Real-time Inter-network Defense (RID)
RFC 6045
Document | Type |
RFC - Informational
(November 2010; Errata)
Obsoleted by RFC 6545
Was draft-moriarty-post-inch-rid (individual in sec area)
|
|
---|---|---|---|
Author | Kathleen Moriarty | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6045 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) K. Moriarty Request for Comments: 6045 EMC Category: Informational November 2010 ISSN: 2070-1721 Real-time Inter-network Defense (RID) Abstract Network security incidents, such as system compromises, worms, viruses, phishing incidents, and denial of service, typically result in the loss of service, data, and resources both human and system. Network providers and Computer Security Incident Response Teams need to be equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. Real-time Inter-network Defense (RID) outlines a proactive inter-network communication method to facilitate sharing incident handling data while integrating existing detection, tracing, source identification, and mitigation mechanisms for a complete incident handling solution. Combining these capabilities in a communication system provides a way to achieve higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations. RID has found use within the international research communities, but has not been widely adopted in other sectors. This publication provides the specification to those communities that have adopted it, and communities currently considering solutions for real-time inter- network defense. The specification may also accelerate development of solutions where different transports or message formats are required by leveraging the data elements and structures specified here. Moriarty Informational [Page 1] RFC 6045 RID November 2010 Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6045. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Moriarty Informational [Page 2] RFC 6045 RID November 2010 Table of Contents 1. Introduction ....................................................4 1.1. Normative and Informative ..................................6 1.2. Terminology ................................................6 1.3. Attack Types and RID Messaging .............................6 2. RID Integration with Network Provider Technologies ..............8 3. Characteristics of Attacks ......................................9 3.1. Integrating Trace Approaches ..............................11 3.2. Superset of Packet Information for Traces .................11 4. Communication between Network Providers ........................12 4.1. Inter-Network Provider RID Messaging ......................14 4.2. RID Network Topology ......................................16 4.3. Message Formats ...........................................17 4.3.1. RID Data Types .....................................17 4.3.1.1. Boolean ...................................17 4.3.2. RID Messages and Transport .........................18 4.3.3. IODEF-RID Schema ...................................19 4.3.3.1. RequestStatus Class .......................21 4.3.3.2. IncidentSource Class ......................23 4.3.3.3. RIDPolicy Class ...........................24 4.3.4. RID Namespace ......................................29Show full document text