Thematic CERN School of Computing on Security 2025

6 Apr 2025, 11:00 → 12 Apr 2025, 12:00 Europe/Zagreb

Cosener's House

Alberto Pace (CERN), Kristina Gunne (CERN), Andrzej Nowicki (CERN)

The 16^th Thematic CERN School of Computing (tCSC security 2025) will take place on April 6-12 2025. The theme of the school is "Security of research computing infrastructures" - see the academic programme for more details. 

The school is proposed to people working in academia and research institutes, who as part of their job need to ensure security and resilience of computing resources they manage, and want to be prepared to detect and handle possible security incidents.

This school is organized by CERN in collaboration with the UK Research and Innovation, Science and Technologies Facilities Council (UKRI STFC) The school will take place in Abingdon and will be hosted in The Cosener's house, located in the grounds of the medieval Abbey of Abingdon, eight miles from Oxford.

Important Dates

• January 31st 2025- applications closing at midnight
• February 14th 2025 - invitations sent to the selected participants
• March 7th 2025 - registration fee payment deadline
• Sunday 6 April - Saturday 12 April 2025 - the school

                 

poster_a4.pdf

Sunday 6 April

15:00 → 17:00 Registration

17:00 → 17:20 Welcome to the CERN School of Computing

17:20 → 18:20 Self-presentation: 1 minute per person

19:00 → 20:30 Dinner at the Nag's head pub

Monday 7 April

09:00 → 09:45 Opening Session

Speakers: Alberto Pace (CERN), Sebastian Lopienski (CERN)

09:45 → 10:45 Security in research and scientific computing

• computer security: past, present and future
• current risk landscape
• most common threats and attack vectors
• "why are we here?"

Speaker: Dr David Crooks (UKRI STFC)

10:45 → 11:00 Announcements

11:00 → 11:30 Coffee break

11:30 → 12:30 Risk Management - lecture 1

Speaker: Sven Gabriel

12:30 → 13:15 Lunch

13:15 → 14:45 Study time and/or daily sports

14:45 → 15:45 Risk management - lecture 2

Speaker: Sven Gabriel

15:45 → 16:15 Coffee break

16:15 → 17:15 Security architecture fundamentals

Security architecture fundamentals
• fundamental security principles
• develop skills to be a security architect
• how to design and provide secure computing infrastructure
• security standards and frameworks
• physical security
• network security: segmentation, firewalls, VPNs

Speaker: Barbara Krašovec (IJS)

17:15 → 18:15 Identity, authentication, authorisation

• An introduction to the concepts of Identity, Authentication, and Authorization
• Authentication and authorisation for distributed research
• Methods for communicating authentication and authorization: Certificates, SAML, OAuth
• How these technologies fit within research infrastructures

Speaker: Mr Tom Dack

18:15 → 19:15 AAI - exercise

Speaker: Mr Tom Dack

19:15 → 20:00 Dinner at Cosener´s house

Tuesday 8 April

08:45 → 09:45 Defensible security architecture: how to implement security principles

• data security
• endpoint security: hardware, host, OS, BMC security, system hardening
• application security
• future security trends

Speaker: Barbara Krašovec (IJS)

09:45 → 10:45 Logging and traceability

• host-based logs (system and application level), network monitoring
• the importance of central logging
• tools and technologies
• data privacy, dealing with personal and sensitive data, log retention
• traceability challenges

Speaker: David Crooks (UKRI STFC)

10:45 → 11:00 Announcements

11:00 → 11:05 School photo

11:05 → 11:30 Coffee break

11:30 → 12:30 Virtualisation and cloud security

Virtualisation and cloud security
• virtualisation security fundamentals
• cloud service models
• authentication and key management
• data security in the cloud
• DevSecOps
• security in private and public cloud
• common threats in the cloud
• security tools

Speaker: Barbara Krašovec (IJS)

12:30 → 13:15 Lunch

13:15 → 14:45 Study time and/or daily sports

14:45 → 15:45 Vulnerability management

• vulnerability lifecycle, monitoring, scanning
• CVE, CVSS, CPE, CWE and related standards
• special cases: vulnerable hardware, EOL systems etc.

