EGI CSIRT held an interesting and fruitful training and discussions at the EGI Conference 2023. First two sessions covered Threat Intelligence and SOC, and Security in OIDC deployments, followed by a hands-on security training on forensics.

Threat Intelligence and the cloud

Cloud providers agreed that security models in the cloud could be improved from the detection perspective. A lively discussion developed about what to monitor and how to detect anomalies in the cloud, system administrators exchanged their experience with security monitoring tools and logging services.

Security in OIDC deployments

The session on OIDC concentrated on user and infrastructure tokens, their usage, traceability and validity. How can we trace the token usage in case of compromise, are tokens even suitable for all workloads? Since tokens, by design, cannot be revoked, we should share information about suspicious tokens. Another aspect has been pointed out on how much better it would be if tokens would be integrated in the service part and users wouldn’t have to deal with them. Multiple aspects of MFA have been elaborated and different solutions discussed.

SSC Forensics Walkthrough

In March and April 2023 EGI CSIRT ran a security challenge that included multiple CMS sites. After summarising the whole activity, we presented the essentials of digital forensics, focusing on collecting and analysing artefacts that could be observed during the SSC run.