Incident Handling: Real-time Inter-network Defense

Network security incidents, such as system compromises, worms, viruses, phishing incidents, and denial of service (DoS), typically result in the loss of service, data, and resources both human and system. Network Providers (NPs) need to be equipped and ready to assist in communicating and tracing security incidents with tools and procedures in place before the occurrence of an attack. This paper outlines a proactive inter-network communication method to facilitate sharing incident handling data and integrate existing tracing mechanisms across NP boundaries to identify the source(s) of an attack. The various methods implemented to detect and trace attacks must be coordinated on the NPs' network as well as provide a communication mechanism across network borders. It is imperative that NPs have quick communication methods defined to enable neighboring NPs to assist in reporting or tracking a security incident across networks. A complete solution integrating incident detection, source identification, reporting and communication capabilities, and methods to stop attack traffic is necessary to attain higher security levels on networks. Policy guidelines for handling incidents are recommended and can be agreed upon by a consortium using the security recommendations and considerations.