Page 651 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 651
Common Architecture Flaws and Security
Issues
No security architecture is complete and totally secure. Every
computer system has weaknesses and vulnerabilities. The goal of
security models and architectures is to address as many known
weaknesses as possible. Due to this fact, corrective actions must be
taken to resolve security issues. The following sections present some of
the more common security issues that affect computer systems in
relation to vulnerabilities of security architectures. You should
understand each of the issues and how they can degrade the overall
security of your system. Some issues and flaws overlap one another
and are used in creative ways to attack systems. Although the
following discussion covers the most common flaws, the list is not
exhaustive. Attackers are very clever.
Covert Channels
A covert channel is a method that is used to pass information over a
path that is not normally used for communication. Because the path is
not normally used for communication, it may not be protected by the
system’s normal security controls. Using a covert channel provides a
means to violate, bypass, or circumvent a security policy undetected.
Covert channels are one of the important examples of vulnerabilities of
security architectures.
As you might imagine, a covert channel is the opposite of an overt
channel. An overt channel is a known, expected, authorized, designed,
monitored, and controlled method of communication.
There are two basic types of covert channels:
Covert Timing Channel A covert timing channel conveys
information by altering the performance of a system component or
modifying a resource’s timing in a predictable manner. Using a covert
timing channel is generally a method to secretly transfer data and is
very difficult to detect.
