Logo

Credit Advancement | Bad Credit Cards
Home | Directory | Guide | Blog
Credit Cards | Michigan Credit Card | Credit Card | Chase Credit Card | Gift Credit Cards | Shell Credit Card | Credit Card Debt | Credit Card Offers | Credit Card Processing | Gas Credit Cards

Intrusic Warns Enterprises about the Dangers of Covert Data Channels

Intrusic Warns Enterprises about the Dangers of Covert Data Channels

Intrusic's Security Software Solution Pinpoints Covert Data Channels



WALTHAM, Mass.--(BUSINESS WIRE)--July 6, 2004--Intrusic, the first and only security software company to specifically target the insider threat, today announced an effort to educate enterprises and organizations about the dangers of Covert Data Channels--a common method malicious hackers use to hijack Internet protocols to create a secret doorway into networks.
"Malicious hackers who have infiltrated an enterprise or organization's network use Covert Data Channel methods so they can secretly move through the firewall protections without tripping any of the conventional security measures generally protecting a network," said Jonathan Bingham, president of Intrusic. "This kind of backdoor access also allows malicious hackers to funnel arbitrary data into and out of a network without detection."

What is a Covert Data Channel?

A Covert Data Channel is a mechanism for transporting arbitrary data in and out of a network under the guise of another form of data. It tunnels through various application or network layer protocols. An example of a Covert Data Channel is a Reverse HTTP Tunnel.

What is a Reverse HTTP Tunnel?

A Reverse HTTP Tunnel is a connection that flips the role of desktop and server, allowing information to flow from the desktop to a server based on a request originating from a server. This tunnel typically connects through Port 80 on a firewall - the most likely Web surfing port.

How Reverse HTTP Tunnels Work

Reverse HTTP Tunnels exploit the fact that enterprises and organizations allow employees unlimited and easy access to the Internet. When an insider initiates a Web request, the access control checks for any restrictions and upon finding none, allows the request to proceed, adding an entry into its state table. The connection is now cleared to send and receive arbitrary amounts of data in either direction. Almost every desktop inside of a network has permission to connect to the Internet.

Communication between a desktop and server typically works like this:

1. The desktop sends out a request to the server

2. The server sends back a response

3. Information flows from server to desktop

After infiltrating the network, a malicious hacker establishes a Reverse HTTP Tunnel. Both Microsoft and Unix systems allow this, because there can be legitimate uses for this technique. But, a malicious hacker is not surfing the Web. Instead, he is connecting the compromised desktop with a rogue server out on the web. The hacker now uses its control channel as a reliable covert entry point into the organization, as well as a data funnel to move arbitrary information in and out of the network. Since a firewall believes the desktop is simply downloading Web pages it never notices the behavior or alerts system administrators.

"Once safely within the walls of the encrypted tunnel, it is virtually impossible for anti-virus or intrusion detection software to identify the malicious code," notes Tom Kellerman of the World Bank and author of The Digital Insider. "Furthermore, these encrypted tunnels provide a direct route right through the network firewall."

"When you read about enterprises being compromised and having source code or credit card numbers stolen, the malicious hackers most likely have been inside the system for several days to several months. In most cases, scrutinizing the network traffic would highlight the utilization of Covert Data Channels as mechanisms for re-entry and import/export of data done under the radar," Bingham said. "This method is so effective that most enterprises don't realize they have been compromised until the source code is posted on the Internet, the malicious hacker begins using the stolen credit card numbers, or in the case of power companies, the lights go out."

Protecting Against Covert Data Channels and Other Insider Threats

Covert Data Channels violate the Physics of Networks, Intrusic's groundbreaking theory that legitimate communication between systems, applications, users and networks is grounded in fundamental laws that are easily broken when an intruder breaks in under disguise. Although these malicious hackers try to cover their tracks once inside, their illicit use of the network changes the way components interact. Intrusic's software solution, Zephon, is the only product currently in the market that can find these changes and track them back to the source. The utilization of Covert Data Channels is one of the violations identified by Zephon.

About Zephon

Zephon copies traffic from the internal network and then deploys sophisticated, corollary analysis to determine if host systems have been compromised. The result of the analysis is a complete, easy to understand assessment of the nature, scope and extent of a compromise providing companies with all of the tools necessary to prevent damage to the business. Because it operates in near real-time, Zephon is the only product capable of detecting the dangerous action of "sleeper cells" which employ techniques such as stateless attacks - commonly regarded as the stealthiest way in and out of an organization's network.

Zephon is commercially available now. Pricing is set on a per-server licensing fee. For more information, contact Intrusic at info@intrusic.com.

About Intrusic

Intrusic, Inc., based in Waltham, Mass., was founded by a group of security experts in 2002 to create a solution to one of the most insidious threats to global networks, the "Insider Threat." The real danger to enterprises, organizations and governments goes beyond perimeter attacks, but to unauthorized intruders already inside networks engaging in "noiseless action," the execution of internal espionage. Intrusic's world-class executive team has developed Zephon, a ground-breaking solution to identify compromised networks and map the full extent of the breach by providing full forensics. For more information visit us at www.intrusic.com. To stay informed with the latest from Intrusic, and to receive our newsletter, contact insider@intrusic.com.

Contacts


The Racepoint Group
Thomas C. Ford, 617-583-1337
tford@racepointgroup.com

[ Comment, Edit or Article Submission ]

Share this:

Add To Del.icio.us Add To Reddit Add To Yahoo MyWeb Add To Google Bookmarks Add To Furl Fav This With Technorati Add To Newsvine Add To Bloglines Add To Ask Add To Windows Live Add To Slashdot Stumble This Digg This

More about:

Dec January 2009 Feb
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Related Blog of Credit Advancement | Bad Credit Cards on Sphere Credit Advancement | Bad Credit Cards Blog on Technorati

New Posts on Blog RSS Blog New Posts Feed Atom Blog New Posts Feed

References:
X CATALOGUE
X GUIDES


Identity Truth Protection Against Identity Theft

X LINKS
capital one credit cards | credit cards for teens | credit card calculator | prepaid credit cards for teens | credit card applications | doEvaTr128134249ckPgS
Credit Advancement | Bad Credit Cards Credit Advancement | Bad Credit Cards
Copyright © 2008 www.credit-advancement.com. All rights reserved.
Homepage | Blog | Advertise | Site Map | Privacy | Disclaimer | Contact | Links