Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] FIDNet kommt zurück,

 Intrusion-detection net revived

 Diane Frank 
 Federal Computer Week, 275.2002

 The General Services Administration and Carnegie Mellon University this
fall will start testing a new technology to analyze and report on
patterns in the cyber intrusion information gathered across government,
an idea that was first floated and eventually sunk two years ago.

 The data analysis capability (DAC) being developed by the CERT
Coordination Center for GSA's Federal Computer Incident Response Center
will analyze data already being collected by intrusion- detection
systems at many agencies, said Sallie McDonald, assistant commissioner
for information assurance and critical infrastructure protection at GSA. 

 Those systems typically report on unusual or unauthorized network
activity that might indicate that someone is attempting to attack or
break into agency systems. The DAC will gather data from the sensors or
from agencies' own analyses at a central point within FedCIRC for
identification of potential vulnerabilities and attacks.

 That analysis will then be shared with participating agencies, along
with steps to protect against, react to or recover from any incidents,
McDonald said. FedCIRC is the overarching source for security incident
warnings and analysis for all civilian agencies.

 The idea of a governmentwide system for analyzing intrusion-detection
data first emerged in 1999 as part of the Clinton administration's
National Plan for Information Systems Protection.

 Privacy concerns raised by advocacy groups and Congress after erroneous
reports that the analysis would be performed on private-sector networks
as well as government networks forced GSA and the administration to
withdraw the proposed Federal Intrusion Detection Network in 2000. 

 Even as more agencies turn to vendors for intrusion data analysis
within their own networks, this type of centralized analysis capability
is a necessary tool for raising the entire government's information
security posture, said Amit Yoran, a former director of the Defense
Department CERT's Vulnerability Assessment and Assistance Program.

 And it is technically feasible to analyze the vast amount of
information that the DAC will have to handle from all of the civilian
agencies, said Yoran, co-founder of Riptech, a managed security services
company. Riptech handles approximately 2 terabytes of incident
information every day from all of its government and industry clients,
he said.

 As an incentive for agencies, GSA will allow participants in the pilot
project to use the technology to analyze their own incident information
in real time, McDonald said. That analysis will then be sent to FedCIRC
to map the governmentwide incident and vulnerability status.

 If the pilot project is successful, the DAC is expected to reach full
operating ability in fiscal 2003, she said.

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.