Vulnerability Development mailing list archives
Re: Covert Channels
From: Anton Aylward <aja () si on ca>
Date: 23 Oct 2002 18:30:11 -0400
On Wed, 2002-10-23 at 17:29, Blue Boar wrote:
Anton Aylward wrote:On Wed, 2002-10-23 at 16:34, Blue Boar wrote:The specifics aren't important. The number of way to implement some attacks, and the number of ways to bypass an IDS are also infinite.I doubt that, but even if it is so, and IDS is limited to the network whereas a convert channel could - as I illustrated - be anything. It cold be whether I leave my blinds open at night. in this case, the set of covert channels is transfinite.If you want to take covert channels outside of the realm of computer networks, there's no reason the concept of an IDS couldn't as well. The airport x-ray IDS is perfectly capable of detecting the midget-in-luggage attack.
Indeed, if one wants to imagine such things, then one is only limited by ones imagination. Which may differ, as the saying goes, from mine. No, I'm talking about reality. I'm talking about actual cases of "espionage". Mind you, these supposed "detection" mechanisms are iffy. There was the case, I'm sorry I don't recall names, perhaps someone can assist me, where a scientist of Chinese ancestry working at a US lab that at one time did weapons research, was supposed to have stolen secrets. In actual fact the computer disk concerned had merely been misplaced. If you look at the reality of "leaks" of information, even information that was sourced on a computer, leaking of a network is small-fry compared to what actually happens. Look at the laptops that go missing; look at the paper that gos missing. Look at the visitors with photographic memory" - to reference another thread in the fw-wiz list ;-) What you're really saying is that since your expertise is technical, you are going to make this a technical problem so you can solve it. Sorry, the world isn't that simple. This is one of the major flaws in our approach to information security in general. The computer, the network, is just one medium and use of the information. There are others, lots of them. No IDS is going to stop a social engineering attack. No IDS is going to stop a key person from going to a competitor and using his (or her) experience to fast-track development that replicates the "new widget" there. (Evidence is that NDAs don't either but that's anther matter.) When you're running a company or a R&D lab or something and are concerned about information leakage, you look at more than just the network for covert channels. That's the reality of business. /anton
Current thread:
- RE: Covert Channels, (continued)
- RE: Covert Channels Cade Cairns (Oct 24)
- Re: Covert Channels Roland Postle (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Message not available
- Message not available
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Roland Postle (Oct 24)
- RE: Covert Channels Omar Herrera (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)