Network Data Encryption -- The Last Step in Security
What Are Computer Networks?
data networks carry data between two or more computers, typically
between a client and a server. In both the Microsoft and Internet models
this means that data, files, printers and other resources can be used
by multiple machines.
Data is Sent "In the Clear"
Data hauled without encryption is said to be transmitted "In The
Clear." Most home and business networks use a local area network
standard known as Ethernet.
There are a number of different Ethernet standards in place today, some
of which even provide wireless (or radio) connectivity. The Ethernet
and Internet standards were not initially designed with encryption in
mind, so almost all local networks are carrying data without it being
What Does Network Data Encryption Provide?
Data can be encrypted a number of ways, and that encryption can use
varying technologies. Individual files, archives of files, and even
hard disks can be encrypted. These are typically done on the local
machine and protect data from local user access. However, once
decrypted files and disks can be accessed by anyone with access to the
Network encryption is designed to encrypt all of the data passing over
a network. This means that just before data is transmitted over the
Ethernet connection it is encrypted in a fashion so that the intended
recipient machine(s) can decrypt the data. Communications back and
forth between the client and the server are therefore secure as the
pass over the network.
VPNs and Encryption
Encrypting data while it transmits over the network is a good idea.
Virtual Private Networks
(VPNs) were some of the first non-military networks to use
encryption. Their data passes over public networks and is subject to
possible intercept. Using encryption for these types of networks is
considered mandatory for any personal or business data.
A False Sense of Security
Most businesses not only don't need encryption on their local network,
but doing so is akin to holding up a stone to try and stop the flow of
water in a river.
- Network encryption products only encrypt data while it is in
transit on the network. A compromised computer still has access to
all of the data it had access to before encryption was implemented.
- The most common security compromise is created by Malware loaded
onto the machine by the user (usually inadvertently). The compromised
computer has access to network resources, even with encryption.
- An external hacker is going to go after known vulnerabilities in
existing services. Once one of those services has been compromised,
so has the server, and so has a portion of your network. Step by step
your entire network will be compromised -- with or without network
- Due to interoperability problems with numerous products, it may be
impossible to completely secure your network.
The Real Rules for Network Security
Mainstream Security Services has long advised companies to pay
attention to the basics. Computer security is based upon good:
- People -- Training
- Processes -- Policies and Procedures
- Technology -- Full in-band monitoring firewalls, IDS, DMZs
Find a company that is in the business, and has been for many years, to help
implement a comprehensive security system.