Re: Covert Channels

From: Blue Boar (BlueBoarat_private)
Date: Wed Oct 23 2002 - 10:28:51 PDT

Next message: Frank Knobbe: "RE: Covert Channels"

Previous message: Wim Mees: "Re: HTML email and external embedded links."
In reply to: Jose Nazario: "Re: Covert Channels"
Next in thread: Michal Zalewski: "Re: Covert Channels"
Reply: Michal Zalewski: "Re: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jose Nazario wrote:
> for the reasons clearly stated by several bright individuals on this topic
> previously, any product which claims to detect and defeat covert channels
> on a network (or even a multiuser system) is snake oil.

No more than an IDS vendor.  An IDS does not stop, or even detect, all 
intrusions.  A covert channel detector would be the same thing (and would 
probably just be an IDS add-on.)  That is, it would detect known covert 
channel methods, might have some logic to detect some possible unknown 
attempts.  It would have frequent signature updates, etc... you know the drill.

If someone thinks an IDS is useful (and I'm not trying to say they aren't) 
then there is no reason to think a covert channel detector wouldn't be 
useful for the same reason.

						BB

Next message: Frank Knobbe: "RE: Covert Channels"
Previous message: Wim Mees: "Re: HTML email and external embedded links."
In reply to: Jose Nazario: "Re: Covert Channels"
Next in thread: Michal Zalewski: "Re: Covert Channels"
Reply: Michal Zalewski: "Re: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 10:46:37 PDT