RID IETF Draft Update

Similar documents
RID IETF Draft Update

Extended INCident Handling Working Group (INCH)

Our brief history. Management and security. Traceback by traffic pattern. R&D on Traceback technology and the derivatives

GARNET. Graphical Attack graph and Reachability Network Evaluation Tool* Leevar Williams, Richard Lippmann, Kyle Ingols. MIT Lincoln Laboratory

The State of Standardization Efforts to support Data Exchange in the Security Domain

Firewall Policy. Prepared By Document Version Phone Number Kevin Kuhn Version /

NGN: Carriers and Vendors Must Take Security Seriously

10 Defense Mechanisms

Data Transport. Publisher's Note

October 4, 2000 Expires in six months. SMTP Service Extension for Secure SMTP over TLS. Status of this Memo

Network Security Policy

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Chapter 7. Denial of Service Attacks

Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more?)

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Introduction and Statement of the Problem

RID Implementation Report

The Impact of Transport Header Encryption on Operation and Evolution of the Internet

NFS Version 4 Security Update

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

2. Firewall Management Tools used to monitor and control the Firewall Environment.

Network Security. Thierry Sans

UNIT 5 MANAGING COMPUTER NETWORKS LEVEL 3 NETWORK PROTOCOLS

Real-time DDoS Defense: A collaborative Approach at Internet Scale

ATNP WG2 Utrecht, Netherlands 29 June 1 July IDRP Security. Prepared by Ron Jones. Summary

Privacy and Security in Smart Grids

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

TCP Roadmap 2.0. Alexander Zimmermann

Creating VPN s with IPsec

GOING WHERE NO WAFS HAVE GONE BEFORE

Security Standards for Information Systems

Secure Communications on VoIP Networks

INTERNATIONAL TELECOMMUNICATION UNION

Why Firewalls? Firewall Characteristics

Building Global CSIRT Capabilities

Statistics Clearinghouse function Infrastructure Alert function

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Network Security and Cryptography. 2 September Marking Scheme

Lecture 13 Page 1. Lecture 13 Page 3

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Yang Models for I2NSF Capabilities. draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz`

Grid Security Incident Handling and Response Guide

Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00

Appendix 12 Risk Assessment Plan

IODEF Data Model Status (changes from 02 to 03) <draft-ietf-inch-iodef-03>

Denial of Service Protection Standardize Defense or Loose the War

Creating the IETF IDWG Intrusion Detection Protocols IDMEF & IDXP

Configuring Internet Key Exchange Security Protocol

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

Nettest. An implementation of BEREC s recommendations

XEP-0206: XMPP Over BOSH

CSC 6575: Internet Security Fall 2017

TDC 375 Network Protocols TDC 563 P&T for Data Networks

Improved Detection of Low-Profile Probes and Denial-of-Service Attacks*

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

CS 356 Operating System Security. Fall 2013

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Control Plane Security Overview

Diameter Overload Control Application (DOCA) draft-korhonen-dime-ovl-00 Jouni Korhonen DIME WG IETF #85

Shim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Grid Security Policy

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

INFORMATION ASSURANCE DIRECTORATE

COSC 301 Network Management

Implementing Cisco Network Security (IINS) 3.0

MILE Implementation Report. Chris Inacio, Carnegie Mellon University Daisuke Miyamoto, The University of Tokyo

INFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY

Multi-homing Considerations for DOTS Prague, July 2017

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

Schedule Identity Services

Security Principles for Stratos. Part no. 667/UE/31701/004

Top-Down Network Design

IETF86-KARP. Key Management and Adjacency Management for KARP-based Routing Systems

Firewalls (IDS and IPS) MIS 5214 Week 6

Architectural Approaches to Multi-Homing for IPv6

Network Services Internet VPN

Trust Services Principles and Criteria

Denial of Service, Traceback and Anonymity

VNC SDK security whitepaper

Introduction to Computer Security

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Lecture 12 Page 1. Lecture 12 Page 3

CSC Network Security

Transport Level Security

LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Basic Profile 1.0. Promoting Web Services Interoperability Across Platforms, Applications and Programming Languages

P2PSIP, ICE, and RTCWeb

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

WebRTC: IETF Standards Update September Colin Perkins

Appendix 12 Risk Assessment Plan

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

TEL2813/IS2820 Security Management

Vol. 1 Technical RFP No. QTA0015THA

INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE

Enhanced Feasible-Path Unicast Reverse Path Filtering draft-sriram-opsec-urpf-improvements-01

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003

Activating Intrusion Prevention Service

Transcription:

RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 29 March 2005 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions, and recommendations are those of the author and are not necessarily endorsed by the United States Government." RID-INCH-1

RID Updates Purpose RID and INCH Generalizing RID draft Communication flow for all IODEF documents Transport in a separate document Message Format for RID Updates to the RID Extensions to IODEF Model Communication Mechanism for RID Documents RIDPolicy Comments RID-INCH-2

