Vulnerability Management (Overview)- new for 2021 – virtual learning with experts

Vulnerability management – programme overview

Vulnerabilities, in software and sometimes even in hardware, are open gates attackers can utilize to gain access to private systems and networks. In fact, the situation has become worse: in addition to everything else IT managers and administrators have to deal with, there is a growing concern that a single critical vulnerability if overlooked – it could be exploited later on and create further issues. Vulnerability Management addresses this problem with a systematic approach to make this a reliable and reoccurring process. This module gives an overview of standards, details how to distribute security advisories among your constituency and how to plan an roll out patches in your organisation.

This module “Vulnerabilities management – overview” consists of the following sessions:

  • Vulnerability Management Process & Standards 27 May 2021 2 pm CEST
  • Collecting and Disseminating Vulnerability Information 08 June 2021 2 pm CEST
  • Patch Management 10 June 2021 2 pm CEST

To register to attend the sessions of the “Vulnerabilities management – overview” module please click here. Registration is now closed.

The “Overview ” module is to be followed by:

“Finding Vulnerabilities I – Looking into Networks” module; sessions to be delivered between 28 June to 05 July 2021. To register click here. Sessions schedule is available below.

“Finding Vulnerabilities II – Looking into Code” module; sessions to be delivered between 14 to 19 July 2021

Eligibility

The training is open to all GÉANT members and their member organisations.

Who will benefit from attending this training programme?

  • System/network administrators at NRENs or NREN member organisations
  • System administrators at computing centres or NOCs
  • Management personnel tasked with security configuration and maintenance
  • Broader categories of professionals with the interest in these subjects

Pre-requisites

Basic administration knowledge about operating systems and networking should be present.

To register to attend all or selected sessions in this module please click here.

Vulnerability Management – sessions (live online) schedule

All sessions will be recorded and added to the existing playlist, to access the playlist please click here.

Session titleDate/timePresenter
Vulnerability Management Process & Standards

Session recording is available here.
To access the copy of the presentation – please click here.

Duration – 1 hour and 10 minutes

The task of dealing with vulnerabilities in software, and sometimes even in hardware, has gone from an ad hoc, emergency activity to a continuous, planned task that has become one of the building blocks of reliable, secure systems and networks. This webinar will give an overview of the existing standards and will cover some of the key elements, like CVE and CVSS, in depth, that will be referenced throughout the coming webinars on vulnerability management
27/05/2021
2 pm CEST
Klaus Möller, DFN-CERT
Vulnerability Information – How to gather and distribute security advisories to your constituency

Duration – 1 hour

Session recording is available here
To access the copy of the presentation – please click here


Before one can address with vulnerabilities, one needs to be aware of them: their existence, their consequences, and what to do about them. While CSIRTs and PSIRTs take care of the initial steps in researching and publishing information, the task of actually forwarding this information to the administrators responsible for vulnerable systems, is something that every organisation has to deal with themselves. This webinar will show how this task can be dealt with and what information should be included in a security advisory.
08/06/2021
2 pm CEST
Klaus Möller, DFN-CERT
Patch Management – How to roll out and track security fixes to your systems

Duration – 1 hour

Session recording is available here
To access the copy of the presentation – please click here

‘Patching’ is the name given to the process of replacing vulnerable software with a corrected version. However, the sheer number of patches that has to be applied constantly has led to the requirement to automate and track the application of patches. This webinar will give an overview of the process of applying patches and what tools can be used to automate the task.
10/06/2021
2 pm CEST
Klaus Möller, DFN-CERT

“Finding vulnerabilities I – looking into the networks” (Module Two of the “Vulnerability management” training programme)

Sessions (live online) schedule

All sessions will be recorded and added to the existing playlist, to access the playlist please click here.

Session titleDate/TimePresenter
Local vulnerability scanning

Duration 1 hour

The session covers the following subjects:
Process
Checklists
Center for Internet Security (ci security) Benchmarks
Tools
Lynis
CIS-CAT
Tiger
28/06/21 2 pm CESTStefan Kelm, DFN-CERT
Network vulnerability scanning

Duration 1 hour

The session covers the following subjects:
Process (according to SANS)
Preparation
Vulnerability scan
Define remediating actions
Implement remediating actions
Rescan
Tools
Portscanner: nmap, …
Vulnerability Scanner: OpenVAS, Nessus,
Web Application Scanner: Nikto, Arachni, w3af, …
30/06/21 2 pm CESTTobias Dussa, DFN-CERT
Penetration tests

Duration 1 hour

The session covers the following subjects:

Reasons for penetration testing
Types of Penetration Tests
Black Box
Grey Box
White Box
Process
Planning
Scope
Success
The difference between penetration tests and vulnerability
05/07/21 2 pm CEST Klaus Möller, DFN-CERT

Meet the experts

The training programme is delivered by a team of experts in the field:

Klaus Möller, DFN-CERT – Klaus has been working with DFN-CERT since 1999 as an incident responder, advisory writer, and security consultant. He has developed and carried out numerous trainings in  network security.

Stefan Kelm, DFN-CERT – Stefan has been working in the field of computer security all his professional life, starting back in the early 1990s. He currently is involved in forensics, malware analysis, threat intelligence, and log file analysis.

Tobias (Toby) Dussa, DFN-CERT – Toby has been involved with IT security during his whole entire career.  After fifteen years at KIT, managing KIT-CERT and taking on IT security issues of all kinds, he has joined DFN-CERT in 2020.

The DFN-CERT is the security provider for the German National Research and Education Network, DFN

If you just joined us the section below provides the information about the training programme, its outline and the listing of the next two modules.

And there is more to come – check our calendar for further updates

Finding vulnerabilities I – Looking into networks:

  • Local vulnerabilities scanning
  • Network vulnerabilities scanning
  • Penetration tests

Finding vulnerabilities II – Looking into the code

  • Breach and attack simulation
  • Code audits
  • Vulnerability disclosure

All sessions are delivered live online.

Module titleDates
Finding vulnerabilities II – Looking into the code
14 – 19 July 2021

We will add further details as soon as all the arrangements for each module are finalised.

In the meantime if you have any queries about the programme and/or registration please get in touch with glad@geant.org

Look forward to seeing you soon!