Operational network security – new for 2020 – virtual learning with experts

Training programme Overview

There is no need to stress the importance of security, and as a more recent addition: privacy, in NREN networks. But while the importance of security and privacy is widely recognized, training in these areas has often been aimed at the security personell tasked with handling incidents, while the system and network administration seems to have been neglected.

The “Operational network security” training programme has been created as a result of collating experiences and conducting discussions with security offices and network operators.

Its aim is to address a number of common security risks that NRENs face in their day-to-day operations: authentication, logging, audit, privacy, 1st Hop security, DNS security and protection from Distributed Denial-of-Service attack.

Eligibility

The training is open to all GÉANT members.

Who will benefit from attending this training programme?

  • System/network administrators at NRENs or NREN member organisations
  • System administrators at computing centres or NOCs
  • Broader categories of professionals with the interest in these subjects

Pre-requisites

Basic administration knowledge about operating systems and networking should be present. Also, some experience with Windows operating systems is useful.

Programme outline

The training programme consists of a number of live online, instructor-led sessions covering a wide range of subjects (sub-modules):

Sub-module titleDates
1. Operating system privacy and security (5 sessions, see details below)
03 to 13 August 2020
2. Client Privacy and Security21 September to 02 October 2020
3. Domain Name System (DNS) protection30 November to 11 December 2020
4. Distributed Denial of Service (DDoS) protection08 February to 19 February 2021

Meet the experts

The training programme is delivered by a team of experts in the field (GN4.3. WP8 T1):

Klaus Möller, DFN-CERT – Klaus has been working with DFN-CERT since 1999 as an incident responder, advisory writer, and security consultant. He has developed and carried out numerous trainings in  network security.

Stefan Kelm, DFN-CERT – Stefan has been working in the filed of computer security all his professional life, starting back in the early 1990s. He currently is involved in forensics, malware analysis, threat intelligence, and log file analysis.

Tobias (Toby) Dussa, DFN-CERT – Toby has been involved with IT security during his whole entire career.  After fifteen years at KIT, managing KIT-CERT and taking on IT security issues of all kinds, he has joined DFN-CERT in 2020.

The DFN-CERT is the security provider for the German National Research and Education Network, DFN

Module: Operating system (MS Windows) privacy and security

Session 1: Operating System Telemetry – configuring protection in Windows 10 (03/08/2020)

The session provided an insight into the telemetry mechanism Windows uses for data collection and how it can be configured to the needs of an organisation. It also explored additional ways to make Windows 10 more privacy-friendly.

To access the play list with the recording of this and other sessions please click here.

The copy of the presentation is available here .

To submit session evaluation please click here.

Session 2: Logging and Audit – Log management and Audit strategies (05/08/2020)

Everyone knows about log files. Many people, not only system administrators, even regularly look at application logs, syslog entries, or Windows Eventlogs. However, without sound processes for analyzing logs, their value is significantly reduced.

The session provided an insight into log management as well as audit strategies and some practical tips to configure windows & linux logging/audit settings and understand the need for central log collection and examination.

To access the play list with the recording of this and other sessions please click here.

The copy of the presentation is available here.

To submit session evaluation please click here.

Session 3: File Integrity Monitoring (FIM) for detecting security incidents  (07/08/2020)

Detecting malicious changes to operating system files early and completely  is vital to the handling of security incidents. Programs to look out for such changes, however are rarely used, although they have been around for a long time. This seems routed in the assumption that it is difficult and time-consuming to operate the properly while at the same time, their usefulness is unequivocally recognized.

The session introduced the concept of file integrity monitoring (FIM) and gave practical tips on how to plan and start with FIM in your organisation. It also included a live demonstration of one of the latest open source FIM solutions: Wazuh

To access the play list with the recording of this and other sessions please click here.

The copy of the presentation is available here.

To submit session evaluation please click here.

Session 4: Network 1st Hop Security  (11/08/2020)

Configuring end-user systems for access to the directly attached network is being eased by automatic configuration protocols like DHCP or IPv6 Router Discovery. Also, for the operation on the attached link, finding the corresponding link-layer address to an ip-address is done with protocols like ARP or IPv6 Neighbor Discovery.

While these protocols are vital to the operation of the network, they inherit a number of security risks, which are also explored in this session as well as the ways to mitigate some of security risks.

To access the play list with the recording of this and other sessions please click here.

The copy of the presentation is available here.

To submit session evaluation please click here.

Session 5: Authentication methods – how to avoid common pitfalls (13/08/2020)

13/08/2020 2 pm CEST Click here to register

Authentication is the base for any kind of secure system.  Unfortunately, it is also easy to get wrong, and getting it wrong fundamentally breaches a system’s security. 

The session provides an overview of authentication methods and outlines the most important and relevant approaches in more detail to help you avoid the most common pitfalls.

To access the play list with the recording of this and other sessions please click here. (Recording becomes available shortly after the session).

The copy of the presentation will be available shortly.

To submit session evaluation please click here.

The following modules – to follow (September 2020 to February 2021)

2. Client Privacy and Security – the sessions schedule TBC

3. Domain Name System (DNS) protection – the sessions schedule TBC

4. Distributed Denial of Service (DDoS) protection – the sessions schedule TBC

We will add further details as soon as all the arrangements are finalised.

In the meantime if you have any queries about the programme and/or registration please get in touch with glad@geant.org

Look forward to seeing you soon!