1 / 12

INCident Handling BOF (INCH)

INCident Handling BOF (INCH). 0900-1130 Thursday, March 21. 2002 IETF 53. INCH BOF Agenda. PREAMBLE 1. Agenda Bashing, Introduction, Minutes Taker – Danyliw -- 5 min. 2. INCH Status Report and News – Danyliw – 5 min. PRESENTATIONS

hija
Download Presentation

INCident Handling BOF (INCH)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INCident Handling BOF(INCH) 0900-1130 Thursday, March 21. 2002 IETF 53

  2. INCH BOF Agenda PREAMBLE 1. Agenda Bashing, Introduction, Minutes Taker – Danyliw -- 5 min. 2. INCH Status Report and News – Danyliw – 5 min. PRESENTATIONS 3. Terena IODEF Working Group Status Report – Meijer – 15 min 4. DMTF Common Support Schema – Rafalowi – 20 min FUTURE 5. Discuss requirement document (RFC 3067, new requirements) – 30 min 6. Discuss data model document (IODEF, high-level data elements) – 45 min 7. Discussions and Plans for the Future – 15 min IETF 53

  3. INCH Status (Timeline) • 12/10/2001 : IETF 52 – BOF #1 • 12/17 – 01/21/2002 : Charter Discussion • 01/21/2002 : Charter Submitted • 03/21/2002 : IETF 53 – BOF #2 We wait for IESG approval … IETF 53

  4. Charter Review: Goals Define data formats for communication between • a CSIRT and its constituency (e.g., users, customers, trusted reporters) which reports system misuse; • a CSIRT and parties involved in an incident investigation (e.g., law enforcement, attacking site); and • collaborating CSIRTs sharing information. IETF 53

  5. Charter Review: Deliverables 1. A document describing the high-level functional requirements of a data format … 2. A specification of the extensible, incident data language that describes the data formats that satisfy the requirements. 3. Guidelines for implementing the data format 4. A set of sample incident reports … IETF 53

  6. Other News • Terena IODEF-WG disbanded • W3C XML signing standard IETF 53

  7. Requirements Document • Are we happy with RFC 3067? • Reuse outright? • Reuse and Modify? • Ignore and start over? • Others? • Volunteers? IETF 53

  8. Mailing List • Lifetime of a document instance • Is an archiving format? Wire-format? IETF 53

  9. Data Model • Is it premature to discuss without the requirements? • Reuse of IODEF • Reuse outright? • Reuse and Modify? • Ignore and start over? • Others? IETF 53

  10. Mailing List -- General • Represent analysis results • Represent vulnerability reports • Sanitization • Diverse Evidence Support IETF 53

  11. Mailing List -- IODEF • Degree of IDMEF compatibility • Self-documentation (History class) • Setting restrictions on data usage • Constructs to support document updates • Impact and Confidence representation • “Purpose” (attribute) of an incident IETF 53

  12. Mailing List Post: inch@nic.surfnet.nl Archive:http://listserv.surfnet.nl/archives/inch.html Subscribe: send mail to listserv@nic.surfnet.nl with "subscribe inch <first name> <last name>" in the body IETF 53

More Related