Protect Your Information with Intrusion Detection (Power)
NIST also has made a contribution to research in the field of intrusion detection. The ICAT (Internet Categorization of Attacks Toolkit) database is one of the most important NIST achievements in this field. This database, available at http://icat.nist.gov/, merges and indexes attack and vulnerability databases developed by various organizations and centers, including CERIAS, FedCIRC, ISS X-Force, NIAP, SANS, SecurityFocus (formerly Bugtraq and NT Bugtraq), VulDa, etc. Besides the above-mentioned centers, ICAT complements its database with attacks obtained from hacker sites, such as http://www.rootshell.com, http://infilsec.com, and so on.
As a result, NIST has created one of the largest stores of attack and vulnerability descriptions, closely related to the CVE database. By September 9, 2002, this database contained more than 4800 records. Data registered in ICAT, after appropriate investigation, can also be included into the CVE database. In contrast to other databases—particularly the ones described in Chapter 2—ICAT categorizes each vulnerability by 40 different characteristics, including:
-
Manufacturers of vulnerable software or hardware (at the moment of this writing, the number of such manufacturers exceeded 500)
-
Name and version of the software or hardware
-
Risk level (high, medium, or low)
-
The source from which the vulnerability description was obtained (CERT, X-Force, Microsoft, SecurityFocus, etc.)
-
The source for exploiting this vulnerability (local or remote)
-
The type of attack that can be implemented by exploiting this vulnerability (for example, Denial of Service)
-
The result of exploiting this vulnerability (for example, interrupted availability)
-
Vulnerability type (buffer overflow, condition out of range, etc.)
-
Vulnerable operating system(s)
-
Application type (application server, protocol, protocol stack, OS)
-
Record type ("present in CVE," "candidate to CVE")
-
Date when the record was included into the ICAT database
And this is not all. I should mention that, besides the development of the ICAT database, NIST released a document in 2001 outlining requirements to intrusion detection systems [Mell-01].