Protecting Data with Transport Encryption

178
Chapter 5 
■
Protecting Security of Assets
Organizations often enable remote access solutions such as virtual private networks 
(VPNs). VPNs allow employees to access the organization’s internal network from their 
home or while traveling. VPN traffi c goes over a public network, such as the internet, so 
encryption is important. VPNs use encryption protocols such as TLS and Internet Protocol 
security (IPsec). 
IPsec is often combined with Layer 2 Tunneling Protocol (L2TP) for VPNs. L2TP trans-
mits data in cleartext, but L2TP/IPsec encrypts data and sends it over the internet using 
Tunnel mode to protect it while in transit. IPsec includes an Authentication Header (AH), 
which provides authentication and integrity, and Encapsulating Security Payload (ESP) to 
provide confi dentiality. 
It’s also appropriate to encrypt sensitive data before transmitting it on internal networks. 
IPsec and Secure Shell (SSH) are commonly used to protect data in transit on internal net-
works. SSH is a strong encryption protocol included with other protocols such as Secure 
Copy (SCP) and Secure File Transfer Protocol (SFTP). Both SCP and SFTP are secure 
protocols used to transfer encrypted fi les over a network. Protocols such as File Transfer 
Protocol (FTP) transmit data in cleartext and so are not appropriate for transmitting sensi-
tive data over a network. 
Many administrators use SSH when administering remote servers. The clear benefi t is 
that SSH encrypts all the traffi c, including the administrator’s credentials. Historically, 
many administrators used Telnet to manage remote servers. However, Telnet sends traffi c 
over a network in cleartext, which is why administrators understand it should not be used 
today. Some people suggest that using Telnet within an encrypted VPN tunnel is accept-
able, but it isn’t. Yes, the traffi c is encrypted from the client to the VPN server. However, it 
is sent as cleartext from the VPN server to the Telnet server. 
Secure Shell (SSH) is the primary protocol used by administrators to 
connect to remote servers. Although it is possible to use Telnet over an 
encrypted VPN connection, it is not recommended, and it is simpler to 
use SSH.
Determining Ownership 
Many people within an organization manage, handle, and use data, and they have different 
requirements based on their roles. Different documentation refers to these roles a little differ-
ently. Some of the terms you may see match the terminology used in some NIST documents, 
and other terms match some of the terminology used in the European Union (EU) General 
Data Protection Regulation (GDPR). When appropriate, we’ve listed the source so that you 
can dig into these terms a little deeper if desired. 
One of the most important concepts here is ensuring that personnel know who owns 
information and assets. The owners have a primary responsibility of protecting the data 
and assets. 

Determining Ownership 

Download 19,3 Mb.

Do'stlaringiz bilan baham: