Forensic and Vulnerability Exchange Platforms

From ITUwiki

This is a placeholder for Forensic and Vulnerability Exchange PLATFORMS and subject to continuing evolution. The next page treats FRAMEWORKS.

[edit] Infrastructure Protection Platforms

This type of platform is primarily focussed on forensics relating to generic network incidents or potential vulnerabilities to networks and services.

Open Infrastructure Protection Platforms

• IODEF Infrastructure Protection Platforms
  • Incident Object Description and Exchange Format (IODEF). The Incident Object Description and Exchange Format (IODEF) is a format for Computer Security Incident Response Teams (CSIRTs) to exchange operational and statistical incident information among themselves, their constituency, and their collaborators. It can also provide the basis for the development of interoperable tools and procedures for incident reporting.
  • Common Data Forum extensions. Anti-Phishing Working Group (APWG)
    • Presentation

• MITRE Infrastructure Protection Platforms
  • Common Platform Enumeration (CPE). Provides a structured identifier mechanism for information technology systems, platforms, and packages.
  • Common Configuration Enumeration (CCE). Provides a structured identifier mechanism for system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. For example, CCE Identifiers can be used to associate checks in configuration assessment tools with statements in configuration best-practice documents.
  • Open Vulnerability and Assessment Language (OVAL). Provides a structured means for capturing and exchanging system information, expressing specific machine states, and reporting the results of an assessment
  • Common Event Expression (CEE). Provides a structured means for capturing and exchanging computer events. By using CEE’s common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results than was possible prior to CEE.
  • Common Result Format (CRF). Provides a structured means for capturing and exchanging “asset assessment results” among systems to increase tool interoperability and allow for the aggregation of those results across large enterprises that utilize diverse technologies to detect patch levels, policy compliance, vulnerability, asset inventory, and other tasks. CRF leverages existing standardization efforts for common names and naming schemes to report the findings for assets.
  • Common Weakness Enumeration (CWE). Provides structured a means for capturing and exchanging a unified, measurable set of software weaknesses that enables effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as the understanding and management of software weaknesses related to architecture and design.
  • Common Vulnerabilities and Exposures (CVE). Provides a structured means for capturing and exchanging a dictionary of publicly known information security vulnerabilities and exposures. CVE's common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
  • Common Attack Pattern Enumeration and Classification (CAPEC). Provides a structured means for capturing and exchanging attack patterns along with a comprehensive schema and classification taxonomy. This capability provides for identifying, collecting, refining, and sharing attack patterns among relevant communities.

• FIRST nfrastructure Protection Platforms
  • Common Vulnerability Scoring System (CVSS). provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores. See also National Vulnerability Database.

• ITU-T SG17 Infrastructure Protection Platforms
  • The Q.4/17 Rapporteur Group and its Correspondence Group for the Trusted Exchange of Network Forensics, are reviewing the existing standards described above. This review also includes a possible new ITU-T Rec. X.dexf, Digital Evidence Exchange File Format described in ITU-T SG 17 Doc. C-67.

Proprietary Infrastructure Protection Platforms

• Microsoft Security Response Center Security Bulletin Severity Rating System

• Vulnerability Notes Database Field Descriptions

• SANS @Risk: The Consensus Security Alert

• NarusInsight™ Traffic Intelligence Platform

[edit] Law Enforcement and Public Policy Support Platforms

This material is focussed on forensics PLATFORMS for trusted exchange of the network incidents of a specific target and the related capabilities arising from government mandates, and includes lawful interception, retained data, location, and network neutrality.

• ETSI LI/RDH Law Enforcement and Public Policy Support Platforms

• 3GPP LI Law Enforcement and Public Policy Support Platforms

• 3GPP Location Law Enforcement and Public Policy Support Platforms

• CableLabs LI Law Enforcement and Public Policy Support Platforms

• IETF LI Law Enforcement and Public Policy Support Platforms

[edit] Network Management Platforms

This type of platform is primarily focussed on forensics relating to generic network incidents or capabilities necessary to manage the use of networks and services, including settlements and billing.

• IETF Network Management Platforms

• ITU-T Network Management Platforms