Transfer of data via handshake

Transfer of data via handshake
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Transfer of data via handshake IanMayo 07-20-2006
Posted by on July 20, 2006, 3:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all, need an "experts-eye" on a situation at work.

I work in an environment whereby machines are approved to store
information at varying levels of classification.

To investigate a potential security problem, the hard disk of a machine
at security level "2" was connected directly to a machine at security
level "3" in order to establish if information at level "3" had
inadvertently been stored on that machine. Windows search was used to
establish all files modified since the date of the suspected transfer,
and this indicated that no files had been transferred.

Our security advisors now say that since the disk at level "2" had been
connected to a machine at level "3", it must be now be treated as level
"3", since:

"electronic handshaking will have taken place so they can talk to each
other and that data concerning those handshakes may contain blocks of
data at level 3"

I don't really believe this. Yes, I understand handshaking may happen,
but question whether user-data gets passed in the process, and also
question whether this information is written to the disk platter
itself.

I'd really appreciate anybody's opinion on whether the above transfer
mechanism actually exists.

Cheers,
Ian Mayo


Posted by Volker Birk on July 20, 2006, 4:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
IanMayo@gmail.com wrote:
> To investigate a potential security problem, the hard disk of a machine
> at security level "2" was connected directly to a machine at security
> level "3" in order to establish if information at level "3" had
> inadvertently been stored on that machine. Windows search was used to
> establish all files modified since the date of the suspected transfer,
> and this indicated that no files had been transferred.
> Our security advisors now say that since the disk at level "2" had been
> connected to a machine at level "3", it must be now be treated as level
> "3"

If I understand your level concept correctly, then your security
advisors are right.

I don't know, what this "handshaking" means, but I do know, what
"compromizing" means.

Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

        Ralph Angenendt in debate@ccc.de

Posted by Flash Gordon on July 20, 2006, 5:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options
IanMayo@gmail.com wrote:
> Hi all, need an "experts-eye" on a situation at work.
>
> I work in an environment whereby machines are approved to store
> information at varying levels of classification.
>
> To investigate a potential security problem, the hard disk of a machine
> at security level "2" was connected directly to a machine at security
> level "3" in order to establish if information at level "3" had
> inadvertently been stored on that machine. Windows search was used to
> establish all files modified since the date of the suspected transfer,
> and this indicated that no files had been transferred.

What if a file had been transferred and then deleted, in which case
Windows search would not find it but the data could still be on the
disk? I would also be concerned if I was the security officer that you
suspected there was a route where by such a transfer could have occurred.

> Our security advisors now say that since the disk at level "2" had been
> connected to a machine at level "3", it must be now be treated as level
> "3", since:
>
> "electronic handshaking will have taken place so they can talk to each
> other and that data concerning those handshakes may contain blocks of
> data at level 3"
>
> I don't really believe this. Yes, I understand handshaking may happen,
> but question whether user-data gets passed in the process, and also
> question whether this information is written to the disk platter
> itself.
>
> I'd really appreciate anybody's opinion on whether the above transfer
> mechanism actually exists.

Can you prove that it did not? Depending on the level of security you
are trying to achieve (and any external security standard you have to
meet) the rules could easily err on the side of precaution. I've
certainly come across such rules.
--
Flash Gordon, living in interesting times.
Web site - http://home.flash-gordon.me.uk/
comp.lang.c posting guidelines and intro:
http://clc-wiki.net/wiki/Intro_to_clc

Similar ThreadsPosted
Organizations lose Confidential&Intellectual property through unauthorized data transfer May 10, 2007, 4:47 pm
Secure file transfer December 16, 2007, 3:34 pm
Data Recovery November 28, 2004, 12:06 pm
data security July 19, 2005, 2:39 pm
CPU that will not execute data? September 21, 2005, 12:10 pm
Securing tcp data November 10, 2005, 2:51 pm
Serious level HDD data protection May 11, 2004, 2:40 am
Another computer with VA data has gone missing August 10, 2006, 11:37 am
capturing data from Telnet possible? November 29, 2007, 12:00 pm
Alternate Data Streams Question August 6, 2004, 1:16 pm

The site map in XML format XML site map

Contact Us | Privacy Policy