??ࡱ?>?? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????8"?(`??`  ? ?~??jhttp://www.terena.nl/task-forces/tf-csirt/i-taxonomy/??/? 0????DTimes New Romand>?0??v? 00?(? 0?DSymbolew Romand>?0??v? 00?(? 0  ?DMonotype Sortsd>?0??v? 00?(? 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? j?b??t> *&3?)2    S ?~??????????1???????????0? ??????n?@???????8???????g??49d9dv? 0$?????????p?pp?0 ? <?4BdBdP??? 0???u?ʚ;2N??ʚ;<?4!d!dP?{? 0?___PPT9? /? 0?z????-?VJan. 18, 2001. TF-CSIRT Seminar, Barcelona. ?`Incident object Description and Exchange Format O? ?=?????0Incident Object Description and Exchange Format ?$10/+??-TF-CSIRT Seminar January 18, 2001 Barcelona ? .-?B5??Agenda?  ???TF-CSIRT Intrusion Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IODEF Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer??f<%9#%#<*<%9#%" ?&Z ?J;??ITDWG work process?  ???ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-& -00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome!??Z7ZZaZZdZZ7ad"""?@ 5?} ??!0?O?M>?? IODEF/ITDWG vs IDWG - Relations ?&    ???IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ?hf&!f&! ?? ?G:??IDWG Scope and IDEF Documents?"? ???Currently on the IETF IDWG std process IDEF Requirements draft-& -04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) IDMEF is for Intrusion Detection Systems Main actors - IDS Root element  Alert Short life history Data collected automatically Design Team and Pilot implementations of XML and MIBII based IDEF??'u)'B'u)'  B?B ?L<??IODEF purposes?  ??jA uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs  not IDS?PAM'AM'? ? ?K=??!IODEF XML DTD vs IODEF XML Schema?&  ??H Discussion and call for contribution Needs expertise in XML DTD/Schema ?>&"&"?H /?? P?????T? `? ????????f??????`? ???3?????????????`? ???___?????????????>???" dd=??????????????" dd?=?????????????uA?4? d?O?" ?i ?n???" dd??????????   @@``P?P   4 O i`? p?@??@    ? ?)? ?( ? ??p ? ? ?H??????d???? ?'W??? ? ? ?Z?ps??a????a?????????? ??x8???? ? ?T?? Click to edit Master title style?!? !?: ? ? ?T? v??a????a????????? ??Sg??? ? ???RClick to edit Master text styles Second Level Third Level Fourth Level Fifth Level?!    ? S?  ?  ?`?????a????a??????????? ?? ????? ? ?b???*? ???=44OOii?  ?   ?`?????a????a??????????? ?? `???  ? ?b??*? ???=44OOii?& ?!  ?`?않?a????a??????????? ??!????? ? ?~??Slide2_*?(  ???=44OOii?Z?F ?1?lY ?$ ??~???~ ?" ? ?N?????????2?????1?l$?~ ?# ? ?N?????????2?????1IlY??F ??? ?) ???c?8 ?% s ?B?C{DE?8F?@??????????????????@????????F??h??=?Zhz?zFz?\F3? @???????????????????0 ?& s ?B?C?DE?4F?<??????????????????@????? ????i??<?????<??#i?????@???????????????g?5?0 ?' s ?B-C?DE?4F?<??????????????????@????? ??o?????*l??,J??????Jz?o@???????????????Arn*? ?( ? ??BKCoDE?4F?<?????????? ??(%+(J27JQ+E%nEQ7@???????????????????H ? ? ?0??@??޽h??? ?? ??????????f?????? ?International?? ? ??@?% ?E?( ??4p? ~?p? ? ?^ ? ? ?6??????? ?@_??p ? ? ?H??????d???? ??_??? ? ? ?Z?l???a????a?????????? ???????? ? ?T?? Click to edit Master title style?!? !?? ? ? ?Z?????a????a?????????? ??HZjG ?? ? ?W??#Click to edit Master subtitle style?$? $? ?  ?`?$@?a????a??????????? ???????? ? ?\??*????=44OOii? ?  ?`?? @?a????a??????????? ???S ???  @ ?^??*????=44OOii? ?  ?`?\@?a????a??????????? ???????? @ ?n??Slide 2_*?  ???=44OOii?H ? ? ?0??@??޽h??? ?? ??????????f??????????0 ??`??*?( ? ?? ? ? ?T?pX@?jJ??jJ??????? ???? ,G??  @ ?h??*? ?? ? ??? ? ? ?T??Y@?jJ??jJ??????? ????l ?G?? @ ?j??*? ?? ? ???p ? ? ?0?????1? ????? ?? @?: ? ? ?T?Xk@??g?ֳ??g?