Any working TCP/IP connection can transmit covert data by encoding the data in the sequence numbers. Let's not forget to block/allow new protocols such as described in RFC 1149
On 5/7/07, Open Phugu <[EMAIL PROTECTED]> wrote:
On 5/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > >From: Sebastian Benoit <[EMAIL PROTECTED]> > > > >If you want deny users the possiblility to smuggle data outside of > their > >workplace (or whatever) then don't connect them to the internet. > > No, no, no. You must go one step beyond this if you want to > prevent employees from smuggling data. To do this properly, copy > machines should be remove! Pen, pencils and papers removed! > Employees should be searched for thumb drives, zip drive, floppy > drives, tape recorders, papers, cd's, dvd's, and burners. It's > better to strip search them just to be sure. As a matter of fact, > because humans are so innovative, all materials should be removed > from the office because I'm sure someone will come up with some way > to write something down. Oh, don't forget to remove phones, faxes > and cell phones, and cameras. You should only hire people who > don't know how to read or write to reduce the work load of > preventing others from smuggling data. It's probably best that > they don't know how to receive or transmit any form of > language/communication either. Also, make the whole building a large faraday cage to prevent them from using radio communication. And have automatic direction-finding recievers to triangulate the location of (l)users who attempt to use radio. In fact, there is a much cheaper method: don't hire humans. _Every_ compromise of security or instance of data exfiltration has been traced back to a human action. If you don't have humans, you don't have problems.
