GB/T 28517-2012 English PDFUS$1169.00 · In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 28517-2012: Network incident object description and exchange format Status: Valid
Basic dataStandard ID: GB/T 28517-2012 (GB/T28517-2012)Description (Translated English): Network incident object description and exchange format Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L09 Classification of International Standard: 35.020 Word Count Estimation: 53,582 Quoted Standard: GB/T 12406-2008; IETF RFC 1305; IETF RFC 2030; IETF RFC 2256; IETF RFC 2396; IETF RFC 2822 Regulation (derived from): National Standards Bulletin No. 13 of 2012 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard provides a description of the computer network security incidents common data format for computer security incident response group exchanged between network security incidents, and provides a reference implementation of XML. This standard ap GB/T 28517-2012: Network incident object description and exchange format---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Network incident object description and exchange format ICS 35.020 L09 National Standards of People's Republic of China Network security event description and exchange format Issued on. 2012-06-29 2012-10-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions, abbreviations 1 3.1 Terms and definitions 3.2 Acronyms 3 4 Symbol Conventions 3 The underlying data type 5 security event description and interchange format - 4 5.1 Integer 4 5.2 Real 4 5.3 4 characters and strings 5.4 Byte 4 5.5 enumerated type 4 5.6 Date - Time 4 5.7 NTP timestamp 4 5.8 4 port list 5.9 Postal address 5 Individual or organization 5.10 5 Telephone and fax numbers 5.11 5 Email 5 5.12 5 5.13 Uniform Resource Identifiers 5.14 uniquely identifies 5 6 Security event description and interchange format - 5 6.1 Overview 5 6.2 IODEF document class 6 6.3 Security Event Class 6 6.4 Event ID Class 9 6.5 Optional identity class 9 6.6 10 class-related activities 6.7 Other data class 11 6.8 Contact Class 12 6.9 Registration Authority to identify the class 14 6.10 Time Class 14 6.11 expectations Class 15 6.12 attack class 16 6.13 Assessment Class 17 6.14 History Class 20 6.15 anomaly data class 21 6.16 stream classes and class system 24 6.17 Node Class 25 6.18 service class 27 6.19 record class 28 6.20 parser class 30 7 security event description and exchange format extensions and Implementation Guide 32 7.1 extension mechanism 32 7.2 Extended principle 32 Extended Examples 7.3 IODEF 32 7.4 Implementation Guide 40 Appendix A (informative) Security event descriptions and exchange formats Example 42 A.1 detect Code Red Notices 42 IODEF XML document with the signature of 44 A.2 A.3 Examples of using XML documents encrypted IODEF 45 References 47ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard is mainly with reference to IETF (Internet Engineering Task Force) RFC5070, combined with Computer Network Emergency Response System in China The actual situation developed. The standard proposed by the Ministry of Industry and Information Technology of the People's Republic of China. The standard by the China Communications Standards Association. This standard was drafted. National Computer Network Emergency Response Technical Coordination Center of Tsinghua University. The main drafters of this standard. Huangyuan Fei, Yuan Chunyang, Duan Haixin, Sun Weimin, Yang Zhen, Zhou Yonglin, Xu Jiao record, Jiyu Chun Liang Sheng, Wu Junhua, Sun Bin.IntroductionWith the development of the Internet, a computer network security incidents to break the boundaries of the country or region, across multiple organizations, Emergency Response Team Cooperation between the organizations also broke the borders, language and cultural constraints. In this context, China set up a special National Computer Network Emergency Response Technical Department Li Coordination Center (CNCERT/CC), responsible for coordinating domestic Computer Security Emergency Response Team work together on the National Public Security on the Internet Full event; related telecom companies, security service providers, large state-owned companies, educational and research institutions and national authorities have gradually established Computer Security Incident Response Team (referred to as the Emergency Response Team or CSIRT). In order to improve the ability to respond to various emergency response groups for security incidents And prevention capabilities, between our various specification describes the Emergency Response Team security incidents and interchange format standard is formulated (IODEF). IODEF mainly used for the exchange of information between the Emergency Response Team event handling system (IHS), it is a representation of the communication protocol layer, Application environment shown in Figure 1.1 depicts security incidents interchange format application environmentUnder normal circumstances, the emergency response team needs a software tool to generate security event-related information IODEF incident reports, and then Sent via a communication protocol (such as HTTP, SMTP, etc.) to other relevant organizations; when the CSIRT receive additional CSIRT, network service providers, When a user or other organizations sent over IODEF documents generally require event handling system IODEF parsing module or independent The IODEF parser generate consistent internal CSIRT defined data format, and then save it to a local event reporting database, and enter Event handling process. Network security event description and exchange format1 ScopeThis standard specifies a description of the computer network security incidents of a common data format to facilitate inter-Computer Security Emergency Response Team into Line switching network security events, and provides a reference implementation of XML. This standard applies to computer security emergency response between groups of computer network security incidents exchange, but also for the construction and maintenance of computer Network security event handling system reference.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) used in the present document. GB/T 12406-2008 Codes for the representation of currencies and funds (ISO 4217.2001, IDT) IETFRFC1305 specification and implementation of the Network Time Protocol (NetworkTimeProtocol (Version3) Specification, Implementation) IETFRFC2030 for IPv4, IPv6 and OSI Simple Network Time Protocol Version 4 (SimpleNetworkTime Protocol (SNTP) Version4forIPv4, IPv6andOSI) IETFRFC2256 For LADPv3 the X.500 user program overview (ASummaryoftheX.500 (96) UserSchemaforusewithLDAPv3) IETFRFC2396 uniform resource identifier (URI). General Syntax (UniformResourceIdentifiers (URI). Generic Syntax) IETFRFC2822 Internet Message Format (InternetMessageFormat) 3 Terms and definitions, abbreviations 3.1 Terms and Definitions The following terms and definitions apply to this document. 3.1.1 Attack attack System security attacks, mainly from man-made, technological threats. For example, attempts to evade security services and violate the security system A technically aggressive behavior policy. Attack may be active, it may be passive; may come from internal personnel, who may be from outside. 3.1.2 An attacker attacker In order to achieve some kind of (some of) the purpose of the individual to try one or more attacks. In this standard, the attacker identified by its network, the network launched Or organization of cyber attacks and the physical location information (optional) will be described. 3.1.3 Computer Security Incident Response Team computersecurityincidentresponseteam; CSIRT Processing computer network security incidents and creating a safe event reporting organization. CSIRT may also involve the collection and preservation of evidence, Ann ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 28517-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 28517-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 28517-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 28517-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
