Physical Sciences and Mathematics Commons^™

Effective Security By Obscurity, John Christian Smith

John Christian Smith

"Security by obscurity" is a bromide which is frequently applied to undermine the perceived value of a certain class of techniques in security. This usage initially stemmed from applications and experience in the areas of cryptographic theory, and the open vs. closed source debate. Through the perceived absence of true security, the field of security by obscurity has not coalesced into a viable or recognizable approach for security practitioners. Consequently, this has resulted in these techniques going under-used and under-appreciated by defenders, while they continue to provide value to attackers, which creates an unfortunate information asymmetry. Exploring effective methods for …

Ipv6 Security Basics, John Christian Smith

John Christian Smith

Overview of security considerations in adopting IPv6

Covert Shells, John Christian Smith

John Christian Smith

The potential for covert communications exist anywhere that legitimate communication channels are in use. In order to maintain control of the channel once exploited, the insertion of a backdoor Trojan horse server, to be used with a client that provides shell access, is often a necessary prerequisite to establishing and using a covert channel long term.

We discuss covert channel communications methods ranging from embedded channels to disguised protocols. What follows is a review of available covert shell tools. The underground, historical evolution of covert shells is reviewed, focusing on selected, available tools, which range from simple encapsulation methods to …