312-50V10 · Question #646
Which definition among those given below best describes a covert channel?
The correct answer is B. Making use of a protocol in a way it is not intended to be used.. A covert channel is a communication mechanism that transfers information in ways not intended by the system's designers, typically by abusing legitimate protocols to bypass security controls.
Question
Which definition among those given below best describes a covert channel?
Options
- AA server program using a port that is not well known.
- BMaking use of a protocol in a way it is not intended to be used.
- CIt is the multiplexing taking place on a communication link.
- DIt is one of the weak channels used by WEP which makes it insecure.
How the community answered
(50 responses)- A2% (1)
- B92% (46)
- C2% (1)
- D4% (2)
Why each option
A covert channel is a communication mechanism that transfers information in ways not intended by the system's designers, typically by abusing legitimate protocols to bypass security controls.
A server using a non-standard or unknown port is simply an uncommon service configuration and does not involve misusing a protocol's intended function to covertly transfer information.
A covert channel is technically defined as using a protocol or communication mechanism in an unintended manner to secretly transfer information, such as encoding data inside ICMP echo requests or DNS queries to exfiltrate data past firewalls. This misuse of legitimate protocols violates the security policy of the system without using any officially sanctioned communication path.
Multiplexing is a standard, intentional technique for sharing bandwidth across multiple signals on a communication link and has no relation to covert information transfer.
WEP's insecurity is caused by weak initialization vectors and flawed RC4 key scheduling, not by any concept related to covert channels.
Concept tested: Covert channel definition and protocol misuse
Source: https://csrc.nist.gov/glossary/term/covert_channel
Topics
Community Discussion
No community discussion yet for this question.