Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Covert Channels module. Data exfiltration is when an individual takes data off of your system or network without permission. This is often accomplished with malware where an individual plants a malicious piece of code on your system and that code then attempts to identify valuable information and then exfiltrate it out of your system using a covert channel.
A covert channel is a way of transmitting information using methods that were not originally intended for data transmission. You should be familiar with the term covert channel for the CISSP examination. Covert channels are generally unauthorized and hidden. And they're used to send information in a way that violates your security policy.
There are two different types of covert channels, covert timing channels and covert storage channels. In a covert timing channel a process will relay information by modulating the use of system resources based on different timing. With a covert storage channel, a process writes data to a storage location where a process of a lower clearance level is able to read it.
At the bottom, we're able to see an attacker who is sending malicious traffic through port 80. So, the firewall assumes that it is http web server traffic, and allows the malicious traffic to flow through the firewall to the web server. A covert channel attack, is where we use a channel that was not intended for communication, to transmit data.
With a covert storage attack, we have a subject at a low security level, who was able to read data at a high security level that they should not be able to access. With a covert timing attack, information is transmitted by altering a system resources performance or timing. It's a way of hiding messages and mixing it in with legitimate traffic that is traveling over the network.
And it would not be seen because it is mixed with legitimate traffic. One example is where an attacker can hide a small amount of data in packet headers for data that is already being transmitted across the network and would not look suspicious. Data leakage protection or data loss prevention, abbreviated as DLP, is a tool to prevent sensitive data from leaving an enterprise's network.
DLP content aware policies are able to scan for proprietary information or protected data. Such as personally identifiable information like social security numbers or sensitive documents. And prevent users from disseminating it outside of the corporate network. DLP products are able to track violations of this policy back to individual users and notify administrators.
And this provides accountability if there is either malicious transferring or accidental transferring of sensitive data. Office 2013 and Microsoft Exchange support data leak protection on a variety of devices. You can have two different types of data loss protection either on the individual host such as on a laptop computer to prevent users from saving protected data to external storage media. Or network-based data loss protection which actually watches traffic leaving the corporate network, and scans for any sensitive data that should not be permitted to leave. And blocks that traffic from leaving the network. You should be familiar with data leak or data loss prevention, DLP, for the CISSP examination, and know that it is a control that can be used to prevent sensitive data from leaving your network.
This concludes our covert channels module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!