To Crypt or Not to Crypt

If you're not careful, you can be sniffed almost anywhere

12:25 PM -- These days, there are potential places to sniff traffic literally everywhere. On your desktop there are browser and network shims, used by security software and tools like Google desktop, that watch traffic in transit. Switches and hubs can be monitored. Wireless access points do MAC address filtering and logging. Firewalls are essentially computers that can log. Proxy servers do content filtering and logging, too.

You can't turn your back for a moment without finding some other system or software logging your data. So why is it that companies still use insecure protocols? Just this week, a client asked me if I could open up FTP access for them. Absolutely not!

FTP is vulnerable to man in the middle attacks, because there is no cryptography used in the communication between the client and the host. Some users also employ HTTP instead of HTTPS for transactions that should be secure. Is this a smart choice?

Studies have shown that 70 percent of all hacks come from the inside. That means that 70 percent of your attacks will come from people who already have access to many of the systems you are attempting to protect. These individuals also have physical access to machines, which means potential tampering and local subnet access to sniff connections.

Man in the middle attacks may not be a big problem on the Internet at large, but within the corporation, on the wireless net, or in a hotel, this type of attack is a very real threat. Use VPNs when you're remote, and secure protocols whenever sensitive information is involved.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F* Special to Dark Reading.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5