terena logo
18 April 2011
First TRANSITS-II training course a success
Miroslaw Maj (Cybersecurity Foundation) at TRANSITS-II course

Staff of CSIRTs (Computer Security Incident Response Teams) took part in the first TRANSITS-II advanced CSIRT training course on 6-8 April 2011 in Zurich, Switzerland. Hosted by SWITCH, the Swiss national research and education network (NREN), the TRANSITS-II course offered participants an in-depth focus on advanced topics in four main areas: forensics, NetFlow analysis, CSIRT exercises and communication.

Modelled after the popular TRANSITS-I courses and presented by Peter Haag and Adrian Leuenberger (SWITCH), Miroslaw Maj (Cybersecurity Foundation) and Don Stikvoort (Avalon), the three-day course was attended by 15 students from 9 different countries and 13 non-profit and commercial organisations.

The theme of the entire first day was forensics. Participants received valuable information about how to retrieve and handle data needed in a legal investigation. Using a combination of hands-on exercises with demonstration data and a mock-up crime scene, participants learned practical techniques for doing a forensics review on an incident. They were also shown various types of forensic equipment such as write protection devices, interface cables and toolkits.

The second day focused primarily on the NetFlow protocol which is a standardised way of collecting IP traffic information for use in monitoring and accounting applications. Participants learned how to deal with NetFlow logs in a practical way including an introduction to the NfSen and NFDUMP tools which help extract and view the data.

During the third day, a new module was followed, to improve the communication skills of professionals in a technical role. It included well received exercises on how to effectively communicate incident scenarios to others using verbal and non-verbal techniques. TRANSITS-II concluded with an explanation of an easy-to-use collection of twelve exercises developed by CERT POLSKA for ENISA (European Network and Information Security Agency). All twelve exercises are available on the ENISA website.

Further information

CSIRT training materials were originally developed as part of the TRANSITS (Training of Network Security Incident Teams Staff) project from 2002-2005. This resulted in the TRANSITS-I course, which is aimed at new or potential CSIRT operatives who wish to gain basic grounding in the main aspects of working in an incident response team. More recently the TRANSITS-II course was developed, which is aimed at more developed CSIRTs and experienced operatives. TRANSITS provides affordable, high quality training to both new and mature CSIRTs across Europe and beyond. The courses are run on a cost recovery basis using the time of tutors kindly donated by various European organisations. Depending on demand, at least one TRANSITS-II course will be held annually and the TRANSITS-I course will continue to be run twice annually.

To receive information about future TRANSITS courses, please sign up to the TRANSITS announcements list or visit the TRANSITS website.