Covert channels could be funneling data out of your company

By Ron Condon, UK bureau chief 14 Apr 2008 | SearchSecurity.co.uk

Digg This!     StumbleUpon     Del.icio.us

And yet, there are plenty of techniques around that enable data to bypass the most watchful security set-up and to travel over covert channels that conceal their very existence. And if you think you are safe because you use digital certificates, think again – those very certificates could be carrying secret data without your knowledge.

This is the subject of the latest in our series of articles from recent MSc graduates at Royal Holloway College. The author, Carlos Scott, works as part of the security monitoring team at Vodafone, and says he chose to look at the problem because of its sheer complexity.

"The thing with network covert channels is that the possibilities are endless, due to the wide array of network protocols in use today," he says. "However, because they rely on legitimate communications, they become more effective the more trusted is the underlying legitimate traffic."

The article is an invaluable introduction to the subject for anyone wanting to find out about the various ways in which covert channels can be set up and run. Scott also discusses ways of detecting and preventing covert channels.

He explains that covert channels can be used by criminals to suck information out of an organisation, and also to support terrorist activity. While encryption can offer confidentiality, it does to hide the existence of the traffic. With covert channels, by contrast, the aim is to stay below the radar of anyone trying to monitor it.

The full title of Scott's thesis (which can be reached from a link at the end of the article) is 'Network Covert Channels: Review of current state and analysis of viability of use of X.509 certificates for covert communications'.

His thesis is that digital certificates, which most people regard as a guarantee of security, could actually provide hackers with a means of transmitting data unseen.

"When searching for a subject for my thesis, I reflected for a short while on what network traffic or protocol is perceived as being trusted, and digital certificates were the natural answer, as they imply trust themselves," he says. "I then basically looked for ways to misuse the trust placed on digital certificates to piggyback 'untrusted' or malicious communications, which you can find in the article."

Scott's article uncovers some of the many techniques that hackers use to hide their presence, and then focusing down specifically on the problem of digital certificates.

And he says the research has taught him the value of vigorous testing: "I firmly believe that looking for and finding flaws is the way to improve systems, as I consider not looking for them is a sign of complacency and slows down progress. That is particularly true in the infosec area."

To see Carlos Scott's article click HERE

Tags: Threat and Vulnerability Management,  Virtual Private Network Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Zeus botnet temporarily disrupted, but back in full force Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 Virtual Private Network Security Expert calls SSL protocol vulnerability a non issue DNSSEC deployment challenges can be overcome How to integrate the security of both physical and virtual machines Companies tackle iPhone security with remote access features Q&A: Paul Dorey on DLP, deperimeterisation How to patch Kaminsky's DNS vulnerability Network telescopes: a vital tool in beating threats Network access control will save public money in Nottingham Jericho Forum discusses deperimeterisation, COA guidelines Reading FC keeps email under control Network Security Management How to keep tabs on BitTorrent Network telescopes: a vital tool in beating threats Royal Holloway University of London MSc thesis Series NAC market failures spark some aggressive marketing Can CCTV camera security systems stop employee theft? Network access control will save public money in Nottingham Tor network 'bridges' help evade blockers Healthcare org eases compliance with network monitoring Arbor-Ellacoya deal melds security with broadband

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary