The Importance of Encryption Over Public Networks
Computers & Technology → Networking
- Author Aaron Guhl
- Published September 10, 2008
- Word count 608
Public Wi-Fi networks are everywhere today. The nearest hot-spot in your city is probably only a block away. With so many employees on the road and working out of the office today, IT departments are finding the need to provide external access to network resources. The need to stay productive while out of the office is crucial.
Anytime an end-user is accessing corporate data on a public network, security is a big concern. You never know when your confidential data may be compromised. If your company provides access to data from outside of the corporate environment, you must make sure that you take the necessary steps to ensure that data is secure.
When on a public network, any data that is sent to and from an end-user’s laptop is generally visible to anyone else that is on that same public Wi-Fi network. What this means is that those traffic streams are open to what is called a man-in-the-middle attack. A man-in-the-middle attack utilizes a natural security flaw in the Address Resolution Protocol (ARP). The flaw allows an attacker to secretly respond to an ARP request of a computer initiating a connection with another node. The attacker then makes private independent connections with the two nodes. Once this is done then all traffic is relayed through the attacker’s computer and the end-user will be unaware that this has occurred. If this attack is done between a laptop and an internet gateway, then that attack is able to sniff every packet that the end-user sends out to the internet, including confidential corporate data.
So how do you protect your private data from attacks like these? Encryption is one of your biggest defenses. However you decide to provide access to network resources to employees on the road, whether it be via a VPN or a web portal, encryption is a must. If your company uses VPN software to provide access to the network from outside it, then once the VPN tunnel is negotiated all traffic that is passed between the laptop and the corporate network is encrypted. This means that even if the attacker were to sniff out those packets sent, they will be encrypted and the attacker will find it nearly impossible to gain access to that data without knowing the key used to encrypt it.
If your company uses a secure web portal to provide access to network resources, then there are a few things that should be known. First off, most web portals that are secured using the HTTPS protocol use certificates to authenticate the encryption process. If the attacker is using the right tools, he or she can send a spoof certificate to the end-user. If the end-user accepts this certificate, then they will be opening secure communications with the attacker. The attacker then sends the real certificate request on to the corporate web server and opens secure communication with the web server. Once this is done, then the attacker is able to see all traffic that the end-user sends before it is encrypted and sent on to the corporate web server. To prevent this, it is important that you use certificates that are generated from trusted sources such as Verisign or Geotrust. Then if the end-user receives a certificate that is from an untrusted source, the end-user will be alerted to this.
It goes without saying that any end-user that is going to be accessing corporate data from outside the internal network should be trained on basic security. With the proper security infrastructure in place and users trained, then the IT staff should be able to rest easy knowing that corporate data is safe.
Aaron Guhl is an IT professional that specializes in security. He frequently writes on his blog regarding security issues to help IT professionals get a better understanding of security in their networks. Visit his website at: Security Enabled Network
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Optimize Your Website for the Better Sight
- How To Develop & Implement A Network Security Plan
- Mastering VoIP: Overcoming Common Communication Challenges
- What Concerns Do Enterprises Have When Choosing Network Monitoring Software?
- Spectrum Router Red Light: Troubleshooting Guide and Solutions
- Web Development Made Easy: Why Outsourcing is the Smart Choice
- INTERNET OF THINGS
- Enhancing Business Communication with 3CX: A Powerful Unified Communications Solution
- How to Fix "No Signal, Please Check Your Antenna Connection" Error
- AN INTRODUCTION TO INTERNET MARKETING
- Passwordless is the New Cyber Security, Emir Ceric’s Meveto Transform Verification, Logging In and Remote Sign Out
- The Ultimate Guide to Master YouTube and Monetization
- Preventing data theft in an enterprise environment
- The Art Of Cold Calling [Mastery In Seven Simple Steps]
- Quantum Computing and the future of IT Security
- 5G TECHNOLOGY AND IOT: HOW DO THESE TRENDS RELATE?
- SkyVPN Launches New Gaming Servers with Dedicated Servers for PUBG
- Smm reseller panel
- Steps to Transfer Files Using Kindle Desktop Application
- Save time on your FTP updates with FTPGetter Professional
- Add a file hosting and sharing service to your site with YetiShare
- MCS Multicast Switch for Next Generation ROADM
- Business Networking Tips for Beginners
- Using Virtual Serial Ports in Proteus
- Network Security Checklist for All Types of Businesses
- Create Your Own File-Hosting Website with YetiShare
- Cat5 cable vs Cat6 Cables: What are the Contrast?
- Automate FTP Downloads and Uploads with FTPGetter Professional
- On Demand Freelance Marketplace For Field Engineers
- Cisco Network Infrastructure Services in San Francisco