Encrypting network traffic is an important security best practice. In this video, you’ll learn about protocol and port selection, transport methods, and VPN tunnels.
Whether you’re sending traffic over a wired network or a wireless network, you still need to make sure that everything being sent over that medium is protected, and one of the best ways to protect network traffic is to encrypt all of your data. Encrypting data has not always been the best practice for network traffic. And indeed, there are protocols that we use every day that send traffic in the clear across the network. You may find, on your network, that you’re using, Telnet, FTP, SMTP, or IMAP, and all of those protocols are sending information without any encryption.
One of the best ways to get a perspective of how much traffic on your network is encrypted and how much is in the clear is to capture the packets themselves. Inside the packets, you should be able to see the headers, but everything else inside of the data of that packet should be encrypted. If you’re able to see information that’s contained within the packet itself, then you’re probably using a protocol that does not encrypt this data.
If you use one of these insecure protocols and you happen to attend the DEFCON conference, you may find yourself on the wall of sheep. This is a list of everyone at the conference who is using insecure protocols. And you can see their username. You can see a portion of their password. Thankfully, they blanked out the last section. You can see IP addresses and the protocols that were in use. For example, you could see that people were running IMAP, HTTP, POP3, and other insecure protocols.
Your goal should always be to use a secure protocol that uses encryption to protect all of this data sent across the network. And if you’re not able to use one of these secure protocols, you would be better off not using that application at all. For example, if you need to perform a remote console to the device, instead of using the insecure protocol of Telnet, you should be using Secure Shell, or SSH.
For web browsing, instead of using HTTP, you should use the secure version, which is HTTPS. Your email client may be able to be configured with the insecure IMAP protocol, but it would be a much better idea to use the secure and encrypted protocol of IMAPS. And instead of transferring a file using FTP, you should use the secure version of SFTP.
Sometimes you can tell if a protocol is secure or not secure based on the port number that it’s using. Some protocols will use one port number as the insecure version and a different port number for the secure and encrypted version. For example, if you’ve captured some packets and you see traffic using port 80, that is most likely HTTP being sent in the clear. If you capture traffic and it’s using port 443, then it’s probably using HTTPS, the secure version, which automatically encrypts all of this traffic.
However, just because a particular port number is in use does not guarantee that that traffic is using an encrypted version or a secure protocol. You’ll want to check the server to see if those security settings are enabled, and you may want to perform a packet capture to confirm that everything being sent across the network is being sent in an encrypted form.
For example, you might have captured website traffic. In this example, the destination port for this website traffic is port 80, which by default would be HTTP. And if we look at the packet capture itself, we can see that the hypertext transfer protocol itself is all in the clear and easily readable in the packet capture.
With all of these differences in protocols and services, you may want to use a method of encrypting all traffic sent to the network, whether the application supports it or not. For example, if you’re using an 802.11 wireless network and the access point is configured as an open access point, this means that none of the traffic will be encrypted as it goes across the wireless network. But if you configure WPA3 or a similar encryption protocol on the access point, then all data sent over this wireless network will be encrypted.
You can also perform network-level encryption by using a VPN, or a virtual private network. This will create an encrypted tunnel between your device and the VPN concentrator. So everything sent over that network will be all encrypted. The concentrator will decrypt that information and send the non-encrypted data into the network on the other side.
Although this does provide an encrypted tunnel where all traffic sent over this link will be encrypted, it may require the installation of additional software on your device, and you may need to install your own VPN concentrator or purchase access to a third-party VPN service.