It is a scenario that most system administrators recognize. Responsibility for a legacy system is thrust upon you, with little documentation or time for familiarization. Bad things happen, and you are expected to quickly bring the system back into service. You know how it goes.
In this course, the participants get full root access to a number of Linux systems, running more or less familiar services. Working in teams during an intense day of hands-on tournament style exercises, their task is to defend against and analyze realistic attacks of increasing sophistication, while keeping their systems up and running. The teams are scored on their performance, and the winning team will be celebrated the most l33t admins. There may even be prizes.
The teams will not be totally unprepared, though, as the course starts with a high speed, high density introduction into incident response and battlefield forensics, where the focus is on fully understanding what happened in an incident, so that the system can quickly be brought back into secure service.
This course draws on the lecturer's 15 years of expericence from IT security in complex environments to deliver an up-to-date, hands-on, and, above all, fun training.
"I can warmly recommend the Incident Response and Forensics Game to all serious research sites, it really gives a boost to the skills and motivation of your system admins. And the game is fun too." Urpo Kaila, Head of Security, CSC - IT Center for Science/Security Officer, EUDAT.
"The feedback from our system administrators has been exceptional and the course was clearly excellent. From the comments received, you are obviously very knowledgeable on the subject of computer security and were able to communicate the information very clearly. The course was well structured and has been of great benefit to our community." Prof. D.I. Britton, GridPP Project Leader
This course targets experienced system administrators who are comfortable in running Linux systems.
To be able to fully participate, you should be able to confidently say "yes" to at least half of these items:
Also, you are expected to bring your own laptop. Operating system is largely irrelevant, as long as you are able to use ssh (with OpenSSH keys) to log in to the game systems.