Thematic CERN School of Computing on Security 2025

6 Apr 2025, 11:00 → 12 Apr 2025, 12:00 Europe/Zagreb

Cosener's House

Alberto Pace (CERN), Kristina Gunne (CERN), Andrzej Nowicki (CERN)

The 16^th Thematic CERN School of Computing (tCSC security 2025) will take place on April 6-12 2025. The theme of the school is "Security of research computing infrastructures" - see the academic programme for more details. 

The school is proposed to people working in academia and research institutes, who as part of their job need to ensure security and resilience of computing resources they manage, and want to be prepared to detect and handle possible security incidents.

This school is organized by CERN in collaboration with the UK Research and Innovation, Science and Technologies Facilities Council (UKRI STFC) The school will take place in Abingdon and will be hosted in The Cosener's house, located in the grounds of the medieval Abbey of Abingdon, eight miles from Oxford.

Important Dates

• January 31st 2025- applications closing at midnight
• February 14th 2025 - invitations sent to the selected participants
• March 7th 2025 - registration fee payment deadline
• Sunday 6 April - Saturday 12 April 2025 - the school

                 

poster_a4.pdf

Sunday 6 April

15:00 Registration

1 Welcome to the CERN School of Computing

2 Self-presentation: 1 minute per person

19:00 Dinner at the Nag's head pub

Monday 7 April

3 Opening Session

Speakers: Alberto Pace (CERN), Sebastian Lopienski (CERN)

4 Security in research and scientific computing

• computer security: past, present and future
• current risk landscape
• most common threats and attack vectors
• "why are we here?"

Speaker: Dr David Crooks (UKRI STFC)

5 Announcements

11:00 Coffee break

6 Risk Management - lecture 1

Speaker: Sven Gabriel

12:30 Lunch

7 Study time and/or daily sports

8 Risk management - lecture 2

Speaker: Sven Gabriel

15:45 Coffee break

9 Security architecture fundamentals

Security architecture fundamentals
• fundamental security principles
• develop skills to be a security architect
• how to design and provide secure computing infrastructure
• security standards and frameworks
• physical security
• network security: segmentation, firewalls, VPNs

Speaker: Barbara Krašovec (IJS)

10 Identity, authentication, authorisation

• An introduction to the concepts of Identity, Authentication, and Authorization
• Authentication and authorisation for distributed research
• Methods for communicating authentication and authorization: Certificates, SAML, OAuth
• How these technologies fit within research infrastructures

Speaker: Mr Tom Dack

11 AAI - exercise

Speaker: Mr Tom Dack

19:15 Dinner at Cosener´s house

Tuesday 8 April

12 Defensible security architecture: how to implement security principles

• data security
• endpoint security: hardware, host, OS, BMC security, system hardening
• application security
• future security trends

Speaker: Barbara Krašovec (IJS)

13 Logging and traceability

• host-based logs (system and application level), network monitoring
• the importance of central logging
• tools and technologies
• data privacy, dealing with personal and sensitive data, log retention
• traceability challenges

Speaker: David Crooks (UKRI STFC)

14 Announcements

15 School photo

11:05 Coffee break

16 Virtualisation and cloud security

Virtualisation and cloud security
• virtualisation security fundamentals
• cloud service models
• authentication and key management
• data security in the cloud
• DevSecOps
• security in private and public cloud
• common threats in the cloud
• security tools

Speaker: Barbara Krašovec (IJS)

12:30 Lunch

17 Study time and/or daily sports

18 Vulnerability management

• vulnerability lifecycle, monitoring, scanning
• CVE, CVSS, CPE, CWE and related standards
• special cases: vulnerable hardware, EOL systems etc.

Speaker: Sven Gabriel

15:45 Coffee break

19 Student lightning talks

20 Application security

• web application security, typical web vulnerabilities
• ethical hacking
• introduction to pentesting

Speaker: Sebastian Lopienski (CERN)

21 Application Security - exercises

Speaker: Sebastian Lopienski (CERN)

19:15 Dinner at Cosener´s house

Wednesday 9 April

22 Container security

• key concepts of containers (namespaces, cgroups etc.) and Docker
• container security, threat landscape
• vulnerability and patch management

Speaker: Daniel Kouřil (CESNET)

23 Container security - exercises

Speaker: Daniel Kouřil (CESNET)

24 Announcements

11:00 Coffee break

25 Intrusion detection with SOC: deployment and operation

• indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
• tools and technologies: MISP, Zeek, OpenSearch etc.
• deploying a Security Operation Center
• security incidents: detecting and alerting* indicators of compromise (IoCs), threat intelligence sharing, TLP protocol
• tools and technologies: MISP, Zeek, OpenSearch etc.
• deploying a Security Operation Center
• security incidents: detecting and alerting

Speaker: David Crooks (UKRI STFC)

12:30 Collect lunch bags

26 Departure of bus to Oxford

14:00 Oxford visit, punting and dinner

27 Transport by bus to Cosener's house

Thursday 10 April

28 Security Operations

Speaker: Sven Gabriel

29 Incident response management

• incident management and coordination
• incident analysis and investigation
• communication with stakeholders
• containment and eradiction
• recovery
• lessons learnt

Speaker: Barbara Krašovec (IJS)

30 Announcements

11:00 Coffee break

31 Digital forensics: essentials and data acquisition

digital evidence handling
data acquisition (live systems, storage etc.)
data analysis (OS, file system, network, executables etc.)
reporting

Speaker: Daniel Kouřil (CESNET)

12:30 Lunch

32 Study time and/or daily sports

33 Digital forensics: data analysis

Speaker: Daniel Kouřil (CESNET)

15:45 Coffee break

34 Intrusion detection with SOC - exercises

• indicators of compromise, threat intelligence sharing, TLP protocol
• tools and technologies
• deploying a Security Operation Center
• detecting security incidents

Speaker: David Crooks (UKRI STFC)

19:15 Dinner at Cosener´s house

Friday 11 April

35 Digital forensics - exercises

Speaker: Daniel Kouřil (CESNET)

10:15 Coffee break

36 Introduction to forensics - exercises

Speaker: Daniel Kouřil

37 Announcements

38 Penetration testing - exercise debriefing

Speaker: Sebastian Lopienski (CERN)

12:30 Lunch

39 Study time

40 Exam

41 Incident response - exercise

• incident management and coordination
• Sirtfi and trust frameworks
• communication with local users, external communities, and other stakeholders
• working with law enforcement
• privacy aspects

Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack

16:30 Coffee break

42 Incident response - exercise

• incident management and coordination
• Sirtfi and trust frameworks
• communication with local users, external communities, and other stakeholders
• working with law enforcement
• privacy aspects

Speakers: Dr David Crooks (UKRI STFC), Romain Wartel (CERN), Sebastian Lopienski (CERN), Mr Tom Dack

43 Closing Session

Speaker: Alberto Pace (CERN)

19:30 Outside Closing Dinner at Doriandos

Saturday 12 April

10:00 Departure