Empowering openSUSE Server to Investigate Digital Evidence in Docker Swarm Clusters
Network Forensics Activity using GRR Framework on openSUSE Server to Investigate Web Log Files in Docker Swarm Clusters
Andi Sugandi
FOSS enthusiast and openSUSE Member in Indonesia
No video of the event yet, sorry!
Computer clusters built from Docker Swarm needs proper and fully technical administrations, not only by securing the whole system from attackers, but also investigating the attack after an accident. When intruder succeeds on attacking web apps that run on Docker Swarm clusters, DevOps and security practitioner should be working together to collect the digital evidence, examine and utilize it, so finally get reviewed to help identify policy shortcomings, procedural errors, and other issues that may need to be remedied.
Those combined activities (acquisition, examination, utilization, and review) and the underlying science is called digital forensics, and when it happens or relates to computer networks, is called network forensics.
Grr Rapid Response (GRR) Framework is a comprehensive framework and network forensics tool to investigate digital evidence (example: web apps/server logs) on computer networks, or even on computer clusters built from Docker Swarm.
This talk will present the implementation of Grr Rapid Response Framework on openSUSE Server to investigate digital evidence on Docker Swarm clusters, after intruder trying to penetrate (through DDoS attacks) web apps running on those clusters.
- Date:
- 2019 October 6 - 13:00
- Duration:
- 45 min
- Room:
- Ruang 203c (2nd floor)
- Conference:
- openSUSE.Asia Summit 2019
- Language:
- English
- Track:
- Difficulty:
- Medium
- Getting started hacking Uyuni
- Start Time:
- 2019 October 6 13:00
- Room:
- Ruang 202 (2nd floor)
- So You Wanna Be a Packager
- Start Time:
- 2019 October 6 13:00
- Room:
- Ruang 201 (2nd floor)
- openSUSE MicroOS
- Start Time:
- 2019 October 6 13:00
- Room:
- Ruang 203a (2nd floor)
- Free healthcare solutions on openSUSE
- Start Time:
- 2019 October 6 13:00
- Room:
- Aula Suastika (4th floor)
- Reliable Deployments with Kubernetes and Istio
- Start Time:
- 2019 October 6 13:00
- Room:
- Ruang 203b (2nd floor)