Training: Security Log Analysis
Tuesday, May 03 | 8:30AM–12:00PM ET
Presenters: Ishan and Mark
The security log analysis workshop walks participants through the security log analysis life cycle, providing considerations for centralized log collection and log management tools, phases of compromise, and examples from real attacks. We will be analyzing logs from Zeek Network Security Monitor, the Apache web server, two-factor authentication systems, cloud service logs, and others. This workshop also includes a hands-on exercise that will demonstrate techniques to analyze logs to detect security incidents using both the command line and Elastic Stack (aka ELK). The hands-on exercise will provide an overview of investigation techniques to determine security incident logs of some common attacks like SQL injection, filesystem traversal, brute force attacks, command-line injection, and more. Recent security vulnerabilities, such as log4shell, will also be discussed, along with techniques for detection. This will be an interactive session allowing Q&A and will also feature interactive polls to enhance participants' learning experience.
Training: Security in the Shell (or, How I Learned to Think Before Forking)
Tuesday, May 03 | 1:00PM–4:30PM ET
Presenters: Ishan and Mark
Although it is one of the oldest technologies in IT, the command line and terminal emulators continue to be in wide use for modern IT needs. Although people may think of these technologies as having a solid security footing, there are a number of ways someone can shoot themselves in the foot while using them, and I'm not just talking about running "rm -fr /". In this workshop, Mark Krenz, the creator of the popular Twitter account climagic, will demonstrate these and guide students through how to practice better command line security, from understanding the metadata that is generated by your favorite editor to knowing how to exploit SSH, knowing how to protect yourself when checking malware, and much more. There is something for everyone in this workshop, and you are sure to come away with a plethora of job-saving tips.
Breakout session: Security Recommendations for Science DMZs
Wednesday, May 04 | 10:45AM–11:30AM ET
Presenters: Ishan, Kathy, and Mark
A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made. They have become a common solution to the issue of busy academic networks causing slowdowns or failures of large data transfers. A new paper published by Trusted CI on the security of Science DMZs provides an overview of this type of network architecture, summarizing the current best practice cybersecurity risk mitigations as well as providing additional security recommendations. This session is a brief introduction to the Science DMZ concept and presents an overview of the mitigations documented in the paper.