ֳ?????? ??? LL??? @ ???RClick to edit Master text styles Second level Third level Fourth level Fifth level?!    ? S?  ? ? ?Z?v@?jJ??jJ???????? ?? ,l??  @ ?h??*? ?? ? ???  ? ? ?Z?hv@?jJ??jJ???????? ??l ?l?? @ ?j??*? ?? ? ???H ? ? ?0??b?f?@???? ?? ??????̙33????????? ?????0?( ? ??H ? ? ?0???b?f?@??? ?? ??????̙33??????????? 0?(0????( ? ??? ? # ?l??@?g????g????????????? ? ??x??? @ ? ??? ? # ?l??@?g????g????????????? ? ?H????? @ ? ??H ? ? ?0???@??޽h?? ?? ??????????f????????? ? ??p???0?( ? ???x ?? c ?$?????x8????  ? ? ??x ?? c ?$?@?????Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??? ???$?( ? ???r ?? S ??ӊ???x8????  ? ? ??r ?? S ???ӊ???Sg??? ? ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???n,???x8????  ? ? ??r ?? S ???8,???Sg??? , ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???,???x8????  , ? ??r ?? S ??@,???Sg??? , ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ??????0?( ? ???x ?? c ?$?(?@????x8????  @ ? ??x ?? c ?$??@????Sg??? @ ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ??d,???x8????  , ? ??r ?? S ????@???Sg??? , ? ??H ?? ? ?0???@??޽h?? ?? ??????????f?????????0 ???P????( ????? ???X ?? C ??????? ??  @?? ?? C ?? ?@???? LL???  @ ?"?? ?H ?? ? ?0???b?f?@??? ?? ??????̙33???????rH`?9?@@"?2cA ?OB?CG?IJ@?E?M?K?G?5? ]QMt?"?(`??` mat AgendaITDWG work process&IODEF/ITDWG and IDEF/IDWG Relations IDWG Scope and IDEF DocumentsIODEF purposes"IODEF XML DTD vs IODEF XML Schema  Fonts UsedDesign Template Slide Titles? 8@ _PID_HLINKS?A?6http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/?????&_???????Yuri DemchenkoYuri DemchenkoTNPP   ?? ????-?-- !???-????-??-????--- !?T?F--?-&????u??&????-?-????- $u?u?~~????-??"?(`??`  ? ?~??jhttp://www.terena.nl/task-forces/tf-csirt/i-taxonomy/??/? 0????DTimes New Roman?[?|?d?v? 0|?(? 0?DSymbolew Roman?[?|?d?v? 0|?(? 0  ?DMonotype Sorts?[?|?d?v? 0|?(? 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? j?b??t> *&3?)2    S ?~??????????1???????????0? ??????n?@???????8???????g??49d9dv? 0p?????????p?pp?0 ? <?4BdBd???? 0,??u?ʚ;2N??ʚ;<?4!d!d??{? 0??<?4dddd??{? 0???F?>?___PPT9? /? 0?z????-?VJan. 18, 2001. TF-CSIRT Seminar, Barcelona. ?`Incident object Description and Exchange Format O? ?=?m???0Incident Object Description and Exchange Format ?$10/+??-TF-CSIRT Seminar January 18, 2001 Barcelona ? .-?B5??Agenda?  ???TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IODEF Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer??e<%9#%#;*<%9#%" ?( Z ?J;??ITDWG work process?  ???ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-& -00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome!??Z7ZZaZZdZZ7ad"""?.5?} ??!0?O?M>??%IODEF/ITDWG and IDEF/IDWG Relations ? & ???IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ?hf&!f&! ?? ?G:??IDWG Scope and IDEF Documents?"? ???IDEF is for Intrusion Detection Systems Main actors - IDS Root element  Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-& -04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF??(''uB(''u  B?B ?L<??IODEF purposes?  ??jA uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs  not IDS?PAM'AM'? ? ?K=??!IODEF XML DTD vs IODEF XML Schema?(  ??G Discussion and call for contribution Need expertise in XML DTD/Schema ?>&!&!?G /?? P??????? ? ???????$?( ? ???r ?? S ???vX???x8????  X ? ??r ?? S ???yX???Sg??? X ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????r|K??=? ?{ ?Mt?&"?(`??`  ? ?~??jhttp://www.terena.nl/task-forces/tf-csirt/i-taxonomy/??/? 0????DTimes New Roman?[?|?d?v? 0|?(? 