Firewall Wizards mailing list archives
Re: future of IDS
From: Vern Paxson <vern () ee lbl gov>
Date: Fri, 23 Oct 1998 15:08:09 PDT
First meeting likely to be at the Orlando IETF in December.Is this being done as part of the Common Intrusion Detection Framework project - http://seclab.cs.ucdavis.edu/cidf/.
There's certainly input from CIDF, though it's a separate effort.
I've seen some mention of an IETF working group on the mailing list but all has been quiet since the start of October.
The proposal was just announced, per the appended. You can send comments to iesg () ietf org.
I know that several of the more serious IDS vendors were interested in the CIDF work (including I believe NFR), have any of them expressed an interest in possible IETF work?
I don't know, I'm only on the periphery of the working group formation. Vern Date: Fri, 23 Oct 1998 08:04:27 -0400 From: Steve Coya <scoya () ns cnri reston va us> Subject: WG REVIEW: Intrusion Detection (idwg) To: IETF-Announce: ; Cc: new-work () ietf org A new IETF working group has been proposed in the Security Area. The IESG has not made any determination as yet. The following Description was submitted, and is provided for informational purposes: Description of Working Group: Security incidents are becoming more common and more serious, and intrusion detection systems are becoming of increasing commercial importance. Numerous intrusion detection systems are important in the market and different sites will select different vendors. Since incidents are often distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Thus it would be advantageous for diverse intrusion detection systems to be able to share data on attacks in progress. The purpose of the Intrusion Detection Working Group is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. The Intrusion Detection Working Group will coordinate its efforts with other IETF Working Groups. The outputs of this working group will be: 1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and requirements for communication between intrusion detection systems and with management systems, including the rationale for those requirements. Scenarios will be used to illustrate the requirements. 2. A common intrusion language specification, which describes data formats that satisfy the requirements. 3. A framework document, which identifies existing protocols best used for communication between intrusion detection systems, and describes how the devised data formats relate to them. Goals and Milestones: Apr 99 Submit Requirements document as an Internet-Draft Aug 99 Submit Framework and Language documents as Internet-Drafts Aug 99 Submit Requirements document to IESG for consideration as an RFC. Dec 99 Submit Framework and Language documents to IESG for consideration as RFCs.
Current thread:
- Re: future of IDS, (continued)
- Re: future of IDS Vern Paxson (Oct 19)
- Re: future of IDS Owen O'Connor (Oct 23)
- Re: future of IDS Vern Paxson (Oct 19)
- Re: future of IDS David Lang (Oct 23)
- Re: future of IDS Ken Hardy (Oct 27)
- Re: future of IDS David Lang (Oct 23)
- RE: future of IDS Doug Hughes (Oct 19)
- Re: future of IDS Darren Reed (Oct 23)
- Re: future of IDS Doug Hughes (Oct 23)
- Re: future of IDS Darren Reed (Oct 23)
- RE: future of IDS Brock, Todd (Oct 23)
- Re: future of IDS andrew . stewart (Oct 23)
- Re: future of IDS Vern Paxson (Oct 28)
- Re: future of IDS Ryan Russell (Oct 29)
- Re: future of IDS Ryan Russell (Oct 29)
- RE: future of IDS Peter Vanderborght (Oct 29)
- Re: future of IDS Vern Paxson (Oct 19)