Book Review: Silence on the Wire
In today's column, we're going to take a look at a fascinating book entitled "Silence on the Wire: a Field Guide to Passive Reconnaissance and Indirect Attacks" by Michal Zalewski and published this year by No Starch Press. This book takes a very unusual approach in explaining the nature of a type of threat that most of us would probably never have normally considered; that is -- how much information can be gleaned about our systems, our businesses and ourselves by a very patient individual who is doing little more than paying attention to subtle "leaks" of information that can be extracted from everyday system communications.
To warm you up to this idea, let's consider a possible analogy from everyday life. Passive reconnaissance in your hometown might involve what you can learn about a particular neighbor by watching the cars that stop by his house, noticing how long they stay and whether the same cars return or every car that stops appears to stop by only once.
Passive reconnaissance involves collecting information about a particular target without the target knowing and without anything being disrupted (or detected) in the process. Indirect attacks are a bit less passive. In these, the attacker takes some action to facilitate data collection, such as probing the system in some way which makes it likely that it will share more than it would ordinarily.
The book's approach to describing why these attack methods are possible and how they work starts with in-depth descriptions of systems, software and networking technology and then goes on to explain why each of these system or network components might allow someone to collect information that was not intended to be shared.
In early chapters, for example, we read about keyboard circuitry. We begin to see how the timing of key presses might be useful in inferring the text being typed. We also learn how the numeric basis of public key encryption depends on a particular system's ability to obtain unpredictable data from hardware or the "environment" (some activity on the system that cannot be predicted) and how the critical randomness of that data can be reduced if the entropy pool is run dry. We consider how some software packages may surreptitiously slip identifying information about the user of the package into documents that he creates.
In later chapters, we read that the padding on certain packets might contain chunks of data pulled from memory -- perhaps data of a sensitive nature that is being used or has been left in memory by some other process. We consider how the LEDs on many pieces of network equipment might reveal the information being transmitted.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