0?DSymbolew Roman?[?|?d?v? 0|?(? 0  ?DMonotype Sorts?[?|?d?v? 0|?(? 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? j?b??t> *&3?)2    S ?~??????????1???????????0? ??????n?@???????8???????g??49d9dv? 0p?????????  !"#$%&'(D*????,-./0123456789:;<=>?@`????C????EFGHIJKLMNOPQRSTUVWX+????[\]^_)abcdefghijklmnopqrstuvwxyz{|}~????Root Entry??????????d?O?????)? ??$"??Z?Current User????????????8JSummaryInformation(???????? PowerPoint Document(?????DocumentSummaryInformation8????????????)????????????????????????????????????? ? ?~??jhttp://www.terena.nl/task-forces/tf-csirt/i-taxonomy/??/? 0????DTimes New Roman?[?|?d?v? 0|?(? 0?DSymbolew Roman?[?|?d?v? 0|?(? 0  ?DMonotype Sorts?[?|?d?v? 0|?(? 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? j?b??t> *&3?)2    S ?~??????????1???????????0? ??????n?@???????8???????g??49d9dv? 0p?????????p?pp?0 ? <?4BdBd???? 0,??u?ʚ;2N??ʚ;<?4!d!d??{? 0??<?4dddd??{? 0???F?>?___PPT9? /? 0?z????-?VJan. 18, 2001. TF-CSIRT Seminar, Barcelona. ?`Incident object Description and Exchange Format O? ?=?n???0Incident Object Description and Exchange Format ?$10/+??-TF-CSIRT Seminar January 18, 2001 Barcelona ? .-?B5??Agenda?  ???TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IODEF Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer??e<%9#%#;*<%9#%" ?( Z ?J;??ITDWG work process?  ???ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-& -00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome!??Z7ZZaZZdZZ7ad"""?.5?} ??!0?O?M>??%IODEF/ITDWG and IDEF/IDWG Relations ? & ???IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ?hf&!f&! ?? ?G:??IDWG Scope and IDEF Documents?"? ???IDEF is for Intrusion Detection Systems Main actors - IDS Root element  Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-& -04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF??(''uB(''u  B?B ?L<??IODEF purposes?  ??jA uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs  not IDS?PAM'AM'? ? ?K=??!IODEF XML DTD vs IODEF XML Schema?(  ??H Discussion and call for contribution Needs expertise in XML DTD/Schema ?>&"&"?H /?? P??????? ? ?? ???0?( ? ???x ?? c ?$??1P???x8????  P ? ??x ?? c ?$?T2P???Sg??? P ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ??\5X???x8????  X ? ??r ?? S ??PHX???Sg??? X ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ???aX???x8????  X ? ??r ?? S ?? bX???Sg??? X ? ??H ?? ? ?0???@??޽h?? ?? ??????????f????????? ? ???????$?( ? ???r ?? S ?? ]X???x8????  X ? ??r ?? S ??|X???Sg??? X ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????r(?QB?sG?yJ?uM?w?:? ?Q?{Mt  !"#$%&'(????*+,-./01234567????9???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oh??+'??0? px??? ? ( 4 @ LX`?? HTTP и CGI TP=D:\msoffice\Templates\Presentation Designs\International.potfYuri Demchenkop170Microsoft PowerPoint 7.0sen@?(?F?@??G?}Y?@`??X7?@p??$"??^Gx?????y  41&?????? &????&#????TNPP??2??OMi & TNPP? &????&TNPP   ?? ????-?-- !???-????-??-????--- !?T?F--?-&????u??&????-?-????- $u?u?~~????-? $~?~???????-? $???????>>?-? $????????-? $??????-?--&????&????--PM:--???r?w@P % U?wU?w0- ????@Times New Roman U?wU?w0-? .12 ?kIncident Object Description  -!* . .%2 ??and Exchange Format  '$0.--O Gl-- ????@Times New Roman U?wU?w0-? . 2 ?'TF. . 2 ?S-F . .2 ?^CSIRT Seminar     . .2 ?<January 18, 2001  . .2 ?p Barcelona .--??"System 0-?&TNPP &????????՜.??+,??D??՜.??+,?????????? ? ?? ????  (?A4 Paper (210x297 mm)n?<?  Times New RomanSymbolMonotype SortsInternational1Incident Object Description and Exchange Forp?pp?0 ? <?4BdBd???? 0,??u?