November 22 – 24: Forum of Incident Response and Security Teams – Transits I training
————————————————————————————————————————–
Course Summary
The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are members of a Computer Security Incident Response Team, who will join such a team, or who are involved in creating such a team.
Pre-requisites
Trainees are typically experienced system, network or IT managers. (Interested persons from other backgrounds are welcome to contact the organizers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.
The following modules are covered:
CSIRT Organization
Describes how CSIRTs fit into their organizations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organization, staffing the CSIRT, funding. Students will discuss their own organization and how their team fits into it.
Technical Introduction
A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.
CSIRT Operations
Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.
Legal Issues
A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence.
How to Apply:
In order for your application to be processed efficiently (visa, invitation letter, and additional information, we request that you register here. [http://meeting.afrinic.net/afrinic-21/en/attend/register] In addition, please send your team information to globalcc(at)africacert.org with:
- in the subject : africacert 7 – Call for leadership and responsibility.
- providing the information specified below:
*** Full Name, address and short description (maximum 200 words) of the organization by which the applicant is employed.
Note: It is very important that you provide us with your personal institutional email address and not a generic one or an online service. This is to ensure good communications and to verify the validity of the application.
*** Name, job title, postal address, phone and fax number and e-mail address of the person at management level within this organization who supports the application and can provide more information about the applicant.
*** Team Information (if team in operation); contact information and Charter according to RFC 2350 – (http://www.ietf.org/rfc/rfc2350.txt)
FEES:
The participation is free for AfricaCERT Members. For other participants, the fees are $200. If you wish to become AfricaCERT Member, please send a request to globalcc@africacert.org.
NOTE:
Applications will be accepted on a FIRST-COME-FIRST-SERVED basis.
Selection criteria will include the education and experience of the applicants, the contribution that they will be able to make to the overall security of the Internet. The workshop organizers may ask advice on the applications from the managers of the applicants and from appropriate members of the African Internet community.
November 25 – JP Day – Practical Web Incident Response.
Abstract: In this one day workshop, participants are expected to learn
how to handle incidents including web server/web application
compromise.
The Workshop includes introduction to http protocol, basic web application
technology, tool for log analysis. Also participants analyze logs of
compromised server, identify attack vector and vulnerability and
discuss how to respond.
- Participants required to bring their own laptop
- Knowledge of basic utility command like grep, awk will be a plus.
AfricaCERT 7 – Call for Leadership and Responsibility. Mauritius November 22 to 26, 2014.
- Lessons learned
- Best Practices
- Challenges and Solutions.
- Legal Arsenal in their countries
- The situation in their country
- Tools and solutions
- Malware Analysis.
The African Computer Emergency Response Team Coordination Center; AfricaCERT invites you to submit a presentation / paper for AfricaCERT 7 Day to be held in Mauritius November 26 2014.
AfricaCERT meetings provide a forum for collaboration and exchange for Computer Emergency response Teams and interested parties to sharing common practices, information, tools, techniques, and strategies that address problems related to cyber-security.
AfricaCERT Day builds on the experience of previous AfricaCERT events held in different African countries in collaboration with AfNOG and AfriNIC.
AfricaCERT 7 Day follows five days of extensive training in collaboration with FIRST and JPCERT from November 22 to 25.
AfricaCERT 7’s theme is “A Call for Leadership and Responsibility” Speakers, are invited to present papers around the theme and related to:
Presentation Guidelines Each speaker will have 30-minutes session including Q&A The Deadline for submission is October. Speakers will be informed before October 30.