.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Information regarding steganography (null cipher) detection in RSA Security Analytics for packets
Tasks
This article provides general information about steganography (including null cipher) detection in both Security Analytics and NetWitness for packets.Resolution
It is not possible to "detect" steganography so much as it is to detect statistical anomalies/outliers in the composition of the file. Steganography requires statistical analysis. By design, both Security Analytics and Netwitness (for packets) perform on-the-wire packet decoding using BPF (Berkley Packet Filtering). Security Analytics does not perform statistical analysis of this type.At the time of this writing (SA 10.5), steganography is not a feature of Security Analytics or NetWitness.
Notes
Steganography is a form of encryption. It works by replacing bits of unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with other bits of invisible information. (Typically this is done in plaintext, but may also be cipher text or images.)
A null cipher is an antiquated form of encryption where plaintext is mixed with a large amount of non-cipher material. Today, it is regarded as a very simple form of steganography.
Product Details
RSA Product Set: Security Analytics, NetWitnessPlatform: CentOS
O/S Version: EL6
Summary
This article provides general information about steganography detection (including null cipher) in Netwitness and Security Analytics.
Approval Reviewer Queue
ASOC Approval Group