>Blocking covert channels may be futile, but detection is another matter :-). >Subverting the covert channel to disinform is left as an excercise for the >reader. It may be impossible to block a covert channel, but it's certainly not futile to try. It's long been accepted that all you can do is limit the bandwidth of the channel. I think someone already mentioned the figure 150 bits/sec. Although that was in relation to compartmentalizing security levels within a multi user system, you could imagine getting to a not too dissimilar figure for an IP link, depending on the amount of cover traffic present. I don't believe it's possible to prevent passwords, or control data being passed to and from a compromised host, but you would, for example, be able to prevent someone smuggling the entire Windows source tree out of Microsoft's network. Whether it's worth the effort in any but the most tightly controlled national security critical environments is another matter. - Blazde
This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 09:30:38 PDT