Raphel

1 . A covert channel is a communication channel that violates a security policy by using shared resources in ways for which they were not initially designed (Cabuk, 2009). A storage covert channel involves a location to which the covert channel sender writes and from which the receiver reads. A timing covert channel is established when the sender can modulate the receivers response time in a way that can provide information. An excellent example of covert storage channels in a well known application is the ICMP error message echoing functionality. Due to ambiguities in the ICMP RFC, many IP implementations use the memory within the packet for storage or calculation. For this reason, certain fields of certain packets, such as ICMP error packets which echo back parts of received messages -- may contain flaws or extra information which betrays information about the identity of the target operating system. This information is then used to build up evidence to decide the environment of the target (Covert Storage Channel, cwe.mitre.org) . This is the first crucial step in determining if a given system is vulnerable to a particular flaw and what changes must be made to malicious code to mount a successful attack.

2. Module 4 does a very nice job in outlining the main concerns regarding TCP and IP protocol vulnerabilities. One vulnerability that I find that could have been enhanced, and discussed is the Domain Name System Spoofing (DNS). During the DNS attack, an attacker is able to acquire the DNS from a legitimate site and communicate with the victim computer and redirect traffic to the attackers server. There are many different techniques and software available to assist network administrators with the identification and mitigation of DNS spoofing. A technique, and process that may assist in the detection of a DNS spoofing attack is the LOT: A defense against IP spoofing and flooding attacks. LOT is a system developed by Gilad and Herzberg (2012) and has the ability to conduct a "tunnel" pathway that has the ability to detect malicious packets (Gilad, Herzberg 2012). These tunnels are positioned and ensure that an attacker does not have the ability to interject and "answer" with a bogus DNS. The programed "tunnel" would secure the traffic between the Domain Server and potential victim. The "tunneling" concept regarding packeging packets and creating a tunnel like process, appears to be succesful in both small and large organizations. The key behind tunneling is that an attacker does not have open access to obtain and provide a spoofed DNS to a victim computer.

Previous Next

Get help from top-rated tutors in any subject.

Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com