GLOBAL GUARD MEETING
November 10, 1998
9:00 – 10:00
3085 ENG II
In attendance:
Karl Levitt, Steven Templeton, Jeff Rowe, and David O’Brien
-
CIDF Concerns
-
Personnel
-
Stuart to subcontract possibly
-
Mike Erlinger do some work
-
Final Discharge Condition
-
Turn it over to IETF or come up with an implementation that people would
use.
-
Direction for Global Guard Project
-
Subcontract with AeroSpace
-
Yemini and Mike Erlinger involved
-
What’s needed to get started?
-
Yemini has SMART system that we need to sign disclosure statements for.
-
Focus on correlation part
-
Rules and language that describe security events
-
Discernable Symptoms à Diagnose Problem
(Confidence Level) à Response
-
Inputs are Intrusion Detection Systems
-
Denial of Service
-
Modeling – set threshold levels of acceptability (i.e. 0.5% difference
in packets in or out of a router
-
Create category of general unhealth
-
Problems with redundancy
-
Refinement or iteration on existing technology or come up with new technology?
-
Modeling attacker?
-
Questions of scale – warfare intrusion detection or everyday man’s intrusion
detection
-
Ideally have a framework that handles both
-
Need to know the state of the host
-
Limited by ability to monitor (see diagram)

-
Future Meetings
-
Brainstorming Session from 1:00-3:00 Monday, November 16 in 3085 ENG II
-
Karl will bring slides
-
David O’Brien’s Papers to Review
-
Jeff to talk about limitations of GrIDS
-
Jeff will come up with some scenarios