taxonomy of computer security incidents l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Taxonomy of Computer Security Incidents PowerPoint Presentation
Download Presentation
Taxonomy of Computer Security Incidents

Loading in 2 Seconds...

play fullscreen
1 / 14

Taxonomy of Computer Security Incidents - PowerPoint PPT Presentation


  • 146 Views
  • Uploaded on

Taxonomy of Computer Security Incidents. Yashodhan Fadnavis. How does it help?. Taxonomy gives common names to event Security against a ‘class’ of attacks. Satisfying Taxonomy. Mutually Exclusive Exhaustive Unambiguous Repeatable Accepted Useful. Listing Terms.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Taxonomy of Computer Security Incidents' - odette


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
how does it help
How does it help?
  • Taxonomy gives common names to event
  • Security against a ‘class’ of attacks
satisfying taxonomy
Satisfying Taxonomy
  • Mutually Exclusive
  • Exhaustive
  • Unambiguous
  • Repeatable
  • Accepted
  • Useful
listing terms
Listing Terms
  • E.g. Password sniffing, Brute force attacks, Eavesdropping, Harassment, Covert Channels, Viruses, Logic Bombs, Software loopholes, WEP loopholes, Source address spoofing, Software piracy, Degradation of services, Session hijacking
  • Failed six satisfying properties = Bad Taxonomy.
  • Lists can be never ending.
listing categories
Listing categories

Stealing Social

passwords Engineering

Cheswick and Bellovin List

Bugs and

backdoors

Authentication

Failures

Protocol

Failures

Info Leakage

DoS

  • Password sniffing
  • Brute force
  • Eavesdropping
  • Harassment
  • Covert
  • channels
  • Viruses
  • Logic Bombs
  • Software
  • loopholes
  • WEP
  • Loopholes
  • Source
  • Address
  • spoofing
  • Software
  • Piracy
  • Degradation
  • Of Service
  • Session
  • Hijacking
other taxonomies
Other taxonomies
  • Result categories
  • Empirical categories
  • Matrices
incident taxonomy
Incident Taxonomy
  • Events: An action directed at a target which is intended to result in change of the state of the target.
  • Action: Step taken by a user or a process to achieve a result.
  • Target: A computer or a network logical entity.
attack
Attack

Attack

Event

incident
Incident
  • Incident: A group of attacks that can be distinguished from other attacks because of the uniqueness of the attackers, objectives, sites and timing.

Attackers

Attack

Objectives

federal incident reporting guidelines
Federal Incident Reporting Guidelines
  • Agency name
  • Point of contact information including name, telephone, and email address
  • Incident Category Type (e.g., CAT 1, CAT 2, etc.)
  • Incident Timestamp
  • Source IP, Destination IP, port, and protocol
  • Operating System, including version, patches, etc.
  • System Function (e.g., DNS/web server, workstation, etc.)
  • Antivirus software installed, including version, and latest updates
  • Location of the system(s) involved in the incident (e.g. Clemson)
  • Method used to identify the incident (e.g., IDS, audit log analysis, system administrator)
  • Impact to agency
  • Resolution