Encryption has long been established as the safest method of protecting data transfers and communication on the Internet. Over half of the Internet is now encrypted according to Mozilla. This means that when you go to a website, your data footprint will be encrypted more often than not. This landmark is a testament to the rapid adoption of encryption techniques implemented around the world. For many networks, this proportion is expected to exceed 80%.
The impressive state of global encryption should be no surprise, considering the growing cyber threat to public and private organisations alike. Protecting content is now viewed as a top priority, whether that’s using protocols like SSL (Secure Sockets Layer) and TLS (Transport Layer Security) to secure communications between web servers and browsers, or using VPNs (Virtual Private Networks), proxy applications and data compression approaches.
But, encryption shouldn’t be seen as the ‘be all and end all’ of online privacy and cyber security because, as we’ll see, encryption on its own is not enough to guarantee complete protection.
Encryption is no excuse for complacency
No matter how sound your approach to data encryption is, attackers are adept at identifying potential vulnerabilities that will let them in – typically they will target end point weaknesses, ‘back doors’, weak keys and key databases.
It can help to think of encryption as a lock on an armoured vehicle. The stronger the encryption, the tougher it is to break the lock using ‘brute force’. So, using an encryption standard like AES (Advanced Encryption Standard) which features a maximum key size of 256 bits would potentially take a hacker several billion years to break the encryption code. But, once the armoured vehicle pulls up at a bank and the driver opens the door, this equates to data at rest – and that’s when today’s cyber criminals will strike.
End-to-end encryption inhibits other security measures
One strategy used to address this risk is end-to-end encryption – encrypting data at rest and keeping it encrypted in transit until it reaches the final destination, where decryption will occur. The problem is, however, that this mechanism has an associated drawback – lessening the effectiveness of security products like full-packet capture tools, which rely on payload visibility.
The fact is that encryption acts as a shield that can also conceal the indicators of compromise that are used to identify and track malicious activity. Take, for example, peer-to-peer file sharing applications such as BitTorrent which, over the years, have added additional layers of encryption that make it easier to bypass corporate firewalls.
Such programmes not only open companies up to liability concerns associated with pirating movies and other digital content, they are also notorious for transporting malware – and software and games are especially dangerous, since these contain executable files. Should these malware programmes then become encrypted, they will be significantly more difficult to detect until it’s too late.
Take a comprehensive security stance
Just to be clear, encrypting sensitive data is still an important part of online privacy and security, but complete protection depends on adopting a multi-faceted approach. That means utilising antivirus, firewall and encryption solutions alongside other top line encryption management and security tools.
Ideally, your ‘belt and braces’ security strategy should also include:
- Gathering headers and other unencrypted metadata so that security teams can analyse encrypted traffic more effectively
- Running IP traffic flow software to monitor web traffic patterns to ensure HTTPS requests aren’t coming from, or directed towards, suspicious locations
- Search the entire port spectrum for encrypted traffic – research indicates that malware is likely to initiate communications over a wide variety of ports
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.