Your company sells toys online worldwide, which is supported by a three-tiered E-Commerce web-based system. You observed an egress pattern of traffic from the EC system to a remote host. You suspect it is a covert timing channel. Which of the following is the least concern in terms of the covert channel?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. ARP.
ARP is a broadcast-based protocol that transforms IP addresses into MAC (Media Access Control) addresses. As ARP is subject to operating in a local area network (LAN), victim systems can’t communicate with a remote host across routers through a covert channel.
HTTP messages, TCP segments, and ICMP datagrams in no doubt can be routed to remote networks and hosts.
- TCP Covert Timing Channels: Design and Detection
- IP Covert Timing Channels: Design and Detection
- CWE-385: Covert Timing Channel
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.