On November 22 from 9:00 to 13:00 CET, DFN-CERT will be running a training session that takes the previous track “IT Security for System Administrators” to a new level. This training is organised in partnership with GÉANT’s Learning and Development team (GLAD) and on behalf of the GÉANT project WP8 (Security).
While the trainings so far have been purely theoretical, the new training is aimed to provide participants with hands-on experience of some basic tasks in intrusion detection and countermeasures.
This is done by providing a small lab environment of a handful of Linux servers that send their logs to a central log server, which provides an Elasticsearch interface to query the stored logs.
After a brief introduction into the Elasticsearch interface and the presentation of the current situation, participants are then given a series of challenges that task them to find evidence for malicious activity on “their” servers by searching the central logs for indicators of these activities.
The challenges are designed to resemble a realistic sequence of events as it would occur in real life, so that the individual stages of a successful attack can be seen. After each challenge, the traces of evidence and possible countermeasures are discussed so that all participants are on the same page again for the next step of the attack.
For the intrusion detection part and the suggestion of the countermeasures, the participants are organized in small groups so that no one has to perform this exercise on his own. To optimize the division into groups, we ask participants to answer three questions during the registration. Registration will close on 11th November.
Who should attend
This training is primarily designed for system and network administrators with no or little experience regarding intrusion detection. Participants can come from European NRENs and their end users.
As this training format is new and still under development, this particular training event is meant as a “public beta” version. Some rough edges are expected, and feedback from the participants is most welcome.