On Thu, Dec 4, 2008 at 3:03 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: > The Project Chroma Project website reads(I have highlighted the colors in > black so that they are readable): > > Green level: There is negligible threat to online security. > Ok this one is pretty simple. > > Yellow level : There is a minimal level of threat, and this must be > monitored and contained. > The SAN ISC says : "We are currently tracking a significant new threat. The > impact is either unknown or expected to be minor to the infrastructure. > However, local impact could be significant. Users are advised to take > immediate specific action to contain the impact." > You are giving an abbreviation version of something that already exists and > is excepted. > > Orange level: This level of threat indicates there are parties who are > actively engaging in cyber-warfare. Caution is required when online. > Caution is always required when online. If you are in an area > (country/province/region) that is affected by cyber attacks you will have > limited/no access the internet. If only your company/person is being > assaulted from cyberspace the attack would probably go unnoticed by this > monitoring system. If the attackers were commiting a DDOS attack on several > specific non-infastructure targets, you internet access my slow/go dark, but > is that really a threat to you? or one you can protect agianst? > > Red level: This level indicates a full blown cyber-war. It indicates > very high probability of all communications being intercepted. > The use of the term 'full blown cyber-war' seems like a overarching scare > tactic. We have yet to see what cyber-warfare looks like. Estonia was a one > sided cyber ambush, not two entites engaging in war. The alerts should be > more generic and accompanied by an acessment of the actual current > situation. If something like 'Code Red' where to infect the internet agian > this alert calling it cyber-war would be a misnomer. > > While homeland security's implementation does not seem to have a real > world merit, such a threat level would certainly be very useful in the > online security realm. > Who is this useful to: Security processionals, end users, governmental > agencies? How and why as similar systems already exist? > > Please disseminate this announcement of the > project Chroma levels for online security. The immediate mission of > the project is to be picked up by the antivirus and security tools > vendors, so as to add the color codes to their products and provide > users with a tangible measure of their online security. > Yellow is not a tangible measure of their online security. If perhaps an > Online Security/IPS package knew that a DDoS attack was coming for an > address segment of the internet and it requested that I block traffic from > those attackers until an all clear or Green > status was given. That is tangible and actionable. > > Current status: Threat level Yellow. > Your current is higher than SANS ISC. Do you know something they don't? >
Symantec / Securityfocus is currently Yellow as well. Maybe its SANS that are out of the loop afterall. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/