Re: Project Chroma: A color code for the state ofcyber security

[n3td3v <xploitable () gmail com>]

On Thu, Dec 4, 2008 at 3:03 PM, Chris Jeane <rysheve () gmail com> wrote:
> The Project Chroma Project website reads(I have highlighted the colors in
> black so that they are readable):
>
> Green level: There is negligible threat to online security.
> Ok this one is pretty simple.
>
> Yellow level : There is a minimal level of threat, and this must be
> monitored and contained.
> The SAN ISC says : "We are currently tracking a significant new threat. The
> impact is either unknown or expected to be minor to the infrastructure.
> However, local impact could be significant. Users are advised to take
> immediate specific action to contain the impact."
> You are giving an abbreviation version of something that already exists and
> is excepted.
>
> Orange level: This level of threat indicates there are parties who are
> actively engaging in cyber-warfare. Caution is required when online.
> Caution is always required when online. If you are in an area
> (country/province/region) that is affected by cyber attacks you will have
> limited/no access the internet. If only your company/person is being
> assaulted from cyberspace the attack would probably go unnoticed by this
> monitoring system. If the attackers were commiting a DDOS attack on several
> specific non-infastructure targets, you internet access my slow/go dark, but
> is that really a threat to you? or one you can protect agianst?
>
> Red level: This level indicates a full blown cyber-war. It indicates
> very high probability of all communications being intercepted.
> The use of the term 'full blown cyber-war' seems like a overarching scare
> tactic. We have yet to see what cyber-warfare looks like. Estonia was a one
> sided cyber ambush, not two entites engaging in war. The alerts should be
> more generic and accompanied by an acessment of the actual current
> situation. If something like 'Code Red' where to infect the internet agian
> this alert calling it cyber-war would be a misnomer.
>
> While homeland security's implementation does not seem to have a real
> world merit, such a threat level would certainly be very useful in the
> online security realm.
> Who is this useful to: Security processionals, end users, governmental
> agencies? How and why as similar systems already exist?
>
> Please disseminate this announcement of the
> project Chroma levels for online security. The immediate mission of
> the project is to be picked up by the antivirus and security tools
> vendors, so as to add the color codes to their products and provide
> users with a tangible measure of their online security.
> Yellow is not a tangible measure of their online security. If perhaps an
> Online Security/IPS package knew that a DDoS attack was coming for an
> address segment of the internet and it requested that I block traffic from
> those attackers until an all clear or Green
> status was given. That is tangible and actionable.
>
> Current status: Threat level Yellow.
> Your current is higher than SANS ISC. Do you know something they don't?

Symantec / Securityfocus is currently Yellow as well.

Maybe its SANS that are out of the loop afterall.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/