|
Firewall Wizards
mailing list archives
Re: Covert Channels (was dns outbound)
From: Andrew Brown <atatat () atatdot net>
Date: Tue, 18 May 1999 21:50:58 -0400
You're almost saying that a firewall needs to have design properties
from those A1 Orange book systems (which we all love to hate) by
being careful to eliminate leakage of information.
Hmm... I don't know the standards that well. I can't imagine they
do that effective a job of eliminating this threat. I wish I had
one I could try to fool.
ftp://ftp.leo.org/pub/comp/doc/security/orange-book/obook
(which is not an "official" site, but it serves my purpose :)
and also
http://pandonia.canberra.edu.au/ClientServer/week3/security.sgml-005.html
which comments on unix. higher grades of security cannot easily be
retrofitted onto a unix system.
defeating covert channels is a requirement of a system that's rated
"b2". the other "points" are:
http://pandonia.canberra.edu.au/ClientServer/week3/security.sgml-005.html
B2
formal security policy model
device labels
DAC and MAC (Message Authentication Code) (fancy checksums)
covert channel control
more extensive testing
--
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org * "ah! i see you have the internet
twofsonet () graffiti com (Andrew Brown) that goes *ping*!"
andrew () crossbar com * "information is power -- share the wealth."
 By Date 
By Thread
Current thread:
| 
Intro
