Transport of Real-time Inter-network Defense (RID) Messages

Moriarty, Kathleen; Trammell, Brian

doi:10.17487/rfc6046

Cited by 5 publications

(14 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note: The Introduction, and Sub-sections 4.1 and 4.2, are informative, with the exception of references to IODEF/RID Transport [RFC6046]. Sub-sections 4.3, 4.4, and 4.5 are normative.…”

Section: Communication Between Network Providersmentioning

confidence: 99%

“…Consortiums would consist of a group of NPs and/or CSIRTs that agree to participate in the RID communication protocol with an agreed-upon policy and communication protocol facilitating the secure transport of IODEF/RID XML documents. Transport for RID messages is specified in the IODEF/RID Transport [RFC6046] document.…”

Section: Moriarty Informational [Page 12]mentioning

confidence: 99%

“…The messages may originate from IODEF messages from intrusion detection servers, CSIRTs, analysts, etc. A RID message uses the IODEF framework with the RID extension, which is encapsulated for transport [RFC6046]. Each RID message type, along with an example, is described in the following sections.…”

Section: Message Formatsmentioning

confidence: 99%

“…Each of the three listed classes may be the only class included in the RID class, hence the option for zero or one. In some cases, RIDPolicy MAY be the only class in the RID definition when used by the transport protocol [RFC6046], as that information should be as small as possible and may not be encrypted. The RequestStatus message MUST be able to stand alone without the need for an IODEF document to facilitate the communication, limiting the data transported to the required elements per [RFC6046].…”

Section: Incidentsourcementioning

confidence: 99%

“…The RID schema acts as an XML envelope to support the communication of IODEF documents for exchanging or tracing information regarding security incidents. RID messages are encapsulated for transport, which is defined in a [RFC6046]. The authentication, integrity, and authorization features each layer has to offer are used to achieve a necessary level of security.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Real-time Inter-network Defense (RID)

Moriarty¹

2010

Self Cite

View full text Add to dashboard Cite

Network security incidents, such as system compromises, worms, viruses, phishing incidents, and denial of service, typically result in the loss of service, data, and resources both human and system. Network providers and Computer Security Incident Response Teams need to be equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. Real-time Inter-network Defense (RID) outlines a proactive inter-network communication method to facilitate sharing incident handling data while integrating existing detection, tracing, source identification, and mitigation mechanisms for a complete incident handling solution. Combining these capabilities in a communication system provides a way to achieve higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations. RID has found use within the international research communities, but has not been widely adopted in other sectors. This publication provides the specification to those communities that have adopted it, and communities currently considering solutions for real-time internetwork defense. The specification may also accelerate development of solutions where different transports or message formats are required by leveraging the data elements and structures specified here. Moriarty Informational [Page 1] RFC 6045 RID November 2010 Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6045.

show abstract

“…Note: The Introduction, and Sub-sections 4.1 and 4.2, are informative, with the exception of references to IODEF/RID Transport [RFC6046]. Sub-sections 4.3, 4.4, and 4.5 are normative.…”

Section: Communication Between Network Providersmentioning

confidence: 99%

Section: Moriarty Informational [Page 12]mentioning

confidence: 99%

Section: Message Formatsmentioning

confidence: 99%

Section: Incidentsourcementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations