Training Sessions | Aug 26 | 2014 NSF Cybersecurity Summit

Tuesday, August 26 will feature a full day of training, available to all registrants.  All but the Bro session are half-day offerings. Seating may fill for some or all sessions, and pre-event registration for individual sessions is required to reserve a seat. Please register by August 19 to guarantee seating, and help us make final preparations. Direct inquiries to Craig Jackson (scjackso@indiana.edu).

Concurrent Morning Sessions

Bro Platform Training Workshop (Full Day)

Instructors:  Robin Sommer & Justin Azoff (Bro Center for Expertise)

Bro is a powerful network analysis framework used for security monitoring and network traffic analysis.  The user community includes major universities, research labs, supercomputing centers, and government and corporate organizations.  In order to gain the most utility out of Bro we encourage users to attend training workshops and participate in the greater online community.

The Bro development team will deliver a full day workshop focusing on such topics as installation and administration, examining logs, learning out-of-the-box and custom Bro scripts, and the Bro Intelligence Framework.

The morning session will focus on explaining what is Bro, how it is used, and out-of-the-box features. The afternoon session will focus more on hands-on exercises and programming in the Bro scripting language.

Required materials: A laptop with an ssh client and VirtualBox installed

Developing Cybersecurity Programs for NSF Projects

Instructors:  Jim Marsteller, Susan Sons, Craig Jackson, Jared Allar (CTSC)

Slides (PDF)

Audience: Principal Investigators, Security Professionals, Center and Operational Managers, NSF Program Officers

Team members of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) will present an interactive half day session on developing cybersecurity programs for NSF science and engineering projects. The session will be based on a cybersecurity planning guide (see, trustedci.org/guide) developed over the past six months with input from the Daniel K. Inouye Solar Telescope (DKIST) project and other members of the CI community.

The purpose of this session is to offer a streamlined approach to developing comprehensive cybersecurity programs for NSF funded projects. The guide has been developed to address the information security requirements outlined in the NSF cooperative agreements. This session will include an instructional review of the cybersecurity planning guide and supporting templates, which can be used to jumpstart program and policy development. Some of the topics that will be covered include:

  • Building or Improving a Cybersecurity Program
  • Unique and Critical Science Requirements, Constraints, and Security Controls
  • Information Security Policies and Procedures
  • The Role of Project Leadership
  • Establishing a Risk Management Approach to Information Security
  • Defining, Identifying, and Classifying Information Assets
  • The Role of Risk Assessments within the Program Lifecycle
  • Baseline Controls and Best Practices
  • Topical Information Security Considerations:  Third-Party Relationships, Asset Management, Access Control, Physical Security, Monitoring, Logging, and Retention, and more.
  • Program Assessment and Evaluation

While this session will be instructional in nature, it is also intended to be an interactive session to seek constructive feedback from attendees to further improve the guide.  There will be significant opportunities for discussion and Q&A.

Vulnerabilities, Threats, and Secure Coding Practices

Instructors:  Barton P. Miller & Elisa Heymann

Slides (PDF)

Security is crucial to the software that we develop and use. With the growth of both Grid and Cloud services, security is becoming even more critical. This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security.

This tutorial starts by presenting basic concepts related to threats, weaknesses and vulnerabilities. We will also show you how to think like an attacker. The rest of the tutorial presents coding practices that lead to vulnerabilities, with examples of how they commonly arise, techniques to prevent them, and exercises to reinforce you skills in avoiding them. Examples come from a wide variety of languages, including Java, C, C++, C#, Perl, Python, and Ruby, and come from real code belonging to Cloud and Grid systems we have assessed. This tutorial is an outgrowth of our experiences in performing vulnerability assessment of critical middleware, including Google Chrome, Wireshark, Condor, SDSC Storage Resource Broker, NCSA MyProxy, INFN VOMS Admin and Core, and many others.

Concurrent Afternoon Sessions

Bro Platform Training Workshop (continued)

See full description above.  

HPC, HIPAA, and FISMA: Meeting the Regulatory Challenge through Effective Risk Management

Instructors:  Bill Barnett & Anurag Shankar (Indiana University)

Slides (PowerPoint)

With biomedical research emerging as a formidable computing challenge needing support, high performance computing (HPC) is now face to face with regulatory compliance.  New language in government grants and contracts is or will soon be requiring compliance with federal cybersecurity standards for protecting research data, whether or not biomedical.  This half-day training session will familiarize the participants with relevant regulations, how they apply to HPC, the challenges they present, and offer a standards-based risk management approach to tackling them.

Topics covered will include:

  • HIPAA and FISMA Demystified.  History and introduction to the regulations, what they mean for HPC shops, what they do not.
  • The NIST Risk Management Framework.  Managing information security risk (NIST 800-39), conducting risk assessments (NIST 800-30), security and privacy controls (NIST 800-53), and assessing the controls (NIST 800-53A).
  • Leveraging the Framework.  Scoping, planning, implementing risk assessments, risk mitigation through selected security controls, documentation, ongoing risk management, reviews, and training, implementation at IU as example.

Incident Response Training

Instructors:  Warren Raquel, Randy Butler, & Patrick Duda (NCSA)

Slides (PowerPoint part 1, PowerPoint part 2)

Computer incident response is a required capability for any project or activity that is running internet connected services. This tutorial will provide basic information on setting up an incident response program so that the students can prepare their project team or organization for handling an incident investigation. The initial focus of the tutorial will be on identifying the processes, policies, information, and monitoring services that will be required to effectively respond to a security incident. This first section will additionally discuss investigation and analysis tools that might be useful for your investigations.  The second part of the tutorial will identify a collection of questions that the incident response team can use to guide them through both the investigation and the mitigation process. The final section will highlight several actual security incidents. Each of these incidents will be discussed in detail starting with how the incident was discovered and then continue through the investigation and mitigation process. The participant should leave the session with an understanding of the basic steps needed to create an incident response program and what to do when an incident occurs.

CTSC sensitive