Incident Handling: Real-time Inter-network Defense
draft-ietf-inch-rid-08

Document Type Expired Internet-Draft (individual)
Last updated 2006-08-21
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-inch-rid-08.txt

Abstract

Network security incidents, such as system compromises, worms, viruses, phishing incidents, and denial of service (DoS), typically result in the loss of service, data, and resources both human and system. Network Providers (NPs) need to be equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. This paper outlines a proactive inter-network communication method to facilitate sharing incident handling data and integrate existing tracing mechanisms across NP boundaries to identify the source(s) of an attack. The various methods implemented to detect and trace attacks must be coordinated on the NPs' network as well as provide a communication mechanism across network borders. It is imperative that NPs have quick communication methods defined to enable neighboring NPs to assist in reporting or tracking a security incident across networks. A complete solution integrating incident detection, source identification, reporting and communication capabilities, and methods to stop attack traffic is necessary to attain higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations.

Authors

Kathleen Moriarty (Moriarty@ll.mit.edu)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)