Path:
Home >
GB/T >
Page253 > GB/T 28517-2012
Price & Delivery
US$1169.00 · In stock · Download in 9 secondsGB/T 28517-2012: Network incident object description and exchange format
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See
step-by-step procedureStatus: Valid
| Std ID | Version | USD | Buy | Deliver [PDF] in | Title (Description) |
| GB/T 28517-2012 | English | 1169 |
Add to Cart
|
8 days [Need to translate]
|
Network incident object description and exchange format
|
Click to Preview a similar PDF
Basic data
| Standard ID | GB/T 28517-2012 (GB/T28517-2012) |
| Description (Translated English) | Network incident object description and exchange format |
| Sector / Industry | National Standard (Recommended) |
| Classification of Chinese Standard | L09 |
| Classification of International Standard | 35.020 |
| Word Count Estimation | 53,517 |
| Quoted Standard | GB/T 12406-2008; IETF RFC 1305; IETF RFC 2030; IETF RFC 2256; IETF RFC 2396; IETF RFC 2822 |
| Regulation (derived from) | National Standards Bulletin No. 13 of 2012 |
| Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China |
| Summary | This standard provides a description of the computer network security incidents common data format for computer security incident response group exchanged between network security incidents, and provides a reference implementation of XML. This standard ap |
GB/T 28517-2012: Network incident object description and exchange format
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Network incident object description and exchange format
ICS 35.020
L09
National Standards of People's Republic of China
Network security event description and exchange format
Issued on. 2012-06-29
2012-10-01 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions, abbreviations 1
3.1 Terms and definitions
3.2 Acronyms 3
4 Symbol Conventions 3
The underlying data type 5 security event description and interchange format - 4
5.1 Integer 4
5.2 Real 4
5.3 4 characters and strings
5.4 Byte 4
5.5 enumerated type 4
5.6 Date - Time 4
5.7 NTP timestamp 4
5.8 4 port list
5.9 Postal address 5
Individual or organization 5.10 5
Telephone and fax numbers 5.11 5
Email 5 5.12
5 5.13 Uniform Resource Identifiers
5.14 uniquely identifies 5
6 Security event description and interchange format - 5
6.1 Overview 5
6.2 IODEF document class 6
6.3 Security Event Class 6
6.4 Event ID Class 9
6.5 Optional identity class 9
6.6 10 class-related activities
6.7 Other data class 11
6.8 Contact Class 12
6.9 Registration Authority to identify the class 14
6.10 Time Class 14
6.11 expectations Class 15
6.12 attack class 16
6.13 Assessment Class 17
6.14 History Class 20
6.15 anomaly data class 21
6.16 stream classes and class system 24
6.17 Node Class 25
6.18 service class 27
6.19 record class 28
6.20 parser class 30
7 security event description and exchange format extensions and Implementation Guide 32
7.1 extension mechanism 32
7.2 Extended principle 32
Extended Examples 7.3 IODEF 32
7.4 Implementation Guide 40
Appendix A (informative) Security event descriptions and exchange formats Example 42
A.1 detect Code Red Notices 42
IODEF XML document with the signature of 44 A.2
A.3 Examples of using XML documents encrypted IODEF 45
References 47
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
This standard is mainly with reference to IETF (Internet Engineering Task Force) RFC5070, combined with Computer Network Emergency Response System in China
The actual situation developed.
The standard proposed by the Ministry of Industry and Information Technology of the People's Republic of China.
The standard by the China Communications Standards Association.
This standard was drafted. National Computer Network Emergency Response Technical Coordination Center of Tsinghua University.
The main drafters of this standard. Huangyuan Fei, Yuan Chunyang, Duan Haixin, Sun Weimin, Yang Zhen, Zhou Yonglin, Xu Jiao record, Jiyu Chun Liang Sheng, Wu Junhua,
Sun Bin.
Introduction
With the development of the Internet, a computer network security incidents to break the boundaries of the country or region, across multiple organizations, Emergency Response Team
Cooperation between the organizations also broke the borders, language and cultural constraints. In this context, China set up a special National Computer Network Emergency Response Technical Department
Li Coordination Center (CNCERT/CC), responsible for coordinating domestic Computer Security Emergency Response Team work together on the National Public Security on the Internet
Full event; related telecom companies, security service providers, large state-owned companies, educational and research institutions and national authorities have gradually established
Computer Security Incident Response Team (referred to as the Emergency Response Team or CSIRT). In order to improve the ability to respond to various emergency response groups for security incidents
And prevention capabilities, between our various specification describes the Emergency Response Team security incidents and interchange format standard is formulated (IODEF).
IODEF mainly used for the exchange of information between the Emergency Response Team event handling system (IHS), it is a representation of the communication protocol layer,
Application environment shown in Figure 1.
1 depicts security incidents interchange format application environment
Under normal circumstances, the emergency response team needs a software tool to generate security event-related information IODEF incident reports, and then
Sent via a communication protocol (such as HTTP, SMTP, etc.) to other relevant organizations; when the CSIRT receive additional CSIRT, network service providers,
When a user or other organizations sent over IODEF documents generally require event handling system IODEF parsing module or independent
The IODEF parser generate consistent internal CSIRT defined data format, and then save it to a local event reporting database, and enter
Event handling process.
Network security event description and exchange format
1 Scope
This standard specifies a description of the computer network security incidents of a common data format to facilitate inter-Computer Security Emergency Response Team into
Line switching network security events, and provides a reference implementation of XML.
This standard applies to computer security emergency response between groups of computer network security incidents exchange, but also for the construction and maintenance of computer
Network security event handling system reference.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) used in the present document.
GB/T 12406-2008 Codes for the representation of currencies and funds (ISO 4217.2001, IDT)
IETFRFC1305 specification and implementation of the Network Time Protocol (NetworkTimeProtocol (Version3) Specification,
Implementation)
IETFRFC2030 for IPv4, IPv6 and OSI Simple Network Time Protocol Version 4 (SimpleNetworkTime
Protocol (SNTP) Version4forIPv4, IPv6andOSI)
IETFRFC2256 For LADPv3 the X.500 user program overview (ASummaryoftheX.500 (96)
UserSchemaforusewithLDAPv3)
IETFRFC2396 uniform resource identifier (URI). General Syntax (UniformResourceIdentifiers (URI). Generic
Syntax)
IETFRFC2822 Internet Message Format (InternetMessageFormat)
3 Terms and definitions, abbreviations
3.1 Terms and Definitions
The following terms and definitions apply to this document.
3.1.1
Attack attack
System security attacks, mainly from man-made, technological threats. For example, attempts to evade security services and violate the security system
A technically aggressive behavior policy.
Attack may be active, it may be passive; may come from internal personnel, who may be from outside.
3.1.2
An attacker attacker
In order to achieve some kind of (some of) the purpose of the individual to try one or more attacks. In this standard, the attacker identified by its network, the network launched
Or organization of cyber attacks and the physical location information (optional) will be described.
3.1.3
Computer Security Incident Response Team computersecurityincidentresponseteam; CSIRT
Processing computer network security incidents and creating a safe event reporting organization. CSIRT may also involve the collection and preservation of evidence, Ann
...
