RE: Covert Channels

[Frank Knobbe <fknobbe () knobbeits com>]

> -----Original Message-----
> From: Jose Nazario [mailto:jose () monkey org] 
> Sent: Wednesday, October 23, 2002 9:36 AM
>
> for the reasons clearly stated by several bright individuals on this
> topic
> previously, any product which claims to detect and defeat covert
> channels
> on a network (or even a multiuser system) is snake oil.

For the most part yes. But cutting through the snake oil, aren't there
products that attempt to detect steganography (i.e. examining images in
transit to check if they contain hidden messages)? I would consider this
a covert channel as well.

But that is exactly my point. We're not there yet. But do you see this
field looming in front of us? More and more companies have better
firewalls and IDS and virus scanners and backdoor checkers, etc. I think
those companies (once other issues, like Brennan mentioned, are below
critical levels) might take a look and say: Wow, we're there, we seems
to be secure. Let's see what leaks...

Also, I'm aware that 'defeating covert channels' is not possible. But we
should make an effort in developing ideas/methods to detect them.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part