GLOBAL GUARD MEETING
November 10, 1998
9:00 – 10:00
3085 ENG II

  In attendance:
Karl Levitt, Steven Templeton, Jeff Rowe, and David O’Brien
    1. CIDF Concerns
      1. Personnel
        1. Stuart to subcontract possibly
        2. Mike Erlinger do some work
      2. Final Discharge Condition
        1. Turn it over to IETF or come up with an implementation that people would use.
    2. Direction for Global Guard Project
      1. Subcontract with AeroSpace
      2. Yemini and Mike Erlinger involved
      3. What’s needed to get started?
        1. Yemini has SMART system that we need to sign disclosure statements for.
      4. Focus on correlation part
        1. Rules and language that describe security events
        2. Discernable Symptoms à Diagnose Problem (Confidence Level) à Response
        3. Inputs are Intrusion Detection Systems
        4. Denial of Service
        5. Modeling – set threshold levels of acceptability (i.e. 0.5% difference in packets in or out of a router
        6. Create category of general unhealth
        7. Problems with redundancy
      5. Refinement or iteration on existing technology or come up with new technology?
        1. Modeling attacker?
        2. Questions of scale – warfare intrusion detection or everyday man’s intrusion detection
          1. Ideally have a framework that handles both
        3. Need to know the state of the host
        4. Limited by ability to monitor (see diagram)
    3. Future Meetings
      1. Brainstorming Session from 1:00-3:00 Monday, November 16 in 3085 ENG II
      2. Karl will bring slides
      3. David O’Brien’s Papers to Review
      4. Jeff to talk about limitations of GrIDS
      5. Jeff will come up with some scenarios