In recent years, encryption has become an established best practice method for securing communications and data transfers on the internet.
Indeed, according to broadband provider Sandvine, the rapid adoption of encryption techniques means that by the end of 2016, 70% of all global internet traffic will be encrypted.
This impressive utilisation of encryption technologies should be no surprise, considering that escalating cyber crime poses a growing threat to public and private organisations alike.
Protecting content is now viewed as a mission-critical priority, whether that’s using protocols like SSL (secure sockets layer) and TLS (transport layer security) to secure communications between web servers and browsers, or VPNs (virtual private networks), proxy applications and data compression approaches.
But, encryption shouldn’t be seen as the ‘holy grail’ of online privacy and cyber security because, as we’ll see, encryption on its own is not enough to guarantee complete protection.
Don’t let encryption lull you into a false sense of security
No matter how sound your approach to data encryption is, attackers are adept at identifying potential vulnerabilities that will let them in – typically they will target end point weaknesses, ‘back doors’, weak keys and key databases.
>See also: Enterprise security in the connected devices age
It can help to think of encryption as a lock on an armoured vehicle.
The stronger the encryption, the tougher it is to break the lock using ‘brute force’. So, using an encryption standard like AES (advanced encryption standard), which features a maximum key size of 256 bits would potentially take a hacker several billion years to break the encryption code.
But, once the armoured vehicle pulls up at a bank and the driver opens the door – this equates to data at rest – that’s the moment when the criminals will strike.
End-to-end encryption limits visibility
One strategy used to address this risk is end-to-end encryption – encrypting data at rest and keeping it encrypted in transit until it reaches the final destination, where decryption will occur.
The problem is, however, that this mechanism has an associated drawback – lessening the effectiveness of security products like full-packet capture tools, which rely on payload visibility.
The fact is that encryption acts as a shield that can also conceal the indicators of compromise that are used to identify and track malicious activity.
>See also: The virtualised network: the backbone for future businesses
Take, for example, peer-to-peer file sharing applications such as BitTorrent which, over the years, have added additional layers of encryption that make it easier to bypass corporate firewalls.
Such programmes not only open companies up to liability concerns associated with pirating movies and other digital content, they are also notorious for transporting malware.
Software and games are especially dangerous, since these contain executable files. Should these malware programmes then become encrypted, they will be significantly more difficult to detect, until it’s too late.
Implement an advanced security strategy
Just to be clear, encrypting sensitive data is still an important part of online privacy and security, but complete protection depends on adopting a multi-faceted approach.
That means utilising antivirus, firewall and encryption solutions alongside other top line encryption management and security tools.
Ideally, your ‘belt and braces’ security strategy should also include:
- Gathering headers and other unencrypted metadata, so that security teams can analyse encrypted traffic more effectively.
- Running IP traffic flow software to monitor web traffic patterns, to ensure HTTPS requests aren’t coming from, or directed towards, suspicious locations.
- Search the entire port spectrum for encrypted traffic – research indicates that malware is likely to initiate communications over a wide variety of ports.
Sourced by Jason Howells, EMEA director, MSP solutions at Barracuda Networks
