Re: [sleuthkit-developers] Application Categories - second try
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Application Categories - second try
|
From: Brian C. <ca...@sl...> - 2004-02-09 06:04:45
|
On Feb 8, 2004, at 10:40 AM, Matthias Hofherr wrote: > What about tools which are used by both blackhats and whitehats ? Where > would you place, e.g. nmap, packit ... ? I have no clue. I think we need to group them based on core functionality, not on historical associations. Therefore, nmap would go in the same category as all port scanners, even the nice windows GUI ones. I didn't add them to a category because i wasn't sure if there should be a network utilities category and if there was such a category what its requirements would be. I am unsure if port scanners are an attack security tool or a general network tool. I'm not sure where sniffers fit either. I would say that packit is an attack tool so it goes into the security-attack category. The categories can't reflect the intent of an installation or execution. Port scanners that have been customized to search for specific services and launch attacks or create config files that can be used for attacks have been designed to attack and would therefore go into the attack category and is considered different than nmap. After thinking about this, when these searches are conducted on the hard disk, we are looking for tools and files that serve a certain function. If we are looking at a server intrusion case, we want to know about all tools that could have played a role regardless if it is nmap or netcat or the network utilities program that comes with OS X. Maybe subcategories are a good idea. For example, there maybe a general network utilities category. You can select it as either all good or all bad, or you can select the state of each subcategory (host scanners, port scanners, sniffers). Any of these utilities that has been customized for attacking will be placed in the security attack category. > In which category whould you place child-porn ? It falls in the 'Multimedia Files' category because it is a graphical image file. child porn is such a unique and common case though, that I think it warrants a subcategory or a related multimedia category. This is tough! As a test for any taxonomy that we come up with, it would be useful if we could map the existing application types in the NSRL to them. thanks, brian |
