Software Vulnerability Handling and practical incident recognition

Europe/Helsinki
Room 13 (Helsinki University, Main Building)

Room 13

Helsinki University, Main Building

Heiko Reese (KIT), Linda Cornwall (STFC), Sven Gabriel (FOM)
Description

This tutorial is part of the EGI Community Forum 2014 (Helsinki, 19-23 May)

This session will focus on two topics. Software Vulnerability handling and practical incident recognition.

The first part will review the Software Vulnerability Group (SVG) activities and the changes needed to take this activity to the Cloud. The main focus of SVG continues as ever to be to "eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, thus reducing the likelihood of security incidents". This will include what anyone (including a user) should do if they spot a potential software vulnerability.

In the second part we will look at a scenario when it all went wrong and you suddenly have a VM that does more than the things you expect when starting it up. As a hands-on exercise we will provide you with a Cloud-VM, that has several settings/installed software that you probably don't really want there. You have to find them.

A more general "Security Threat Risk Assessment" with a focus on the EGI Federated Cloud is at present planned and any threats of high risk value or high impact value can then be addressed to improve the overall security of the EGI Federated cloud infrastructure.

Who should attend:
- Cloud-Infrastructure users
- Cloud-Infrastructure providers
- VM endorsers
- VO security officers (of VOs planning to use Cloud-Infrastructures)

What to bring:
Laptop (preinstall latest version of VirtualBox)

Slides
text
Participants
  • Boris Parak
  • Luís Alves
  • Sven Gabriel
    • 11:00 11:20
      Software Vulnerability Handling 20m
      Speaker: Dr Linda Cornwall
    • 11:20 12:30
      practical incident recognition 1h 10m
      Speaker: Heiko Reese (KIT)