Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DOE's Federated Model aims to identify security threats

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DOE's Federated Model aims to identify security threats
Date: Thu, 6 Jul 2006 00:23:08 -0500 (CDT) 
http://www.networkworld.com/news/2006/070506-argonne-national-lab.html

By Cara Garretson
NetworkWorld.com
07/05/06 

Argonne National Laboratory, a division of the Department of Energy
(DOE) operated out of the University of Chicago, is spearheading an
effort to collect information about cyber security events that is
beginning to gain steam.

Called The Federated Model, this information-sharing initiative among
government, universities, and research labs began last fall and
currently has about half a dozen active members, says Scott Pinkerton,
manager of network services for the lab in DuPage County, Ill.

The initiative is open to any organization wanting to share details,
or even just view information, regarding attempts by different IP
addresses to access networks and how organizations have responded to
these attempts, in an effort to spot patterns of malicious behavior
and proactively block security threats, says Pinkerton.

For example, if one member of the Federated Model suffers an attack
from a certain IP address, another member may be able to block that IP
address from accessing its network and thwart a second attack, he
says.

"We're reinforcing the idea that we could be smarter, and more
prepared," Pinkerton says. While the number of members is growing,
Pinkerton says The Federated Model hasn't yet hit critical mass.

Pinkerton discussed The Federated Model's progress at Network World?s
IT Roadmap conference held in Chicago late last month during a session
on security. He stressed the importance of monitoring NetFlow data to
search for zero-day attack traffic patterns, a practice his department
engages in. NetFlow is a Cisco technology for storing traffic flow
histories on routers and switches.

Argonne has taken on the development of The Federated Model's
repository and laid out specifications to be used for submitting and
accessing information. Following IETF standards, data is submitted in
XML format that is encrypted. The lab is working on adding features,
such as an RSS feed that would tell members when new information has
been added to the repository, Pinkerton says.

What's valuable about this data is not only learning what IP addresses
are doing, but what organizations are doing in response to potential
threats, says Tami Martin, intrusion detection systems engineer with
Argonne. "You're learning the reactive measures other sites are
taking," she says. "Also of intrinsic value is [learning] the severity
of the action taken."

Eventually, members could get to the point where they can completely
thwart an attack by following the actions of a trusted member, says
Pinkerton.

All contents copyright 1995-2006 Network World, Inc



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] DOE's Federated Model aims to identify security threats, InfoSec News <=
Previous by Date:  [ISN] Identity Thief Finds Easy Money Hard to Resist, InfoSec News
Next by Date:  [ISN] Security expert dubs July the 'Month of browser bugs', InfoSec News
Previous by Thread:  [ISN] Identity Thief Finds Easy Money Hard to Resist, InfoSec News
Next by Thread:  [ISN] Security expert dubs July the 'Month of browser bugs', InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]