Today, an array of expensive and complex systems exists to secure data from intruders within the enterprise wall. However, once traveling over a network or wireless line, data flows are largely unsecured. Open to interception along the network, data sits at the foot of potential intruders. With present
hacking and tapping technologies now as advanced and as cheap as ever, it takes but one intrusion into a network line to expose an enterprise’s data to theft and corruption.
At the same time, wireless data transmission and wireless networking are today’s hot technologies —capable of broadcasting information to anyone with a receiver. Corporate data travels across leased and dedicated lines that offer no protection from point A to point B. While technologies like firewalls and virtual private networks (VPNs) offer a measure of protection, present intrusion capabilities suggest that really no network line is truly secure without the ability to encrypt data moving across the line.
Like all other business decisions, network security is a matter of evaluating the risk versus the costs involved with mitigating that risk. But without a hard look at the misperceptions many security and network managers have about networked data, calculating the risk of unsecured network data is not so easy. What’s more, most encryption systems available today are high-cost, difficult to install, and result in significant network line speed losses, making the cost of fixing the issues equally complex. Consider these three misperceptions:
1. “”Our leased lines are safe–only we have access to them.””
Lines can be tapped —even fiber optic lines — using means that are not detectable to the receiver. Once only available to well-funded intelligence organizations, these systems are now available to the average hacker for less than $1,000.
2. “”Our virtual private networks (VPNs) are secure.””
No network is truly secure if data is interpretable to anyone who manages to intercept it. While providing logical traffic separation techniques and ensuring quality of service, VPNs provide no protection for the data once it is actually in transit. Truly private networks require the use of data encryption, such as the IPSec protocol, to make data useless to those not in possession of the proper key for decoding.
3. “”Our system has a firewall — we’re already protected.””
Excellent for their purpose — keeping unauthorized users and hackers out of a secure intranet — firewalls do nothing for protecting data once it has passed through the firewall on its way to a customer, supplier or other trusted network. Most firewalls today offer an encryption option but this option severally reducing the overall performance of the firewall itself. A better strategy than turning encryption on in the firewall is to supplement an existing firewall with a gigabit-capable encryption device. The encryption