ʚ;2N??ʚ;<?4!d!d??{? 0??<?4dddd??{? 0???F?>?___PPT9? /? 0?z????-?VJan. 18, 2001. TF-CSIRT Seminar, Barcelona. ?`Incident object Description and Exchange Format O? ?=?}???0Incident Object Description and Exchange Format ?$10/+??-TF-CSIRT Seminar January 18, 2001 Barcelona ? .-?B5??Agenda?  ???TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IODEF related Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer??e<-9#%#;*<-9#%" ?(Z ?J;??ITDWG work process?  ???ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-& -00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome!??Z7ZZaZZdZZ7ad"""?.5?} ??!0?O?M>??%IODEF/ITDWG and IDEF/IDWG Relations ? & ???IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ?hf&!f&! ?? ?G:??IDWG Scope and IDEF Documents?"? ???IDEF is for Intrusion Detection Systems Main actors - IDS Root element  Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-& -04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF??(''uB(''u  B?B ?L<??IODEF purposes?  ??jA uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs  not IDS?PAM'AM'? ? ?K=??!IODEF XML DTD vs IODEF XML Schema?(  ??G Discussion and call for contribution Need expertise in XML DTD/Schema ?>&!&!?G /?? P??????? ? ?? ???0?( ? ???x ?? c ?$??1P???x8????  P ? ??x ?? c ?$?T2P???Sg??? P ? ??H ?? ? ?0???@??޽h?? ?? ??????????f??????rF?Bt??5? "?l?Mt?4"?(`??`  ? ?~??jhttp://www.terena.nl/task-forces/tf-csirt/i-taxonomy/??/? 0????DTimes New Roman?B?|?d?v? 0|?(? 0?DSymbolew Roman?B?|?d?v? 0|?(? 0  ?DMonotype Sorts?B?|?d?v? 0|?(? 0??f???? ? .??@  @@``???  @?n???" dd@?????????  @@``?? j?b??t> *& 3?)2   S ?~??????????1???????????0? ??????n?@???????8???????g??49d9dv? 0p?????????p?pp?0 ? <?4BdBd???? 0,??u?ʚ;2N??ʚ;<?4!d!d??{? 0??<?4dddd??{? 0???F?>?___PPT9? /? 0?z????-?VJan. 18, 2001. TF-CSIRT Seminar, Barcelona. ?`Incident object Description and Exchange Format O? ?=?????0Incident Object Description and Exchange Format ?$10/+??-TF-CSIRT Seminar January 18, 2001 Barcelona ? .-?B5??Agenda? ???TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IODEF related Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer??e<-9#%#;*<-9#%" ?(Z ?J;??ITDWG work process? ???ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-& -00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome!??Z7ZZaZZdZZ7ad"""?05?} ??!0?O?M>??%IODEF/ITDWG and IDEF/IDWG Relations ?& ???IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document  to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ?hf&!f&! ?? ?G:??IDWG Scope and IDEF Documents?"? ???IDEF is for Intrusion Detection Systems Main actors - IDS Root element  Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-& -04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF??(''uB(''u  B?B ?L<??IODEF purposes? ??jA uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs  not IDS?PAM'AM'?? ?K=??!IODEF XML DTD vs IODEF XML Schema?(  ??G Discussion and call for contribution Need expertise in XML DTD/Schema ?>&!&!?G /?? P????r???5? ????Mt????C????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Root Entry??????????d?O?????)????9??Z@Current User????????????8/SummaryInformation(???????? PowerPoint Document(?????  !"#$%&'(D?????,-./0123456789:;<=>?@`????????????EFGHIJKLMNOPQRSTUVWX+????[\]^_)abcdefghijklmnopqrstuvwxyz{|}~????  !"#$%&'(????*+,-./01234567?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????_??????.demchdemchuri DemchenkoTNPP   ?? ????-?-- !???-????-??-????--- !?T?F--?-&????u??&????-?-????- $u?u?~~????-?