Name: draft-ietf-inch-rid-01
Title: Incident Handling: Real-Time Inter-Network Defense
State: Active
Authors: Kathleen Moriarty
Group: Extended Incident Handling (inch)
Date: 2004-10-25
Network security incidents such as Denial of Service (DoS), system
compromises, worms, and viruses typically result in the loss of service,
data, and resources both human and system. Security incidents can be
detrimental to the health of the network as a whole. Network Providers (NP)
need to be equipped and ready to assist in tracing security incidents with
tools and procedures in place before the occurrence of an attack. This
paper proposes a proactive inter-network communication method to integrate
existing tracing mechanisms across NP boundaries to identify the source(s)
of an attack. The various methods implemented to detect and trace attacks
must be coordinated on the NPs network as well as provide a communication
mechanism across network borders. It is imperative that NPs have quick
communication methods defined to enable neighboring NPs to assist in
tracking a security incident across the Internet. This proposal integrates
current incident detection and tracing practices for network traffic, which
could be extended for security incident handling. Policy guidelines for
handling incidents are recommended and can be agreed upon by a consortium
using the defined protocol and extended to each NP's clients.
[sh-index] Back to list of manuals
|
| |