Speaker: Sven Gabriel

15:45 → 16:15 Coffee break

16:15 → 17:15 Student lightning talks

17:15 → 18:15 Application security

• web application security, typical web vulnerabilities
• ethical hacking
• introduction to pentesting

Speaker: Sebastian Lopienski (CERN)

18:15 → 19:15 Application Security - exercises

Speaker: Sebastian Lopienski (CERN)

19:15 → 20:00 Dinner at Cosener´s house

Wednesday 9 April

08:45 → 09:45 Container security

• key concepts of containers (namespaces, cgroups etc.) and Docker
• container security, threat landscape
• vulnerability and patch management

Speaker: Daniel Kouřil (CESNET)

09:45 → 10:45 Container security - exercises

Speaker: Daniel Kouřil (CESNET)

10:45 → 11:00 Announcements

11:00 → 11:30 Coffee break

11:30 → 12:30 Intrusion detection with SOC: deployment and operation

• indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
• tools and technologies: MISP, Zeek, OpenSearch etc.
• deploying a Security Operation Center
• security incidents: detecting and alerting* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
• tools and technologies: MISP, Zeek, OpenSearch etc.
• deploying a Security Operation Center
• security incidents: detecting and alerting

Speaker: David Crooks (UKRI STFC)

12:30 → 12:45 Collect lunch bags

13:00 → 14:00 Departure of bus to Oxford

14:00 → 21:30 Oxford visit, punting and dinner

21:30 → 22:30 Transport by bus to Cosener's house

Thursday 10 April

08:45 → 09:45 Security Operations

Speaker: Sven Gabriel

09:45 → 10:45 Incident response management

• incident management and coordination
• incident analysis and investigation
• communication with stakeholders
• containment and eradiction
• recovery
• lessons learnt

Speaker: Barbara Krašovec (IJS)

10:45 → 11:00 Announcements

11:00 → 11:30 Coffee break

11:30 → 12:30 Digital forensics: essentials and data acquisition

digital evidence handling
data acquisition (live systems, storage etc.)
data analysis (OS, file system, network, executables etc.)
reporting

Speaker: Daniel Kouřil (CESNET)

12:30 → 13:15 Lunch

13:15 → 14:45 Study time and/or daily sports

14:45 → 15:45 Digital forensics: data analysis

Speaker: Daniel Kouřil (CESNET)

15:45 → 16:15 Coffee break

16:15 → 18:15 Intrusion detection with SOC - exercises

• indicators of compromise, threat intelligence sharing, TLP protocol
• tools and technologies
• deploying a Security Operation Center
• detecting security incidents

Speaker: David Crooks (UKRI STFC)

19:15 → 20:00 Dinner at Cosener´s house

Friday 11 April

08:45 → 10:15 Digital forensics - exercises

Speaker: Daniel Kouřil (CESNET)

10:15 → 10:30 Coffee break

10:30 → 11:45 Introduction to forensics - exercises

Speaker: Daniel Kouřil

11:45 → 12:00 Announcements

12:00 → 12:30 Penetration testing - exercise debriefing

Speaker: Sebastian Lopienski (CERN)

12:30 → 13:15 Lunch

13:15 → 14:15 Study time

14:15 → 15:00 Exam

15:00 → 16:30 Incident response - exercise

• incident management and coordination
• Sirtfi and trust frameworks
• communication with local users, external communities, and other stakeholders
• working with law enforcement
• privacy aspects

Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack

16:30 → 16:45 Coffee break

16:45 → 18:00 Incident response - exercise

• incident management and coordination
• Sirtfi and trust frameworks
• communication with local users, external communities, and other stakeholders
• working with law enforcement
• privacy aspects

Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack

18:00 → 18:45 Closing Session

Speaker: Alberto Pace (CERN)

19:30 → 21:30 Outside Closing Dinner at Doriandos

Saturday 12 April

10:00 → 12:00 Departure