On Wed, 2002-10-23 at 16:29, Michal Zalewski wrote:
> On Wed, 23 Oct 2002, Richard Masoner wrote:
>
> > In the Trusted Systems world, covert channel analysis and detection is
> > something that is done, and in that community it's considered science,
> > not snake oil.
>
> The discussion, as far as I recall, is about typical (n)IDS
> implementations that protect regular servers, trying to detect any hidden
> data streams established between two network endpoints. There are only two
> cases where this kind of detection would be useful compromised internal
> host, or a hostile user. Whether it makes sense to discuss and/or deploy
> this functionality, is one of the subjects of the discussion.

Quite so.
If you think of something like frequency-agile radio, we have the case
of a covert channel where neither endpoint is "compromised" and the
purpose of the technology in this case is to remain undetectable (by the
channels being barely above background noise) and untappable (since
something like a one-time pad is used to control channel switching).

/anton

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]