Protocol Action: The Intrusion Detection Exchange Protocol (IDXP) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved "The Intrusion Detection Exchange Protocol
(IDXP)" <draft-ietf-idwg-beep-idxp-07.txt> and "The TUNNEL Profile"
<draft-ietf-idwg-beep-tunnel-05.txt> as Proposed Standards.

The IESG has approved the publication of "Intrusion Detection Message
Exchange Requirements" <draft-ietf-idwg-requirements-10.txt> as an
INFORMATIONAL RFC.

These documents are the product of the Intrusion Detection Exchange
Format Working Group.  The IESG contact persons are Steve Bellovin 
and Jeff Schiller.

Technical Summary

In general Intrusion Detection Systems are divided into two classes
of entities. There are detection "Analyzers" which sit at various
points in the network, gather data and make intrusion determinations. 
"Managers" gather data from analyzers and present it for evaluation. 
Analyzers may communicate with many managers and managers may 
communicate both with many analyzers and other managers. IDXP is the 
protocol they use to communicate.

This document set consists of three documents. The Requirements
document defines the requirements established by the IDWG Working
Group for the IDXP protocol. It is being published as an 
Informational document.

The IDXP document defines the Intrusion Detection Exchange Protocol
(IDXP). IDXP is an application-level protocol for exchanging data
between intrusion detection entities. IDXP is itself layered on top
of BEEP (RFC3080).

The TUNNEL document defines a BEEP profile for having an application
level BEEP proxy tunnel data between two BEEP peers. This facility
is useful for controlled tunneling through firewalls. Because many
Intrusion analyzers may be located behind firewalls, it is necessary
for system managers to be able to tunnel data through appropriately
authorized BEEP proxies to managers that may be located on the other
side of the firewall. Although defined here for use in IDXP, the
tunneling facility is a general purpose BEEP facility.

Working Group Summary

There was working group consensus on these documents.

Protocol Quality

These documents were reviewed by Jeff Schiller and Steve Bellovin
for the IESG.


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux