INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.

Slides:



Advertisements
Similar presentations
Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.
Advertisements

Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Retrieval of Information from Distributed Databases By Ananth Anandhakrishnan.
Intro to Version Control Have you ever …? Had an application crash and lose ALL of your work Made changes to a file for the worse and wished you could.
Chapter 19: Network Management Business Data Communications, 5e.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
An Introduction to MODS: The Metadata Object Description Schema Tech Talk By Daniel Gelaw Alemneh October 17, 2007 October 17, 2007.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.
1 / 16 CS 425/625 Software Engineering Software Configuration Management Guest Speaker Jim Hunt November 17, 2008.
Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.
STATISTICS Results of Working Group Discussion.
ITIL: Why Your IT Organization Should Care Service Support
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 11 System Test Design
The Development of a Common Vulnerability Enumeration Vulnerabilities and Exposures List Steven M. Christey David W. Baker William H. Hill David E. Mann.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00
Copyright : Hi Tech Criminal Justice, Raymond E. Foster Police Technology Police Technology Chapter Nine Police Technology External Systems.
Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005
Training Course 2 User Module Training Course 3 Data Administration Module Session 1 Orientation Session 2 User Interface Session 3 Database Administration.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.
IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.
1 © 1999 BMC SOFTWARE, INC. 2/10/00 SNMP Simple Network Management Protocol.
Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.
Session 21-2 Session 11 Common Origination and Disbursement (COD) & Commonline: Dispel the Myths.
Chapter 1 In-lab Quiz Next week
Nancy Lawler U.S. Department of Defense ISO/IEC Part 2: Classification Schemes Metadata Registries — Part 2: Classification Schemes The revision.
D1.HGE.CL7.01 D1.HGA.CL6.08 Slide 1. Introduction Design, prepare and present reports  Classroom schedule  Trainer contact details  Assessments  Resources:
Incident Object Description and Exchange Format
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Structural Modeling. Objectives O Understand the rules and style guidelines for creating CRC cards, class diagrams, and object diagrams. O Understand.
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.
Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ITEM #1 reference to retrieval and archiving is removed.
Eurostat SDMX and Global Standardisation Marco Pellegrino Eurostat, Statistical Office of the European Union Bangkok,
ISAN: International Standard Audiovisual Number Hollywood Post Alliance Technology Retreat January 27 & 28, 2005 S. Merrill Weiss Merrill Weiss Group LLC.
The Semantic Web. What is the Semantic Web? The Semantic Web is an extension of the current Web in which information is given well-defined meaning, enabling.
31 st October – 4 th November 2011 Fall 2011 Meeting Agenda Boulder, Colorado, USA SOIS Application Support Services WG Device Virtualisation & EDS Coordination.
Diameter Group Signaling Thursday, March 6 th, 2014 draft-ietf-diameter-group-signaling-03 Mark Jones, Marco Liebsch, Lionel Morand IETF 89 London, U.K.
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
Project management Topic 8 Configuration Management.
Database Environment CPSC 356 Database Ellen Walker Hiram College.
INCident Handling BOF (INCH) Thursday, March IETF 53.
Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit
Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire
Working Group "European Statistical Data Support" Luxembourg, 15 th February 2012 “Presentation of the new version of Assist“
Incident Object Description and Exchange Format
Georg Carle, Sebastian Zander, Tanja Zseby
MANAGEMENT OF STATISTICAL PRODUCTION PROCESS METADATA IN ISIS
Cryptography and Network Security
INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc
Authentication Applications
13 November 2018.
ITIL: Why Your IT Organization Should Care Service Support
ITIL: Why Your IT Organization Should Care Service Support
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
YANDEX ZEN based on Award Winning machine learning technology
Updated Handbook on MDG indicators
Metadata The metadata contains
ITIL: Why Your IT Organization Should Care Service Support
Incident Object Description and Exchange Format
Presentation transcript:

INCH Requirements IETF Interim meeting, Uppsala, Feb.2003

Review of RFC3067 IDWG requirements CERT Processes Based on

Standard Format CSIRT Incident Report Database Operational Model Other CSIRTs

CSIRT Incident Report Database Operational Model-2 Alerts, Reports Statistics Other CSIRTs

Enable categorization and statistical analysis Ensure integrity, authenticity and privacy Intent of the IR Data Model Enable controlled exchange and sharing

Requirements: General Format Communication Contents Process

IR Format Requirements: Support Internationalization Localization Have a standard structure Record time development Support unambiguous and reducible time references Support Access control (who will have to access what ) for different components, users Have Globally unique identification (for IR ) Be Extensible Well defined semantics for the components MUST:

IR Communication Requirements: Must have no effect on integrity, authenticity

IR Content Requirements: Globally unique identifier (LDAP-type name) Objective wherever possible: Classification scheme (enumerated) Units of quantities Originator, Owner, Contacts, History, Reference to advisories Description of the incident

IR Content Requirements: Additional references/pointers Impact Actions taken Indication of “original” vs “translated copies” (Guidelines for uniform description) Authenticity, Integrity verification info Multiple versions (in different languages)

ISSUES (1) We need a name: IRF: Incident Report Format IREF: Incident Report Exchange Format FIRE: Format for Incident Report Exchange FIR: Format for Incident Report

ISSUES (2) We need a some definitions: Incident: Reporter: Owner Contact Recorder Investigator

ISSUES (3) We need a some definitions… Attack: Attacker: (person, organization,..) Attack Target: (machine, network,… ) Contact: (person, organization) Attack Source: (machine, network,…) Investigator Victim: (person, organization,.. ) Impact Damage

ISSUES (4) We need an operational model … A detailed one is in the draft A simpler one is in this powerpoint

TO BE Done Edit and revise Explanation of rationale in some places

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.