an architecture for tracing incidents across the internet
play

An Architecture for Tracing Incidents across the Internet Glenn - PowerPoint PPT Presentation

An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions Inc. Inch-wg, IETF-61 November, 2004 The two-tier Architecture Query Intra-domain Incident Intra-domain Response Tracer Tracer Tracer Query


  1. An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions Inc. Inch-wg, IETF-61 November, 2004

  2. The two-tier Architecture Query Intra-domain Incident Intra-domain Response Tracer Tracer Tracer Query Intra-domain IRA IRA Response Tracer IRA: Incident Record Agent IRA

  3. The Intra-domain Architecture Incident Query/Response Intra-domain IRA Tracer Incident Record Base IRB IR

  4. Inter-Domain Incident Tracing Protocol � Specify the Incident Identifier (attributes) Unique Identification for incident � � Return matches from local database Common format for incident description � � Authenticated � Privacy, Integrity � Non Repudiation

  5. Incident Record Protocol Mapping: IncidentRecord Incident Identifier

  6. Requirements: Incident Record Protocol Incident Record Agent Recorder Incident Report Incident Report Transform Transform Tr (Incident Report) Incident Record Base Incident Record Base Additional data Additional Data

  7. The Intra-domain packet tracing Process : Incident Incident Incident Yes/No IT IR IRA Transform Transform Transform (sanitize) (generate Key) Tr (Incident Report) Incident Record Incident Record Base Base Additional data Additional Data

  8. draft-glenn-ippt-arch-01.txt

Recommend


More recommend