Inch requirements
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

INCH Requirements PowerPoint PPT Presentation


  • 47 Views
  • Uploaded on
  • Presentation posted in: General

INCH Requirements. IETF Interim meeting, Uppsala, Feb.2003. Review of RFC3067. Based on. CERT Processes. IDWG requirements. CSIRT. Incident Report Database. Other CSIRTs. Standard Format. Operational Model. CSIRT. Incident Report Database. Other CSIRTs. Alerts, Reports.

Download Presentation

INCH Requirements

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Inch requirements

INCH Requirements

IETF Interim meeting,

Uppsala, Feb.2003


Review of rfc3067

Review of RFC3067

Based on

CERT Processes

IDWG requirements


Operational model

CSIRT

Incident

Report

Database

Other CSIRTs

Standard Format

Operational Model


Operational model 2

CSIRT

Incident

Report

Database

Other CSIRTs

Alerts, Reports

Statistics

Operational Model-2


Intent of the ir data model

Intent of the IR Data Model

Enable controlled exchange and sharing

Enable categorization and statistical analysis

Ensure integrity, authenticity and privacy


Requirements

Requirements:

General

Format

Communication

Contents

Process


Ir format requirements

IR Format Requirements:

MUST:

Support Internationalization Localization

Have a standard structure

Well defined semantics for the components

Support unambiguous and reducible time references

Record time development

Support Access control (who will have to access what ) for different components, users

Have Globally unique identification (for IR )

Be Extensible


Ir communication requirements

IR Communication Requirements:

Must have no effect on integrity, authenticity


Ir content requirements

IR Content Requirements:

Globally unique identifier(LDAP-type name)

Objective wherever possible:Classification scheme (enumerated)Units of quantities

Originator, Owner, Contacts, History,

Reference to advisories

Description of the incident


Ir content requirements1

IR Content Requirements:

Multiple versions (in different languages)

Indication of “original” vs “translated copies”

Additional references/pointers

Impact

(Guidelines for uniform description)

Actions taken

Authenticity, Integrity verification info


Issues 1

ISSUES (1)

We need a name:

IRF: Incident Report Format

IREF: Incident Report Exchange Format

FIR: Format for Incident Report

FIRE: Format for Incident Report Exchange


Issues 2

ISSUES (2)

We need a some definitions:

Incident:

Reporter:

Recorder

Owner

Contact

Investigator


Issues 3

ISSUES (3)

We need a some definitions…

Attack:

Attacker: (person, organization, ..)

Attack Source: (machine, network,…)

Attack Target: (machine, network,… )

Victim: (person, organization, .. )

Contact: (person, organization)

Investigator

Impact

Damage


Issues 4

ISSUES (4)

We need an operational model …

A detailed one is in the draft

A simpler one is in this powerpoint


To be done

TO BE Done

Explanation of rationale in some places

Edit and revise


  • Login