A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000.

Slides:

Advertisements

Similar presentations

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Advertisements

Distance Education Team 1 Adrian Sia Xavier Appé Anoop Georges Salvador Gonzales Augustine Ani Zijian Cao Joe Ondercin SNA Step 3 November 14, 2001.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Is There a Security Problem in Computing? Network Security / G. Steffen1.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Lecture 1: Overview modified from slides of Lawrie Brown.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 An Overview of Computer Security computer security.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

11/14 SNA Presentation 3 Survivable Network Analysis Oracle Financial System SNA step 3 Ali Ardalan Qianming “Michelle” Chen Yi Hu Jason Milletary Jian.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Web server security Dr Jim Briggs WEBP security1.

Threats and Attacks Principles of Information Security, 2nd Edition

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Lecture 11 Intrusion Detection (cont)

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Computer Crime and Information Technology Security

A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Information Systems Security Operations Security Domain #9.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topic 5: Basic Security.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.

Chap1: Is there a Security Problem in Computing?.

NT SECURITY: HACKING AND HOW TO PREVENT IT BY GREG WATSON.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.

1 Copyright © 2014 M. E. Kabay. All rights reserved. Taxonomy of Computer Security Breaches CSH6 Chapter 8 “Using a Common Language for Computer Security.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Module 7: Designing Security for Accounts and Services.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Servers in the Wild… …and the threats that lurk about. DePaul University Information Security Team TLT Presentation 08 May 2002.

Manajemen Jaringan, Sukiswo ST, MT 1 Network Control Sukiswo

Information Systems Security

Computer Security Incidents

Threats By Dr. Shadi Masadeh.

Secure Software Confidentiality Integrity Data Security Authentication

Cyber Crimes Chunlian QU 9/18/2018.

What Makes a Network Vulnerable?

IS4550 Security Policies and Implementation

Computer Security Incidents

Intrusion Detection system

Security network management

Chapter 1 Key Security Terms.

Presentation transcript:

A Common Language for Computer Security Incidents John D. Howard, Thomas A. Longstaff Presented by: Jason Milletary 9 November 2000

The Problem Security incident data compiled by many sources Lack of agreement between security incident terms used by different sources Unable to combine and compare data for useful analysis

Common Language Project Cooperation between Sandia National Labs and CERT/CC Develop a minimum set of high-level terms for security incidents Flexible enough to allow site-specific low-level terms Develop taxonomy for these terms Classification scheme that defines the terms and their relationships

Satisfactory Taxonomy Characteristics Mutually exclusive Exhaustive Unambiguous Repeatable Accepted Useful

Review of Previous Taxonomies List of terms Trap doors, IP spoofing, dumpster diving List of categories Social engineering, denial-of-service Results categories Corruption, denial Empirical lists External abuse of resource, masquerading Matrices Vulnerabilities vs. potential perpetrators Action-based Interruption, interception

CLP Incident Taxonomy Events An action directed at a target intended to change the state of that target* Action A step taken by a user or process in order to achieve a result* Target Logical entity Data, account Physical entity Computer, network * The IEEE Standard Dictionary of Electrical and Electronics Terms, Sixth Edition, 1996.

CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event

CLP Incident Taxonomy Attacks Use of a tool to exploit a vulnerability to perform an action on a target in order to achieve an unauthorized result Tool Means or method by which a vulnerability is exploited Vulnerability System weakness in which unauthorized access can be gained Unauthorized result An consequence of an the event phase of an attack

CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event Unauthorized Result Increased Access Disclosure of Information Corruption of Data Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Attack Information Exchange User Command Script or Program Autonomous Agent Toolkit Data Tap Distributed Tool attack

CLP Incident Taxonomy Incident A distinct group of attacks involving specific attackers, attacks, objectives, sites, and timing Attacker Individual(s) who use one or more attacks to reach an objective Objective End goal of an incident

CLP Incident Taxonomy Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork event Unauthorized Result Increased Access Disclosure of Information Corruption of Data Denial of Service Theft of Resources Vulnerability Design Implementation Configuration Tool Physical Attack Information Exchange User Command Script or Program Autonomou s Agent Toolkit Data Tap Distributed Tool attack Attackers Hackers Spies Terrorists Corporate Raiders Profession Criminals Vandals Voyeurs Objectives Challenge, status, thrill Political gain Financial gain Damage incident

CLP Incident Taxonomy Other terms Site and site name Dates Incident numbers Corrective action

Future Plans Implement common language Database Analysis of data Forensics Trending Insight into hacker objectives and motives Sharing of data between response teams