Welcome to the CERN School of Computing

Self-presentation: 1 minute per person

Opening Session

• Sebastian Lopienski (CERN)
• Alberto Pace (CERN)

Security in research and scientific computing

• Stefan Lueders (CERN)

* computer security: past, present and future * current risk landscape * most common threats and attack vectors * "why are we here?"

Announcements

Identity, authentication, authorisation

• Tom Dack

• An introduction to the concepts of Identity, Authentication, and Authorization • Authentication and authorisation for distributed research • Methods for communicating authentication and authorization: Certificates, SAML, OAuth • How these technologies fit within research infrastructures

Study time and/or daily sports

Security architecture fundamentals

• Barbara Krašovec (IJS)

Security architecture fundamentals • fundamental security principles • develop skills to be a security architect • how to design and provide secure computing infrastructure • security standards and frameworks • physical security • network security: segmentation, firewalls, VPNs

Security operations - lecture 1

• Sven Gabriel

* security operations: history, CERT vs. CSIRT * CSIRT organisation and provided services * preparations: asset management, security monitoring etc. * incident response readiness * lessons learned from past incidents

Security operations - lecture 2

• Sven Gabriel

* security operations: history, CERT vs. CSIRT * CSIRT organisation and provided services * preparations: asset management, security monitoring etc. * incident response readiness * lessons learned from past incidents

Network design - exercise

• Barbara Krašovec (ISJ)

Virtualisation and cloud security

• Barbara Krašovec (IJS)

Virtualisation and cloud security • virtualisation security fundamentals • cloud service models • authentication and key management • data security in the cloud • DevSecOps • security in private and public cloud • common threats in the cloud • security tools

Risk and vulnerability management

• Sven Gabriel

* risk analysis and risk mitigation * vulnerability lifecycle, monitoring, scanning * CVE, CVSS, CPE, CWE and related standards * special cases: vulnerable hardware, EOL systems etc.

Announcements

School photo

Logging and traceability

• David Crooks (UKRI STFC)

* host-based logs (system and application level), network monitoring * the importance of central logging * tools and technologies * data privacy, dealing with personal and sensitive data, log retention * traceability challenges

Study time and/or daily sports

Intrusion detection with SOC: threat intelligence, monitoring, integration and processes

• David Crooks (UKRI STFC)

* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting

Student lightning talks

Introduction to web penetration testing

• Sebastian Lopienski (CERN)

* web application security, typical web vulnerabilities * ethical hacking * introduction to pentesting

Penetration testing - exercises

• Sebastian Lopienski (CERN)

Container security

• Daniel Kouřil (CESNET)

* key concepts of containers (namespaces, cgroups etc.) and Docker * container security, threat landscape * vulnerability and patch management

Container security - exercises

• Daniel Kouřil (CESNET)

Announcements

Intrusion detection with SOC: deployment and operation

• David Crooks (UKRI STFC)

* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol * tools and technologies: MISP, Zeek, OpenSearch etc. * deploying a Security Operation Center * security incidents: detecting and alerting

Digital forensics: essentials and data acquisition

• Daniel Kouřil (CESNET)

digital evidence handling data acquisition (live systems, storage etc.) data analysis (OS, file system, network, executables etc.) reporting

Defensible security architecture: how to implement security principles

• Barbara Krašovec (IJS)

• data security • endpoint security: hardware, host, OS, BMC security, system hardening • application security • future security trends

Announcements

Digital forensics: data analysis

• Daniel Kouřil (CESNET)

Study time and/or daily sports

Incident response management

• Barbara Krašovec (IJS)

• incident management and coordination • incident analysis and investigation • communication with stakeholders • containment and eradiction • recovery • lessons learnt

Intrusion detection with SOC and AAI - exercises

• Tom Dack
• David Crooks (UKRI STFC)

* indicators of compromise, threat intelligence sharing, TLP protocol * tools and technologies * deploying a Security Operation Center * detecting security incidents

Digital forensics - exercises

• Daniel Kouřil (CESNET)

Introduction to forensics - exercises

• Daniel Kouřil

Announcements

Penetration testing - exercise debriefing

• Sebastian Lopienski (CERN)

Study time

Exam

Incident response - exercise

• Romain Wartel (CERN)
• David Crooks (UKRI STFC)
• Tom Dack
• Sebastian Lopienski (CERN)

* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects

Incident response - exercise

• Sebastian Lopienski (CERN)
• Tom Dack
• David Crooks (UKRI STFC)
• Romain Wartel (CERN)

* incident management and coordination * Sirtfi and trust frameworks * communication with local users, external communities, and other stakeholders * working with law enforcement * privacy aspects

Closing Session

• Alberto Pace (CERN)