Welcome to the CERN School of Computing

Self-presentation: 1 minute per person

Opening Session

• Alberto Pace (CERN)
• Sebastian Lopienski (CERN)

Security in research and scientific computing

• David Crooks (UKRI STFC)

* computer security: past, present and future * current risk landscape * most common threats and attack vectors * "why are we here?"

Announcements

Risk Management - lecture 1

• Sven Gabriel

Study time and/or daily sports

Risk management - lecture 2

• Sven Gabriel

The files attached to Risk management - lecture 1 contain all the slides for both lectures

Security architecture fundamentals

• Barbara Krašovec (IJS)

Security architecture fundamentals • fundamental security principles • develop skills to be a security architect • how to design and provide secure computing infrastructure • security standards and frameworks • physical security • network security: segmentation, firewalls, VPNs

Identity, authentication, authorisation

• Tom Dack

• An introduction to the concepts of Identity, Authentication, and Authorization • Authentication and authorisation for distributed research • Methods for communicating authentication and authorization: Certificates, SAML, OAuth • How these technologies fit within research infrastructures

Identity Management & AAI - exercise

• Tom Dack

Resources: - Glitch: [https://glitch.com/~oauth-oidc-exercises][1] - IRIS IAM: [https://iris-iam.stfc.ac.uk/login][2] - IRIS IAM Documentation: [https://stfc.github.io/IAM-Docs/][3] [1]: https://glitch.com/~oauth-oidc-exercises [2]: https://iris-iam.stfc.ac.uk/login [3]: https://stfc.github.io/IAM-Docs/

Defensible security architecture: how to implement security principles

• Barbara Krašovec (IJS)

• data security • endpoint security: hardware, host, OS, BMC security, system hardening • application security • future security trends

Logging and traceability

• David Crooks (UKRI STFC)

* host-based logs (system and application level), network monitoring * the importance of central logging * tools and technologies * data privacy, dealing with personal and sensitive data, log retention * traceability challenges

Announcements

School photo

Virtualisation and cloud security

• Barbara Krašovec (IJS)

Virtualisation and cloud security • virtualisation security fundamentals • cloud service models • authentication and key management • data security in the cloud • DevSecOps • security in private and public cloud • common threats in the cloud • security tools

Study time and/or daily sports

Vulnerability management

• Sven Gabriel

* vulnerability lifecycle, monitoring, scanning * CVE, CVSS, CPE, CWE and related standards * special cases: vulnerable hardware, EOL systems etc.

Student lightning talks

• Andrzej Nowicki (CERN)
• Gwen Dawes (University of Cambridge)
• Richard Bachmann (CERN)
• Subhashis Suara (CERN)
• Nowshaba Jeelani Wani

Risk management - cont.

• Sven Gabriel

Application security

• Sebastian Lopienski (CERN)

* web application security, typical web vulnerabilities * ethical hacking * introduction to pentesting

Application Security - exercises

• Sebastian Lopienski (CERN)

Container security

• Daniel Kouřil (CESNET)

* key concepts of containers (namespaces, cgroups etc.) and Docker * container security, threat landscape * vulnerability and patch management

Container security - exercises

• Daniel Kouřil (CESNET)

Announcements

Intrusion detection with SOC: deployment and operation

• David Crooks (UKRI STFC)

* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting

Departure of bus to Oxford

Transport by bus to Cosener's house

Security Operations

• Sven Gabriel

additional material: - source code for communication challenges https://codeberg.org/dussa/CommsChallenge/

Incident response management

• Barbara Krašovec (IJS)

• incident management and coordination • incident analysis and investigation • communication with stakeholders • containment and eradiction • recovery • lessons learnt

Announcements

Digital forensics: essentials and data acquisition

• Daniel Kouřil (CESNET)

digital evidence handling data acquisition (live systems, storage etc.) data analysis (OS, file system, network, executables etc.) reporting

Study time and/or daily sports

Digital forensics: data analysis

• Daniel Kouřil (CESNET)

Intrusion detection with SOC - exercises

• David Crooks (UKRI STFC)

* indicators of compromise, threat intelligence sharing, TLP protocol * tools and technologies * deploying a Security Operation Center * detecting security incidents

Digital forensics - exercises

• Daniel Kouřil (CESNET)

Introduction to forensics - exercises

• Daniel Kouřil

Announcements

Penetration testing - exercise debriefing

• Sebastian Lopienski (CERN)

Study time

Exam

Incident response - exercise

• David Crooks (UKRI STFC)
• Tom Dack
• Sebastian Lopienski (CERN)
• Romain Wartel (CERN)

* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects

Incident response - exercise

• David Crooks (UKRI STFC)
• Tom Dack
• Romain Wartel (CERN)
• Sebastian Lopienski (CERN)

* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects

Closing Session

• Alberto Pace (CERN)