Q

Network tap vulnerabilities: Network traffic security over the Internet

Is there any viable way to mitigate the risks of a potential wide-area network tap and ensure network traffic security over the Internet?

It's been reported that government agencies have allegedly placed network taps between data centers in order to siphon traffic for intelligence or espionage. What's the best way to ensure that our unencrypted traffic hasn't been affected while traversing the Internet, or -- worse yet -- that encrypted traffic has been decrypted?

Ask the expert

Perplexed about network security? Send your network security-related questions today! (All questions are anonymous)

If it is the physical link that is being tapped, ensuring that unencrypted data is not affected is not really feasible. If someone taps in to the physical medium with which the communication is taking place, you should consider yourself "digitally naked." An apt analogy would be if you were to have what you believed to be a private conversation with someone in the confines of your bedroom and unbeknownst to you a complete stranger is hiding in the closet, listening to every word.

For the second part of your question, determining whether your encrypted communication has been decrypted is not really feasible either. Once you've sent encrypted packets outside of your network, you don't have any control over what happens to them. When it comes to encryption security, you're actually banking that your encryption mechanism has not been compromised, hence all the uproar over the recent allegations that a certain government agency has sought to weaken encryption standards.

So, to answer your question, there isn't a way to determine if your traffic has been affected if someone has physically tapped the communication medium, which is why encryption is so important. Unfortunately, given the state of information security and the geopolitical landscape, enterprises must assume that any unencrypted data sent over the Internet will be widely visible, so data with any level of sensitivity should be encrypted, ideally in motion and at rest.

This was first published in February 2014

Dig deeper on Monitoring Network Traffic and Network Forensics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close