Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report
RFC 8953
| Document | Type |
RFC - Informational
(December 2020; No errata)
Was draft-moriarty-caris2 (individual)
|
|
|---|---|---|---|
| Author | Kathleen Moriarty | ||
| Last updated | 2020-12-16 | ||
| Stream | ISE | ||
| Formats | plain text html xml pdf htmlized bibtex | ||
| IETF conflict review | conflict-review-moriarty-caris2 | ||
| Stream | ISE state | Published RFC | |
| Consensus Boilerplate | Unknown | ||
| Document shepherd | Adrian Farrel | ||
| Shepherd write-up | Show (last changed 2020-07-03) | ||
| IESG | IESG state | RFC 8953 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | Adrian Farrel <rfc-ise@rfc-editor.org> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IANA Actions | ||
Independent Submission K. Moriarty
Request for Comments: 8953 Center for Internet Security
Category: Informational December 2020
ISSN: 2070-1721
Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop
Report
Abstract
The Coordinating Attack Response at Internet Scale (CARIS) 2
workshop, sponsored by the Internet Society, took place on 28
February and 1 March 2019 in Cambridge, Massachusetts, USA.
Participants spanned regional, national, international, and
enterprise Computer Security Incident Response Teams (CSIRTs),
operators, service providers, network and security operators,
transport operators and researchers, incident response researchers,
vendors, and participants from standards communities. This workshop
continued the work started at the first CARIS workshop, with a focus
on scaling incident prevention and detection as the Internet industry
moves to a stronger and a more ubiquitous deployment of session
encryption.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8953.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction
2. Accepted Papers
3. CARIS2 Goals
4. Workshop Collaboration
4.1. Breakout 1 Results: Standardization and Adoption
4.1.1. Wide Adoption
4.1.2. Limited Adoption
4.2. Breakout 2 Results: Preventative Protocols and Scaling
Defense
4.3. Breakout 3 Results: Incident Response Coordination
4.4. Breakout 4 Results: Monitoring and Measurement
4.4.1. IP Address Reputation
4.4.2. Server Name Authentication Reputation C (SNARC)
4.4.3. Logging
4.4.4. Fingerprinting
4.5. Taxonomy and Gaps Session
5. Next Steps
6. Summary
7. Security Considerations
8. IANA Considerations
9. References
9.1. Informative References
Acknowledgements
Author's Address
1. Introduction
The Coordinating Attack Response at Internet Scale (CARIS) 2 workshop
[CARISEvent], sponsored by the Internet Society, took place on 28
February and 1 March 2019 in Cambridge, Massachusetts, USA.
Participants spanned regional, national, international, and
enterprise Computer Security Incident Response Teams (CSIRTs),
operators, service providers, network and security operators,
transport operators and researchers, incident response researchers,
vendors, and participants from standards communities. This workshop
continued the work started at the first CARIS workshop [RFC8073],
with a focus on scaling incident prevention and detection as the
Internet industry moves to a stronger and a more ubiquitous
deployment of session encryption. Considering the related initiative
to form a research group (Stopping Malware and Researching Threats
[SMART]) in the Internet Research Task Force (IRTF), the focus on
prevention included consideration of research opportunities to
improve protocols and determine if there are ways to improve attack
detection during the protocol design phase that could later influence
protocol development in the IETF. This is one way to think about
scaling response, through prevention and allowing for new methods to
evolve for detection in a post-encrypted world. Although the
proposed SMART Research Group has not yet progressed, the work to
better scale incident response continues through the projects
proposed at CARIS2 as well as in future CARIS workshops.
2. Accepted Papers
Researchers from around the world submitted position and research
papers summarizing key aspects of their work to help form the shared
content of the workshop. The accepted papers may be found at
[CARISEvent] and include:
* Visualizing Security Automation: Takeshi Takahashi, NICT, Japan
* Automating Severity Determination: Hideaki Kanehara, NICT, Japan
Show full document text