Presentation is loading. Please wait.

Presentation is loading. Please wait.

INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "INCH Requirements IETF Interim meeting, Uppsala, Feb.2003."— Presentation transcript:

1 INCH Requirements IETF Interim meeting, Uppsala, Feb.2003

2 Review of RFC3067 IDWG requirements CERT Processes Based on

3 Standard Format CSIRT Incident Report Database Operational Model Other CSIRTs

4 CSIRT Incident Report Database Operational Model-2 Alerts, Reports Statistics Other CSIRTs

5 Enable categorization and statistical analysis Ensure integrity, authenticity and privacy Intent of the IR Data Model Enable controlled exchange and sharing

6 Requirements: General Format Communication Contents Process

7 IR Format Requirements: Support Internationalization Localization Have a standard structure Record time development Support unambiguous and reducible time references Support Access control (who will have to access what ) for different components, users Have Globally unique identification (for IR ) Be Extensible Well defined semantics for the components MUST:

8 IR Communication Requirements: Must have no effect on integrity, authenticity

9 IR Content Requirements: Globally unique identifier (LDAP-type name) Objective wherever possible: Classification scheme (enumerated) Units of quantities Originator, Owner, Contacts, History, Reference to advisories Description of the incident

10 IR Content Requirements: Additional references/pointers Impact Actions taken Indication of “original” vs “translated copies” (Guidelines for uniform description) Authenticity, Integrity verification info Multiple versions (in different languages)

11 ISSUES (1) We need a name: IRF: Incident Report Format IREF: Incident Report Exchange Format FIRE: Format for Incident Report Exchange FIR: Format for Incident Report

12 ISSUES (2) We need a some definitions: Incident: Reporter: Owner Contact Recorder Investigator

13 ISSUES (3) We need a some definitions… Attack: Attacker: (person, organization,..) Attack Target: (machine, network,… ) Contact: (person, organization) Attack Source: (machine, network,…) Investigator Victim: (person, organization,.. ) Impact Damage

14 ISSUES (4) We need an operational model … A detailed one is in the draft A simpler one is in this powerpoint

15 TO BE Done Edit and revise Explanation of rationale in some places

Download ppt "INCH Requirements IETF Interim meeting, Uppsala, Feb.2003."

Similar presentations

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.
Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)

Information Document 18-E ITU-T Study Group 2 May 2002 QUESTION:Q.1/2 SOURCE:TSB TITLE:UNIVERSAL COMMUNICATIONS IDENTIFIER (UCI) (by Mike Pluke, ETSI)
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Retrieval of Information from Distributed Databases By Ananth Anandhakrishnan.

Retrieval of Information from Distributed Databases By Ananth Anandhakrishnan.
Intro to Version Control Have you ever …? Had an application crash and lose ALL of your work Made changes to a file for the worse and wished you could.

Intro to Version Control Have you ever …? Had an application crash and lose ALL of your work Made changes to a file for the worse and wished you could.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
An Introduction to MODS: The Metadata Object Description Schema Tech Talk By Daniel Gelaw Alemneh October 17, 2007 October 17, 2007.

An Introduction to MODS: The Metadata Object Description Schema Tech Talk By Daniel Gelaw Alemneh October 17, 2007 October 17, 2007.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.

INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.

Metadata: An Introduction By Wendy Duff October 13, 2001 ECURE.
1 / 16 CS 425/625 Software Engineering Software Configuration Management Guest Speaker Jim Hunt November 17, 2008.

1 / 16 CS 425/625 Software Engineering Software Configuration Management Guest Speaker Jim Hunt November 17, 2008.
Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.

Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.
Www.europeanfireacademy.eu STATISTICS Results of Working Group Discussion.

STATISTICS Results of Working Group Discussion.
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 11 System Test Design ------------------------------------------------------------------

Handouts Software Testing and Quality Assurance Theory and Practice Chapter 11 System Test Design
The Development of a Common Vulnerability Enumeration Vulnerabilities and Exposures List Steven M. Christey David W. Baker William H. Hill David E. Mann.

The Development of a Common Vulnerability Enumeration Vulnerabilities and Exposures List Steven M. Christey David W. Baker William H. Hill David E. Mann.

Similar presentations

Ads by Google