Upload
aroldo-ferraz
View
222
Download
0
Embed Size (px)
Citation preview
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
1/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Ian BryantIan Bryant
Head, NISCC Capability Development Group
& Co-Chair, TF-CSIRT VEDEF WG
Vulnerability and Exploit
Description and Exchange Format(VEDEF)
IETF INCH WG Interim Meeting
13thJune 2004, Budapest HG
NISCC
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
2/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Vulnerability & Exploit DEF
The Current Situation
Activities by TF-CSIRT WG
Proposed Way Ahead
Questions ?
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
3/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
The Current Situation
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
4/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Description & Exchange Formats(DEFs)
IDDEF : Intrusion DetectionDEF Covered by IETF IDWG
(IDMEF)
IODEF: Incident Object DEF
Being actively progressed byIETF INCH
PTDEF: PenetrationTesting DEF Initial work being done by
Military OVAL
VEDEF: Vulnerability andExploit DEF Multiple initiatives Needs concerted
development
Area of Information Security most ripe for standardisation isinformation sharing formats, ideally based on XML
Current thinking suggests that 4 Description & ExchangeFormats (DEFs) are required:
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
5/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Vulnerability and Exploit DEF
The de factostandard for storage of Vulnerabilityinformation isMitre's Common Vulnerabilities and Exposures (C
Mitres OVAL (Open Vulnerability AssessmentLanguage) format aimed (approximately) atPTDEF
A Vulnerability and Exploit DEF (VEDEF) forCSIRT community is therefore needed
There are 5 existing initiatives in this area Varying degrees of activity in their development Being proposed by differing regions / communities No real efforts towards their deconfliction
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
6/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Current Initiatives
No progress since 1stmeeting June 2003
Classification Scheme for WebSecurity Vulnerabilities
Last updated during April2003
Application Vulnerability DescriptionLanguage (AVDL)
OASIS
Last updated duringJanuary 2003
Advisory and Notification MarkupLanguage (ANML)
OpenSec
Last updated duringFebruary 2004Common Advisory InterchangeFormat (CAIF)RUSCERT*
FP5 funding expiredJanuary 2004
Common Format for VulnerabilityAdvisories
EISPP*
StatusInitiativeOrganisation
* Previous TF-CSIRT involvement
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
7/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Basic Information Requirement
Description of the platform(s) affected
Description of the nature of the problem
Description of the likely impact if theVulnerability and/or Exploit were,accidentally or maliciously, triggered
Available means of remediation
Disclosure restrictions
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
8/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Outline Deliverables
Series of Documents establishing consolidatedBest Practice for Vulnerability and/or Exploitdescription
Functional requirements of data format for collaborationbetween Vendors, CSIRTs, and end users
Specification of the extensible, data language todescribes the data formats to satisfy the requirements
Guidelines for implementing the WG data format, with a
set of sample Vulnerability and/or Exploit reports andtheir associate representation in the data language
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
9/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Activities by TF-CSIRT WG
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
10/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
TF-CSIRT
European Task Force (TF) on Computer SecurityIncident Response Teams (CSIRT)
Created, and supported, by TERENA (Trans-European
Research and Education Network Association http://www.terena.nl)
Membership heavily involved in generation of IncidentObject Description and Exchange Format (IODEF)
Led to RFC3067
Working Group established to pursue VEDEF, co-chaired between NISCC and Cisco
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
11/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
TF-CSIRT VEDEF WG Status
Charter published
Review of external activities completed
EISPP
CMSI(I)
CAIF
IETF
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
12/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Options with EISPP
Initial effort supported by EU
FP5 funding
Expired January 2004Many of those involved with EISPP are
also TF-CSIRT members
Version 2.0 of the XML Common Formatfor Vulnerability Advisories now published
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
13/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Options with CMSI (I)
Common Model of System Information Produced by a group of TF-CSIRT members
Produces Machine Readable data
Proposes central repository of XML datastructure
Proposes Vendors should maintain their own
proprietary part of the model Has been used in EISPP v2.0
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
14/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Relationship to CAIF
Briefed to TF-CSIRT by RUS-CERT(University of Stuttgart) in 2002
Largely dormant since
Became active again in February 2004
Updated version scheduled to bepresented at FIRST Annual Conference inJune 2004
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
15/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Options with IETF
Initial discussions held with Security AreaDirectors
Informal guidance is that IETF would notwish to charter new Working Group
Probable way ahead would be to useExtended Incident Handling (INCH)
Would require change to Charter
INCH WG Interim Meeting at FIRST
Annual Conference
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
16/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Proposed Way Ahead
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
17/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Baseline for VEDEF Development
Select underlying Vulnerability Format tobe developed
Needs to be evolved with : CMSI(I) to formalise the System / Proprietary
Information Additional consideration of how to cover
other (generic) Exploits types (e.g. Web
Applications) Ensure that (as far as practicable)
nomenclature etc. is aligned with IODEF /RFC3067
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
18/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
VEDEF Next Steps
FIRST Annual Conference
INCH WG Ad Hoc Meeting
(Sunday 13thJune)
Presentation on CAIF(Tuesday 15thJune)
Proposed Birds of Feather (BOF) on VEDEF
(Tuesday 15thJune)
Activate TF-CSIRT Working Group to draft 1st
document (Requirements)
Agree Requirements document at SeptemberTF-CSIRT Meeting (Valetta MT)
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
19/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Summary - VEDEF WG Project Plan
Presentations to IETF INCH and FIRSTJun-04
Submit implementation guidelines I-D to IESG as InformationalJul-05
Initial I-D of the implementation guidelinesJun-05
Initial Draft for TF-CSIRT of the implementation guidelines and examples documentMay-05
Submit data language specification I-D to IESG as StandardMar-05
Initial I-D of the data language specificationFeb-05
Initial Draft for TF-CSIRT of the data language specificationJan-05
Submit requirements I-D to IESG as InformationalNov-04
Initial Internet-Draft (I-D) of the requirements specificationOct-04
Initial Draft for TF-CSIRT of the requirements specificationSep-04
Agreement of "Best of Breed" candidates for developmentMay-04
ActivityMilestone
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
20/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Questions?
8/12/2019 Modelos Para Report de Incidentes de SI-Pentest e Outros
21/21
IETF INCH WG : 13 Jun 2004 VEDEF (for TF-CSIRT)
NISCC
Ian BryantHead of Capability Development
NISCC
PO Box 832, London, SW1P 1BG, England
Telephone: +44-20-7821-1330 x 4565; Secretary +44-20-7821-1330 x 4561;Direct
Facsimile : +44-20-7821-1686
Internet
[email protected]://www.niscc.gov.uk
Contact Details