Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030982 - Information regarding steganography (null cipher) detection in RSA Security Analytics for packets

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030982
Applies To	RSA Product Set: Security Analytics, NetWitness Platform: CentOS O/S Version: EL6
Tasks	This article provides general information about steganography (including null cipher) detection in both Security Analytics and NetWitness for packets.
Resolution	It is not possible to "detect" steganography so much as it is to detect statistical anomalies/outliers in the composition of the file. Steganography requires statistical analysis. By design, both Security Analytics and Netwitness (for packets) perform on-the-wire packet decoding using BPF (Berkley Packet Filtering). Security Analytics does not perform statistical analysis of this type. At the time of this writing (SA 10.5), steganography is not a feature of Security Analytics or NetWitness.
Notes	Steganography is a form of encryption. It works by replacing bits of unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with other bits of invisible information. (Typically this is done in plaintext, but may also be cipher text or images.) A null cipher is an antiquated form of encryption where plaintext is mixed with a large amount of non-cipher material. Today, it is regarded as a very simple form of steganography.

Attachments

Outcomes

0 Comments

Recommended Content