Program Overview
The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Mar 25-28, 2008.
Nevertheless, since this will be a joint event with other CSIRT initiatives in the region, there will be additional events adjacent to the TC in order to achieve non-FIRST-members as well. The event is the Security Workshop.
Tuesday, March 25th
| 09:00 – 09:30 | Registration |
| 11:00 – 11:30 | Coffee break |
| 15:30 – 16:00 | Coffee break |
Wednesday, March 26th
| 09:00 – 09:30 | Registration |
| 11:00 – 11:30 | Coffee break |
| 15:30 – 16:00 | Coffee break |
Thursday, March 27th
| 09:00 – 09:30 | Registration |
| 11:00 – 11:30 | Coffee break |
| 15:30 – 16:00 | Coffee break |
Friday, March 28th
| FIRST TC Hands On classes (restricted to FIRST members) |
|---|
| 09:00 – 10:30 | Network Forensics with netflow tools Werner Schram (SURFnet-CERT) MY Network Security Analysis: In-depth analysis with Sguil Mahmud Ab Rahman (MyCERT – CyberSecurity Malaysia, MY); Mohd Nasir Che Embee (MyCERT, MY) Web Server Security workshop Damien Curtain, Richard Billington (AusCERT) |
| 10:30 – 11:00 | Coffee break |
| 11:00 – 12:00 | Network Forensics with netflow tools Werner Schram (SURFnet-CERT) MY Network Security Analysis: In-depth analysis with Sguil Mahmud Ab Rahman (MyCERT – CyberSecurity Malaysia, MY); Mohd Nasir Che Embee (MyCERT, MY) Web Server Security workshop Damien Curtain, Richard Billington (AusCERT) |
| 13:30 – 15:30 | Network Forensics with netflow tools Werner Schram (SURFnet-CERT) MY Network Security Analysis: In-depth analysis with Sguil Mahmud Ab Rahman (MyCERT – CyberSecurity Malaysia, MY); Mohd Nasir Che Embee (MyCERT, MY) Web Server Security workshop Damien Curtain, Richard Billington (AusCERT) |
| 15:30 – 16:00 | Coffee break |
| 16:00 – 17:00 | Network Forensics with netflow tools Werner Schram (SURFnet-CERT) MY Network Security Analysis: In-depth analysis with Sguil Mahmud Ab Rahman (MyCERT – CyberSecurity Malaysia, MY); Mohd Nasir Che Embee (MyCERT, MY) Web Server Security workshop Damien Curtain, Richard Billington (AusCERT) |
Werner Schram
This is a lab to learn about the benefits of netflow data. Open source tools (like flowd, nfdump/nfsen) as well as tools and extensions developed within SURFcert will be shown. The main goal is to gain enough experience to setup a netflow environment best suited for your own network. Combined with some real world examples.
Format
To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.
March 28, 2008 09:00-10:30, March 28, 2008 11:00-12:00, March 28, 2008 13:30-15:30, March 28, 2008 16:00-17:00
- MY
Network Security Analysis: In-depth analysis with Sguil
Mahmud Ab Rahman (CyberSecurity Malaysia, MY), Mohd Nasir Che Embee (MY)
The main focus on this hands-on is to conduct analysis when an analyst presented with raw network traffics, an analyst should be able to read, decode, interpret and understand in details the nature of the attacks. By using relevant tools, it will assist the analyst to see the 'bigger' picture especially when he or she is able to correlate events from multiple sources. The Sguil is a few collection tools such as Tcpdump, Snort IDS, Tcpflow, Sancp, and Barnyard. The main idea of Sguil framework is to allow an analyst to conduct fastest and details analysis on network traffics within short period of time. The correlation between events can be investigate and analyze more in-depth and faster compare to traditional ways. Detecting either the attacks in data from network traffics are successfully or not can be confirmed as well. Fastest way of analyzing and detecting attacks on network traffics is critical. By using Sguil as framework to analyze and detect the network attacks will help analysts for conducting faster and details analysis.
Format
To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.
March 28, 2008 09:00-10:30, March 28, 2008 11:00-12:00, March 28, 2008 13:30-15:30, March 28, 2008 16:00-17:00
Web Server Security workshop
Damien Curtain, Richard Billington
This full day hands-on course will cover technical aspects of protection strategies for UNIX based servers utilising Apache web server, MySQL database and PHP application services. While focusing on generic UNIX/Linux operating system protection strategies, this course will be utilising FreeBSD for the practical exercises.
The course will identify common attack types, misconfigurations and architectural issues associated with maintaining a web-based application infrastructure.
Format
To participate students are advised to install vmware (www.vmware.com). Images will be provided during class.
March 28, 2008 09:00-10:30, March 28, 2008 11:00-12:00, March 28, 2008 13:30-15:30, March 28, 2008 16:00-17:00
