Transport Encryption – CompTIA Security+ SY0-401: 6.1

| September 21, 2014


Encrypting files is important, but our network communication also requires additional privacy. In this video, you’ll learn about the cryptographic techniques used to secure our network connections.

<< Previous Video: Block vs. Stream CiphersNext: Non-Repudiation >>


We are sending a lot of personal and a lot of very private information across the network. Sometimes we’re sending credit card numbers, we’re sending health care information. We’re sending things we don’t want other people to be able to see. So we of course, have put some cryptography into our network communication, into that transport stream so that we’re able to make sure nothing going across the network is able to be seen by someone else. This can be seen in website commerce, credit cards, even emails that you may send back and forth.

There are plenty of places where we want to keep our private data very, very private. And to be able to do that, we need to use some of these cryptographic methods that we’ve mentioned already, and some that we’re going to show you in other videos as well. These are using complex mathematics along with some very interesting techniques in being able to send information back and forth. And that’s the real challenge– how do you send network information, sending crypted data, send keys and other information, without somebody being able to see that as it’s going by?

Capture that data, and some way be able to decrypt that information. One very common way of seeing this transport encryption in use is when we’re using a VPN, a virtual private network. This is one where you might have a laptop. You are away from the office. You’re in a coffee shop, you’re at your home office. But you still need to communicate with the resources that are back in your headquarters building, but you don’t want other people to be able to see this information you’re sending back and forth.

So you pop up some software on your desktop that creates an encrypted tunnel back to a VPN concentrator at your home office. So everything between your laptop and this concentrator is now in this private, encrypted tunnel, this virtual private network. This transport communication goes back to the concentrator. The concentrator decrypts that information and hands it off to the internal network so that all of the other resources internally will be able to understand what you’re sending.

And if they’re sending information back, then the concentrator’s going to encrypt that information, send it through that encrypted tunnel. When it appears on your side, the software that you started is going to decrypt that information so that your workstation will be able to use it. Another common transport encryption method is the one that we use with our browsers, talking to web servers. We have both of those technologies able to perform encryption between each other. So let’s look at an example of that.

Here’s Facebook, obviously. I’m in Chrome. So I’m just at facebook.com. And if I click my globe, it even tells me that the connection to facebook.com is not encrypted. And I would like to show the difference between an encrypted method and a not encrypted method. This is a in the clear, non-encrypted method communication to Facebook. And what I want to do is start to capture with my Wireshark here. I’ve already set up an IP address filter here for the Facebook server that we’re communicating with.

And I’m going to have it start this. All of these parameters look good. Let’s just start a communication back and forth. We’ll have that data go back and forth to that particular IP address. Now let’s start up and just refresh this Facebook page so that some traffic can go over our network. And I’ll stop this capture. And let’s go all the way back up to the top and just look at the very first parts of this particular Comp communication.

There is some TCP communication starting up. And then we finally have some HTTP data going back and forth. And I want to be able, for instance, to see what is being sent. For instance, here is the HTTP data right here in the clear. You could even see the type of host I’m going to. You can see the user agent I’m using. It is Chrome. In fact, tells me right there. Tells the type of decoding and decrypting that I can do.

I can see cookie information inside of this. This is all completely in the clear. This is not what you would want to do if you were at a coffee shop. Let’s do exactly the same thing now, but let’s do it with HTTPS, or the encrypted form of HTTP. Let’s start up a new capture file. And let’s go back to Facebook. But at the beginning, right here of this Facebook page, https://facebook.com, and have it load the page. Now, it’s loaded the same page that’s here.

You can even see when we start looking at this that this identity has been verified, the encryption is in place with 128 bits. This was encrypted data. So what does it look like now on the website? Let’s have a look at the data that we sent back and forth. I’ll stop this capture. If we flip back and look at our packet capture then, of this encrypted data, I’ve saved us some time and added a new filter here for the IP address of the encrypted server at Facebook. And if we drill down into just one of the packets, you can see that all of the information inside the packet is all scrambled up.

There’s no words in there, there’s no cookie in there that I can read. I don’t know what browser someone might be using. In fact, I know nothing about this communication going back and forth other than it’s HTTP type data. It’s data that is all encrypted. So I can feel pretty sure by using these transport encryption mechanisms that if I encrypt some data on this end and I send it to the other side, I feel pretty good that nobody’s going to be able to tap into that connection and see what’s going on between our two stations.

Tags: , , , , , ,

Category: CompTIA Security+ SY0-401

Comments are closed.

X