Security Basics mailing list archives
(New?) Network Security Model/Terminology
From: John Richard Moser <nigelenki () comcast net>
Date: Thu, 16 Dec 2004 22:40:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [I am not yet subscribed, but am pending a confirmation message; please CC me results] I've been working on a response[1] to the NSA paper, "The Case for Using Layered Defenses to Stop Worms,"[2] in which I detail what Open Source Software is available to implement an example Defense-in-Depth matrix based on said paper. In the course of doing this, I have had to divide up the logical network topology to create a basic concept to guide the implementation. [1] http://woct.sourceforge.net/defmatrix/defmatrix.html [2] http://woct.sourceforge.net/xoops/modules/mylinks/singlelink.php?cid=2&lid=1 I am wondering about the model I have designed, and about two pieces of terminology I have created. I need to know if the model already exists and has a name; and I need to know about the terminology "Malstream" and "Purestream," which I created to help differentiate between legitimate and illegitimate traffic. If these concepts already exist under other names, I would like to have those names and references to detail these concepts, so that my paper may better conform to existing terminology when it is completed. The model is a Three-Tier Security Model[3], and is detailed inline in the paper. A visual depiction of the model[4] is also available. [3] http://woct.sourceforge.net/defmatrix/defmatrix.html#ttiersm [4] http://woct.sourceforge.net/defmatrix/3tier.png The illustration uses the terms "Malstream" and "Purestream" to illustrate the effects of the 3-Tier model. "Malstream" is network data associated with attacks, port scans, malware (such as attached e-mail worms or specially corrupted jpeg images), Worm Control Protocols, spoofed packets, etc. "Purestream" is the pure, legitimate traffic destined for Web servers or for hosts which have requested and established an external connection. Ideally, all "Malstream" should be filtered out, and all "Purestream" should be delivered. If the concepts attached to my terminology do not already exist, then I would like to take credit for the design of the 3-Tier model and the creation of the "Malstream" and "Purestream" terms; however, I cannot imagine that as a hobbyist without yet formal security training that I could create new concepts in the security field. - --John - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBwlUdhDd4aOud5P8RAkLOAJ4piGgmdkosidFMMr7q70ISxK8m+wCdHwtm G+xil44EhrWIZGXho2+DoZA= =gPQw -----END PGP SIGNATURE-----
Current thread:
- (New?) Network Security Model/Terminology John Richard Moser (Dec 17)
- Hidden windows ports, files and services. Mark Reis (Dec 20)
- Re: Hidden windows ports, files and services. Egemen Tas (Dec 20)
- Re: Hidden windows ports, files and services. Michael Cecil (Dec 20)
- Re: Hidden windows ports, files and services. Charles Otstot (Dec 20)
- Hidden windows ports, files and services. Mark Reis (Dec 20)