Saturday, September 22, 2007

Concept Document Available

Although nothing has actually been written on this document since June, I finally put up an overview/concept document I wrote (with the help of a few others, Gadi Evron in particular) to help define the problem space. does not take much creativity to imagine a toolset that utilizes the types of networks used by Skype, Gnutella, or Bittorrent to provide a global view of Internet threat activity where users might choose to view, contribute, or search security information sources as easily as they would share a directory on their filesystem or download MP3’s. Initially, this network might only provide equivalent data as DShield (sources, protocols, and ports) with several obvious advantages made possible through its distributed architecture: direct (i.e. non-aggregated) access to collection nodes, the lack of a single data owner, flexible group membership (and policy definition) whereby organizations and collections of individuals to share information within an Enterprise across the Internet.

A PDF version is also available, unless you are too scared to read PDFs anymore.

No comments: