Presentation is loading. Please wait.

Presentation is loading. Please wait.

INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc

Published byEugene Sparks Modified over 5 years ago

Similar presentations

Presentation on theme: "INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc"— Presentation transcript:

1 INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc
IDS 研究会 14/12/99   INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc Hiroyuki Ohno Wide Project IETF-55 Atlanta, November, 2002 Glenn M.

2 Based on a review of RFC3067 CERT Processes IDWG requirements IDS 研究会
14/12/99   Based on a review of RFC3067 CERT Processes IDWG requirements Glenn M.

3 Operational Model CSIRT Other CSIRTs Incident Report Database IDS 研究会
14/12/99   Operational Model Other CSIRTs CSIRT Incident Report Database Glenn M.

4 Operational Model-2 Alerts, Reports Statistics CSIRT Other CSIRTs
IDS 研究会 14/12/99   Operational Model-2 Other CSIRTs CSIRT Incident Report Database Alerts, Reports Statistics Glenn M.

5 Incident Report Handling Requirements: Changes from RFC3067
IDS 研究会 14/12/99   Incident Report Handling Requirements: Changes from RFC3067 Alerts Incident Reports Sensor Human Cryptic (codes etc.) Descriptive May contain Alerts Manager & Humans Standard based app. Standard ? Glenn M.

6 Intent of the IR Data Model
IDS 研究会 Intent of the IR Data Model 14/12/99   controlled exchange and sharing clear and unambiguous semantics even across regional/national boundaries (as far as possible) well defined syntax (atleast for parts of it) enable categorization and statistical analysis ensure integrity and the authenticity Glenn M.

7 Requirements: General Format Communication Contents Process IDS 研究会
14/12/99   Requirements: General Format Communication Contents Process Glenn M.

8 IR Format Requirements:
IDS 研究会 14/12/99   IR Format Requirements: Internationalization & Localization Structured Well defined semantics for the components Unambiguous and reducible time references Record of time development Access control (who will have to access what ) different components, users Globally unique identification (for IR ) Extensibility Glenn M.

9 IR Communication Requirements:
IDS 研究会 14/12/99   IR Communication Requirements: Must have no effect on integrity, authenticity Glenn M.

10 IR Content Requirements:
IDS 研究会 14/12/99   IR Content Requirements: Various facets of the entities involved Not only network related information Various naming rules for the entities Globally unique identifier  (components) Classification scheme (enumerated) Several classifications Originator, Owner, Contacts, History, Reference to advisories Description of the incident Glenn M.

11 IR Content Requirements:
IDS 研究会 14/12/99   IR Content Requirements: Multiple versions (in different languages) Indication of “original” vs “translated copies” IDMEF Alerts Logs, Dumps Additional references/pointers Impact (Guidelines for uniform description) Actions taken Authenticity, Integrity verification info Glenn M.

12 IR Process Requirements:
IDS 研究会 14/12/99   IR Process Requirements: Must be deployed real soon ! Glenn M.

Download ppt "INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc"

Similar presentations

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
3. Technical and administrative metadata standards Metadata Standards and Applications.

3. Technical and administrative metadata standards Metadata Standards and Applications.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.

INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.

INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.
CS 603 Naming in Distributed Systems January 28, 2002.

CS 603 Naming in Distributed Systems January 28, 2002.
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
Lee Romero blog.leeromero.org November 2010 Enterprise taxonomy Six components of a vision.

Lee Romero blog.leeromero.org November 2010 Enterprise taxonomy Six components of a vision.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.

A Model for Exchanging Vulnerability Information draft-booth-sacm-vuln-model-01 David Waltermire.
IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.

IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.
A Brief Introduction to Patient Identification Using the VUHID System Barry R. Hieb, MD Chief Scientist, Global Patient Identifiers Inc. Kantara, June.

A Brief Introduction to Patient Identification Using the VUHID System Barry R. Hieb, MD Chief Scientist, Global Patient Identifiers Inc. Kantara, June.
Www.bmc.com 1 © 1999 BMC SOFTWARE, INC. 2/10/00 SNMP Simple Network Management Protocol.

1 © 1999 BMC SOFTWARE, INC. 2/10/00 SNMP Simple Network Management Protocol.
Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.

Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.
Topic Rathachai Chawuthai Information Management CSIM / AIT Review Draft/Issued document 0.1.

Topic Rathachai Chawuthai Information Management CSIM / AIT Review Draft/Issued document 0.1.
Incident Object Description and Exchange Format

Incident Object Description and Exchange Format
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.

Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
ITEM #1 reference to retrieval and archiving is removed.

ITEM #1 reference to retrieval and archiving is removed.

Similar presentations

Ads by Google