Home page logo
/

basics logo Security Basics mailing list archives

(New?) Network Security Model/Terminology
From: John Richard Moser <nigelenki () comcast net>
Date: Thu, 16 Dec 2004 22:40:21 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[I am not yet subscribed, but am pending a confirmation message; please
CC me results]

I've been working on a response[1] to the NSA paper, "The Case for Using
Layered Defenses to Stop Worms,"[2] in which I detail what Open Source
Software is available to implement an example Defense-in-Depth matrix
based on said paper.  In the course of doing this, I have had to divide
up the logical network topology to create a basic concept to guide the
implementation.

[1] http://woct.sourceforge.net/defmatrix/defmatrix.html
[2]
http://woct.sourceforge.net/xoops/modules/mylinks/singlelink.php?cid=2&lid=1

I am wondering about the model I have designed, and about two pieces of
terminology I have created.  I need to know if the model already exists
and has a name; and I need to know about the terminology "Malstream" and
"Purestream," which I created to help differentiate between legitimate
and illegitimate traffic.  If these concepts already exist under other
names, I would like to have those names and references to detail these
concepts, so that my paper may better conform to existing terminology
when it is completed.

The model is a Three-Tier Security Model[3], and is detailed inline in
the paper.  A visual depiction of the model[4] is also available.

[3] http://woct.sourceforge.net/defmatrix/defmatrix.html#ttiersm
[4] http://woct.sourceforge.net/defmatrix/3tier.png

The illustration uses the terms "Malstream" and "Purestream" to
illustrate the effects of the 3-Tier model.  "Malstream" is network data
associated with attacks, port scans, malware (such as attached e-mail
worms or specially corrupted jpeg images), Worm Control Protocols,
spoofed packets, etc.  "Purestream" is the pure, legitimate traffic
destined for Web servers or for hosts which have requested and
established an external connection.  Ideally, all "Malstream" should be
filtered out, and all "Purestream" should be delivered.

If the concepts attached to my terminology do not already exist, then I
would like to take credit for the design of the 3-Tier model and the
creation of the "Malstream" and "Purestream" terms; however, I cannot
imagine that as a hobbyist without yet formal security training that I
could create new concepts in the security field.

- --John

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBwlUdhDd4aOud5P8RAkLOAJ4piGgmdkosidFMMr7q70ISxK8m+wCdHwtm
G+xil44EhrWIZGXho2+DoZA=
=gPQw
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]