On Wed, 23 Oct 2002, Richard Masoner wrote: > In the Trusted Systems world, covert channel analysis and detection is > something that is done, and in that community it's considered science, > not snake oil. The discussion, as far as I recall, is about typical (n)IDS implementations that protect regular servers, trying to detect any hidden data streams established between two network endpoints. There are only two cases where this kind of detection would be useful compromised internal host, or a hostile user. Whether it makes sense to discuss and/or deploy this functionality, is one of the subjects of the discussion. > On a trusted system, for example, a user isn't going to modify the IP > header to steganographically send secret information, because he can't. Host-based application data flow control on trusted operating systems and/or applications, assuming the system itself isn't compromised in any way, is a different story. -- m
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 13:40:05 PDT