well, sans has said in the past they dont raise their color unless there is an immediate threat i think. i think chris, in this thread be4 said the differences pretty well.
On Thu, Dec 4, 2008 at 10:36 PM, n3td3v <[EMAIL PROTECTED]> wrote: > On Thu, Dec 4, 2008 at 3:03 PM, Chris Jeane <[EMAIL PROTECTED]> wrote: >> The Project Chroma Project website reads(I have highlighted the colors in >> black so that they are readable): >> >> Green level: There is negligible threat to online security. >> Ok this one is pretty simple. >> >> Yellow level : There is a minimal level of threat, and this must be >> monitored and contained. >> The SAN ISC says : "We are currently tracking a significant new threat. The >> impact is either unknown or expected to be minor to the infrastructure. >> However, local impact could be significant. Users are advised to take >> immediate specific action to contain the impact." >> You are giving an abbreviation version of something that already exists and >> is excepted. >> >> Orange level: This level of threat indicates there are parties who are >> actively engaging in cyber-warfare. Caution is required when online. >> Caution is always required when online. If you are in an area >> (country/province/region) that is affected by cyber attacks you will have >> limited/no access the internet. If only your company/person is being >> assaulted from cyberspace the attack would probably go unnoticed by this >> monitoring system. If the attackers were commiting a DDOS attack on several >> specific non-infastructure targets, you internet access my slow/go dark, but >> is that really a threat to you? or one you can protect agianst? >> >> Red level: This level indicates a full blown cyber-war. It indicates >> very high probability of all communications being intercepted. >> The use of the term 'full blown cyber-war' seems like a overarching scare >> tactic. We have yet to see what cyber-warfare looks like. Estonia was a one >> sided cyber ambush, not two entites engaging in war. The alerts should be >> more generic and accompanied by an acessment of the actual current >> situation. If something like 'Code Red' where to infect the internet agian >> this alert calling it cyber-war would be a misnomer. >> >> While homeland security's implementation does not seem to have a real >> world merit, such a threat level would certainly be very useful in the >> online security realm. >> Who is this useful to: Security processionals, end users, governmental >> agencies? How and why as similar systems already exist? >> >> Please disseminate this announcement of the >> project Chroma levels for online security. The immediate mission of >> the project is to be picked up by the antivirus and security tools >> vendors, so as to add the color codes to their products and provide >> users with a tangible measure of their online security. >> Yellow is not a tangible measure of their online security. If perhaps an >> Online Security/IPS package knew that a DDoS attack was coming for an >> address segment of the internet and it requested that I block traffic from >> those attackers until an all clear or Green >> status was given. That is tangible and actionable. >> >> Current status: Threat level Yellow. >> Your current is higher than SANS ISC. Do you know something they don't? >> > > Symantec / Securityfocus is currently Yellow as well. > > Maybe its SANS that are out of the loop afterall. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
