FW: Intrusion Risk Assessment

["Peter Schwarz" <pschwarz () jwbpinellas org>]

Cisco PIX has several levels classifications of IDS ("Alerts", "Emerencies", and "Critical").  Using a logging agent on 
a server, you could configure notices for different services as well as which alerts you want to be notified of.
Pete

-----Original Message-----
From: Alan Shimel [mailto:alan () latis com]
Sent: Monday, January 06, 2003 3:58 PM
To: Robert_Huber () bankone com; focus-ids () securityfocus com
Subject: RE: Intrusion Risk Assessment


Robert

The only one I have heard of and that we use with our product is the 4
levels of criticality that snort uses.

alan

Alan Shimel
VP of Sales & Business Development
Latis Networks, Inc.

303-642-4515 Direct
516-857-7409 Mobile
303-642-4501 Fax

www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person
to which it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. 

-----Original Message-----
From: Robert_Huber () bankone com [mailto:Robert_Huber () bankone com] 
Sent: Monday, January 06, 2003 10:54 AM
To: focus-ids () securityfocus com
Subject: Intrusion Risk Assessment

Anyone know of any IDS risk assessment matrixes out there?  I'm looking
for something like the following:

Rating                          Severity
1  No Damage                    a.      Not possible to exploit (or)
                                b.      No damage (or)
                                c.      Hoax
                                 
2 Harassment                    a.      Possible damage, unconfirmed
(or)
                                b.      Temporarily shuts down services
and/or temporarily prevents access to information

3 Minor Damage                  a.      Short-term impact (or)
                                b.      Exploit allows access to view
files (or)
                                c.      Minimal effort required to
recover

4 Moderate Damage               a.      The exploit is easy to perform
(or)
                                b.      Important systems can be
effected with administrative compromise (or)
                                c.      Exploit allows full access to
files (or)
                                d.      Long-term effects, significant
effort may be required to recover

5 Heavy Damage          a.      The exploit is easy to perform (and)
                                b.      An exploit will cause severe
damage to multiple computers (and/or)
                                c.      Requires reinstallation or
recovery from backup


Robert Huber
Bank One Information Security
Phone: 302-282-2234
Pager: 888-646-3502



**********************************************************************
This transmission may contain information that is privileged,
confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
received this transmission in error, please immediately contact the
sender and destroy the material in its entirety, whether in electronic
or hard copy format. Thank you
**********************************************************************