The Blue Team Training takes “IT Security for System Administrators” to a new level.
This new GÉANT security training programme aims to provide participants with practical and hands-on experience of some basic tasks in intrusion detection and countermeasures. This is achieved by providing a small lab environment of a handful of Linux servers that send their logs to a central log server which provides an Elasticsearch interface to query the stored logs.
After a brief introduction to the Elasticsearch interface, participants are then given a series of challenges that task them to find evidence for malicious activity on “their” servers by searching the central logs for indicators of such activities.
The challenges are designed to resemble a realistic sequence of events as it would occur in real life, so that the individual stages of a successful attack can be seen. After each challenge, there will be a discussion on the traces of evidence and possible countermeasures to enable participants to be on the same page again for the next step of the attack.
For the intrusion detection part and the suggestion of the countermeasures, participants are organised in small groups so that no one has to perform this exercise on his own. To optimise the division into groups, participants will be asked to answer three questions during the registration.
Who should attend
This training is primarily designed for system and network administrators with no or little experience of intrusion detection. Participants from European NRENs and their end users are welcome.