Covert Channel Detection
Carter Bullard
carter at qosient.com
Thu Jul 20 17:32:44 EDT 2000
Gentle people,
Continuing the thread on new applications.
Covert channel detection/protocol discovery is
the number 1 issue on my list of things to do
for Argus-2.x. This, to me, is the primary
problem in enterprise security today, although
not publicly recognized.
A covert channel detector should be able to
indicate what protocols are being used by
flows, based on packet contents. I think it
should be knowledgeable of a limited number of
protocols (< 32), and it should have a generic
approach to protocol discovery for protocols
that it doesn't understand.
I think that Argus can do the best job at
this by doing some pattern recognition in the
user traffic. I think for most purposes,
being able to validate the protocol above the
transport layer would be a good start.
Is anyone interested in this type of work?
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 17A
New York, New York 10022
carter at qosient.com
Phone +1 212 813-9426
Fax +1 212 813-9426
More information about the argus
mailing list