Search This Blog

Sunday, October 14, 2007

IODEF Specification Approved by the IESG as a Proposed Standard

The IESG has announced the approval of "The Incident Object Description
Exchange Format" specification as an IETF Proposed Standard. This
document has been produced by members of the IETF Extended Incident
Handling Working Group. There was consensus in the WG to publish this
document, though Working Group has now closed. There are seven
implementations of the IODEF that provided useful feedback on the
completeness and quality of the specification. These implementations
come from CERT-Verbund (SIRIOS), Cooper-Cain Inc.* (Anti-Phishing WG),
Cyber Solutions Inc.*, DFLabs*, eCSIRT.net, MIT Lincoln Labs*, and NTT*.
Furthermore, a subset of these organizations [noted by an asterisk]
participated in a semantics interoperability event that also yielded
additional feedback on the data model. The Incident Object Description
Exchange Format (IODEF) defines a data representation that provides a
framework for sharing information commonly exchanged by Computer
Security Incident Response Teams (CSIRTs) about computer security
incidents. The I-D document describes the information model for the
IODEF and provides an associated data model specified with XML Schema.
Organizations require help from other parties to mitigate malicious
activity targeting their network and to gain insight into potential
threats. This coordination might entail working with an ISP to filter
attack traffic, contacting a remote site to take down a bot-network,
or sharing watch-lists of known malicious IP addresses in a consortium.
IODEF provides an XML representation for conveying incident information
across administrative domains between parties that have an operational
responsibility of remediation or a watch-and-warning over a defined
constituency. The data model encodes information about hosts, networks,
and the services running on these systems; attack methodology and
associated forensic evidence; impact of the activity; and limited
approaches for documenting workflow. The IODEF is only one of several
security relevant data representations being standardized. Attempts
were made to ensure they were complimentary. The data model of the
Intrusion Detection Message Exchange Format influenced the design of
the IODEF... Implementing the IODEF in XML provides numerous advantages.
Its extensibility makes it ideal for specifying a data encoding
framework that supports various character encodings. Likewise, the
abundance of related technologies (e.g., XSL, XPath, XML-Signature)
makes for simplified manipulation. More Information See also the specification: Click Here

No comments: