It's been reported that government agencies have allegedly placed network taps between data centers in order to siphon traffic for intelligence or espionage. What's the best way to ensure that our unencrypted traffic hasn't been affected while traversing the Internet, or -- worse yet -- that encrypted traffic has been decrypted?
Ask the expert
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous)
If it is the physical link that is being tapped, ensuring that unencrypted data is not affected is not really feasible. If someone taps in to the physical medium with which the communication is taking place, you should consider yourself "digitally naked." An apt analogy would be if you were to have what you believed to be a private conversation with someone in the confines of your bedroom and unbeknownst to you a complete stranger is hiding in the closet, listening to every word.
For the second part of your question, determining whether your encrypted communication has been decrypted is not really feasible either. Once you've sent encrypted packets outside of your network, you don't have any control over what happens to them. When it comes to encryption security, you're actually banking that your encryption mechanism has not been compromised, hence all the uproar over the recent allegations that a certain government agency has sought to weaken encryption standards.
So, to answer your question, there isn't a way to determine if your traffic has been affected if someone has physically tapped the communication medium, which is why encryption is so important. Unfortunately, given the state of information security and the geopolitical landscape, enterprises must assume that any unencrypted data sent over the Internet will be widely visible, so data with any level of sensitivity should be encrypted, ideally in motion and at rest.
This was first published in February 2014