Overview#Data In Transit is one of the Data States for data and describes data that is being transmitted.
Encryption of Data In Transit#Encryption of Data In Transit happens on the 3rd, 5th, 6th and 7th layer of the OSI-Model.
- layer 3 is information system independent (at least, it should be)
- layer 5 through 7 are more depended on what mechanism is chosen in the application layer.
When applying IPsec for IPv4 or IPv6 in your network configuration you will encrypt the payload of every IP-packet. The header of every IP-packet is, for obvious reasons of delivery of the payload, not encrypted. There are also two modus of operandi here. One is host-to-host and the other one is gateway-to-gateway. I tend to say to go for host-to-host whenever possible as the route of encryption is the longest there. IPsec secures your data against unauthorized access on the wire. But anyone that is authorized to the network can see the data (makes sense I guess).
TLS is used in HTTP connections (the best known are the web-browsers), known as HTTPS and it is used for FTPS. Do not mistake this with sFTP which uses Secure Shell (SSH) to encrypt the data. SSH has some weaknesses prior to version 2. Secure Socket Layer SSL and every version of it is considered insecure, just as TLS 1.0 and TLS 1.1 are. Do not use those protocols anymore!
There is also the phenomenon of VPN Virtual Private Network Tunneling on layer 2, 3 and 7. In general every VPN tunnel is insecure when additional security measures are not taken. If you do not trust the underlying network of the VPN tunnel (for instance, the Internet), then you will have to take security measures in the VPN tunnel itself. These measures can be protocols like IPsec in conjunction to Layer 2 Tunneling Protocol (L2TP) or the use of TLS and SSH.
More Information#There might be more information for this subject on one of the following:
- Data Classification
- Data In Process
- Data Loss Prevention
- Data State
- Data anonymization
- Google Cloud Security
- Google Cloud Storage
- Identify and Authenticate access to system components
- Information security
- Key Encrypting Key
- OAuth 2.0 Audience Information
- OAuth 2.0 Bearer Token Usage
- OAuth 2.0 Proof-of-Possession (PoP) Security Architecture
- RCS Chat
- Secure connection
- Security Token
- Virtual Private Cloud
- Web Blog_blogentry_011115_1
- [#1] - Guidelines for building an encryption and hashing policy - part 3 - based on data observed:2015-06-29