摘要 |
Preventing communication through covert channels in a Local Area Network (LAN) by suspending an inbound or an outbound network connection related to a network element for a predetermined period of time, then determining if any respective outbound or inbound network connection related to the same or any other network element ceases to transmit for the duration of the time period predetermined. If an outbound or inbound network connection is detected to cease transmission, then it is concluded that the suspended inbound or outbound network connection and the respective outbound or inbound network connections are connected. It is then determined whether the connected network connections use different transmission protocols and if the connected network connections are detected to use different transmission protocols, it is concluded that the connected network connections are related to a malicious covert channel and action taken to prevent the malicious covert channel from working and may include generating an alert and denying a connection corresponding to the network connection. |