Real-time Inter-network Defense (RID) Facilitate Communication of IODEF documents between Network Providers (NPs) and CSIRTs * Report incidents to NPs or CSIRTs Trace Security Incidents to the Source Stop or Mitigate the Effects of an Attack or Security Incident Integrate with existing and future network components Intrusion Detection Systems Systems to trace traffic across a network Network devices such as routers and firewalls Provide secure means to communicate IODEF documents Consortiums agree upon use and abuse guidelines Consortiums provide Public Key Infrastructure to support encryption and digital signing requirements RID-INCH-3

Generalization of RID for IODEF RID is used to communicate security incident handling information between CSIRTs or Network Providers (NPs) RID initially intended for: Reporting and tracing security incident information to a RID system close to the attack source Integration with traceback systems For the case where traffic may have been spoofed Method to stop attack traffic close to the source The generalization of RID will specify Communication flow of all IODEF documents This involves adding one more message type for the reporting of a security incident for statistics with no further actions to be taken Report message type added to RIDPolicy Major document updates are text changes and the ability to send an incident report with no required action Are there any other cases that are not yet covered? RID-INCH-4

RID Envelope for IODEF All IODEF documents are enveloped in RID Facilitates communication of IODEF documents and sets purpose Reporting Investigation where source is known Trace request The transport protocol will be defined in a separate document SOAP and HTTPS RID-INCH-5

Communicating RID Messages RID serves as the message wrapper for all IODEF documents RID defines the communication flow of all IODEF documents using the defined RID message types Message Types Trace Request Requires integration with traceback systems to identify upstream source Trace Authorization Traceback approval status in upstream provider s network Result *Previously known as Source Found *Actions will be expanded in Data Model to support necessary options Investigation *Previously Relay Request Incident Investigation for attack mitigation with a known source *Report Statistics no action necessary RID Systems Must Track the Requests by * Incident Number and Instance ID The incident@id will be moved to RIDPolicy from the data model Packet Contents Completion Status RID-INCH-6

Report Message Report Message IODEF report In RID wrapper RID System/ Report is sent to CSIRT or NP Incident DB No action is necessary for this message type Used for statistics and generating trending information Transport will use TCP (HTTPS), so there is no response necessary RID-INCH-7

Investigation Message Investigation IODEF report In RID wrapper Result RID System Investigation message is sent to CSIRT or NP An Investigation is requested where the source is known Purpose is to mitigate or stop the attack traffic A response via the Result message is required Details the action(s) taken RID-INCH-8

Trace Request Message Trace Request RID System Trace Trace Authorization Trace Request IODEF report In RID wrapper Result Trace Auth Trace Trace Request is sent to CSIRT or NP RID System A traceback investigation is requested to locate the source All upstream trace requests must decide if trace will be authorized Purpose is to mitigate or stop the attack traffic A response via the Result message is required RID-INCH-9 Details the action(s) taken

Transport in a New Draft Draft will define the transport protocol for all IODEF documents RID will define the message communication flow and the transport document will discuss SOAP and HTTPS for transport XML Security Policy negotiated in RID message and not wrapper Provide integrity, authentication, authorization XML digital signature, encryption, and public key infrastructure Encryption of RID for privacy and security reasons should be via XML encryption and not through the security provided by a wrapper or higher level protocol SOAP Messaging Wrapper Method to transport messages HTTPS will be the mandatory protocol for implementation Not necessarily the most efficient transport for the IODEF messages, but was agreed upon by WG for ease of initial implementation Other protocols may be added for optional support RID-INCH-10

RID Policy RID Policy Ensures policy information is transferred between participating RID peers Policy information in RID to prevent policy related issues from relying on the transport mechanism for enforcement Message type is specified in the RIDPolicy class *Adding one for reporting/statistics RIDPolicy Information Extension to define the type of trace IODEF Method and Impact class information should be considered for the type of traffic requested for trace and the success of an attack Explicit statement for the type of trace requested in case it does not fit into the category of attack traffic and can be linked to a CVE or other identifier Identifies where the traffic may have policy issues Client to NP NP to client Within a consortium Between peers Between consortiums Across national boundaries Purpose is to try to prevent abuse of the system Address security, confidentiality, and privacy concerns listed in the draft New extension created to address issues raised at IETF-59 Any comments on RIDPolicy? RID-INCH-11

Summary Updates from the previous version Working on the generalization of RID to support transport of all IODEF documents Many text updates are in progress Update to the RIDPolicy class to change and add message types DTD will be removed in the next revision Pending on release of IODEF data model Need to ensure documents flow Need to update the text sections of document to eliminate DTD references Near Future Updates will include Separate document for SOAP wrapper and transport Any suggested revisions or clarifications http://www.ietf.org/internet-drafts/draft-ietf-inch-rid-01.txt RID-INCH-12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback