The traffic we send across the network is subject to viewing by anyone along the way. In this video, you’ll learn about which protocols and services should be used to ensure a secure communications channel.
<< Previous: Disabling Unneeded ServicesNext: Access Lists >>
If you spend any time looking at packets going across the network, then you know there is an amazing amount of information inside of them. Sometimes there’s more information inside of them than we even realize. There might be some personal or private information that goes across the network. And that’s certainly something we need to be aware of when we’re communicating on an unsecured network.
It’s very easy to pull this from the network, and even easier if it is a wireless network. It’s so easy to pull those packets right out of the air. If you’re at a coffee shop, you’d be amazed at how much information is floating around in the air from everyone in that coffee shop who’s using their mobile devices.
That’s why we always recommend that you use encrypted protocols, you use a virtual private networking tunnel, and do everything you can to encrypt all of that data so that if someone was to look at these packets, they wouldn’t be able to understand anything that was going by.
Let me give you an example of how you might do this with something like web browsing. Here’s a protocol decode that contains information going from a client device to a web server. And it seems to be posting information from a form.
You can see that the summary up top shows this postcommand/general/status.html. And if we look into the detail of this particular decode, you can see that there is a form item B531. And the name is “super secret.” We could easily pull that information right out of the posting that’s being done to the web server simply by looking at the traffic going across the network.
If we didn’t want somebody to see this information that we were sending, even though it was super secret, we could simply use a protocol like TLS. This is the SSL-type protocol that you would commonly see when you’re using a browser and it has the little encrypted lock at the top of the screen.
Everything going back and forth then has just application data inside of it. The protocol decoder can’t see anything else. If we look at the detail, you’ll even see that we can’t even tell anything about the application data. And if we even examine it, we can see it’s just a bunch of numbers and letters. It’s all a bunch of hexadecimals shown on the screen. There’s nothing there that would give us any detail about what might be inside of this traffic flow.
You can see how easy it is to get information right off the network in plain text. So we always need to be aware of the protocols that we’re using over the network. And we want to be sure we’re using the ones that are secure.
Let’s look at SSH. SSH stands for Secure Shell. If you’re someone who is doing a lot of console connections to infrastructure devices or to Linux devices or anything that needs that console terminal screen, you’ll want to use SSH instead of using Telnet. Telnet would be in-the-clear. SSH would be an encrypted communication.
SFTP is a very similar scenario, where you’re using SFTP, which is a secure file transfer protocol, instead of FTP, which is an in-the-clear or an unsecure file transfer protocol. And interestingly enough, SFTP is simply using SSH to provide the encryption for that file transfer.
If you’re someone who is working a lot with network management, then you’re probably using SNMP, which is the Simple Network Management Protocol. There are a number of different versions of SNMP. But only SNMP Version 3 provides the encryption and protection of that information going between you and those remote infrastructure devices.
We’ve mentioned, also, earlier the web communication, which is SSL or TLS– Transport Layer Security. You may hear this referred to as its legacy name of Secure Sockets Layer. If you’re doing web traffic, instead of looking at it in-the-clear, why not use HTTPS, which is going to provide that extra encryption right on top?
And if you really want security over connections, perhaps between different locations, you can send everything through an IPsec tunnel. This stands for Internet Protocol security. And it effectively takes all of the information going from point A to point B and sends it through a virtual private network in this encrypted form.
These protocols would be a very good starting point. But you always want to check to be sure the applications that you’re using are not sending anything out over the network that might be in-the-clear.