1 / 14

Taxonomy of Computer Security Incidents

Taxonomy of Computer Security Incidents. Yashodhan Fadnavis. How does it help?. Taxonomy gives common names to event Security against a ‘class’ of attacks. Satisfying Taxonomy. Mutually Exclusive Exhaustive Unambiguous Repeatable Accepted Useful. Listing Terms.

odette
Download Presentation

Taxonomy of Computer Security Incidents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Taxonomy of Computer Security Incidents YashodhanFadnavis

  2. How does it help? • Taxonomy gives common names to event • Security against a ‘class’ of attacks

  3. Satisfying Taxonomy • Mutually Exclusive • Exhaustive • Unambiguous • Repeatable • Accepted • Useful

  4. Listing Terms • E.g. Password sniffing, Brute force attacks, Eavesdropping, Harassment, Covert Channels, Viruses, Logic Bombs, Software loopholes, WEP loopholes, Source address spoofing, Software piracy, Degradation of services, Session hijacking • Failed six satisfying properties = Bad Taxonomy. • Lists can be never ending.

  5. Listing categories Stealing Social passwords Engineering Cheswick and Bellovin List Bugs and backdoors Authentication Failures Protocol Failures Info Leakage DoS • Password sniffing • Brute force • Eavesdropping • Harassment • Covert • channels • Viruses • Logic Bombs • Software • loopholes • WEP • Loopholes • Source • Address • spoofing • Software • Piracy • Degradation • Of Service • Session • Hijacking

  6. Other taxonomies • Result categories • Empirical categories • Matrices

  7. Incident Taxonomy • Events: An action directed at a target which is intended to result in change of the state of the target. • Action: Step taken by a user or a process to achieve a result. • Target: A computer or a network logical entity.

  8. Action + Target = Event Event

  9. Attack Attack Event

  10. Incident • Incident: A group of attacks that can be distinguished from other attacks because of the uniqueness of the attackers, objectives, sites and timing. Attackers Attack Objectives

  11. Incident Taxonomy Incident

  12. Federal Incident Reporting Guidelines • Agency name • Point of contact information including name, telephone, and email address • Incident Category Type (e.g., CAT 1, CAT 2, etc.) • Incident Timestamp • Source IP, Destination IP, port, and protocol • Operating System, including version, patches, etc. • System Function (e.g., DNS/web server, workstation, etc.) • Antivirus software installed, including version, and latest updates • Location of the system(s) involved in the incident (e.g. Clemson) • Method used to identify the incident (e.g., IDS, audit log analysis, system administrator) • Impact to agency • Resolution

  13. Federal Agency Incident Categories

  14. Questions?

More Related