection with SOC and AAI - exercises
    David Crooks (UKRI STFC), Mr Tom Dack (Science and Technology Facilities Council STFC (GB))
    12/10/2023, 16:15
    Exercise
    • indicators of compromise, threat intelligence sharing, TLP protocol
    • tools and technologies
    • deploying a Security Operation Center
    • detecting security incidents
    Go to contribution page
  33. 120. Digital forensics - exercises
    Daniel Kouřil (CESNET)
    13/10/2023, 08:45
    Exercise
  34. 126. Introduction to forensics - exercises
    Daniel Kouřil
    13/10/2023, 10:30
    Exercise
  35. 78. Announcements
    13/10/2023, 11:45
  36. 124. Penetration testing - exercise debriefing
    Sebastian Lopienski (CERN)
    13/10/2023, 12:00
    Lecture
  37. 127. Study time
    13/10/2023, 13:15
  38. 73. Exam
    13/10/2023, 14:15
  39. 123. Incident response - exercise
    Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack (Science and Technology Facilities Council STFC (GB))
    13/10/2023, 15:00
    Exercise
    • incident management and coordination
    • Sirtfi and trust frameworks
    • communication with local users, external communities, and other stakeholders
    • working with law enforcement
    • privacy aspects
    Go to contribution page
  40. 131. Incident response - exercise
    Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack (Science and Technology Facilities Council STFC (GB))
    13/10/2023, 16:45
    Exercise
    • incident management and coordination
    • Sirtfi and trust frameworks
    • communication with local users, external communities, and other stakeholders
    • working with law enforcement
    • privacy aspects
    Go to contribution page
  41. 80. Closing Session
    Alberto Pace (CERN)
    13/10/2023, 18:00
  42. 76. Announcements
  43. 82. Guest lecture
  44. 96. Guest lecture: Why is Higgs still a star?
    Lecture

    The discovery of the Higgs boson particle in 2012 was an astonishing triumph of high energy physics. In this talk I will try to convince you that precision measurements of the Higgs boson properties are a very exciting prospect. Not only it will lead to a better understanding of our Universe but it is also one of our best windows in to the unknown.

    Go to contribution page
  45. 100. Photo contest
  46. 87. Scientific and computing challenges in fundamental physics

    In this introductory lecture we will review the big picture of modern science, with the emphasis on biggest questions and challenges in fundamental physics. Higgs physics, neutrino experiments, dark matter, dark energy, multi messenger astronomy, physics beyond the standard model, gravitational waves and other scientific wanders will be presented, connecting great theoretical ideas and modern...

    Go to contribution page
  47. 102. Security management
    Lecture
    • security principles
    • threat modeling, risk assessment, risk management
    • security standards
    • security policies
    • the human factor, security culture
    Go to contribution page
  48. 84. Special evening talk: Future of the Universe and of Humanity
  49. 125. Special evening talk: Ransomware - and much more! TBC
    Lecture

    This is not about ransomware. It's about (double) extortion!

    Go to contribution page