This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 26 lines
!!! Overview
[{$pagename}] is one of the [Data States] for [data] and describes data that is being transmitted.
!! [Encryption] of [{$pagename}]
[Encryption] of [{$pagename}] happens on the 3rd, 5th, 6th and 7th layer of the [OSI-Model].
Where:
* layer 3 is information system independent (at least, it should be)
* layer 5 through 7 are more depended on what mechanism is chosen in the application layer.
Important here is to know that they are different.
When applying [IPsec] for IPv4 or IPv6 in your network configuration you will encrypt the payload of every IP-packet. The header of every IP-packet is, for obvious reasons of delivery of the payload, __not__ encrypted. There are also two modus of operandi here. One is host-to-host and the other one is gateway-to-gateway. I tend to say to go for host-to-host whenever possible as the route of encryption is the longest there. IPsec secures your data against unauthorized access on the wire. But anyone that is authorized to the network can see the data (makes sense I guess).
[Transport Layer Security] ([TLS]) is probably the best known [Protocol] to encrypt [{$pagename}]. [TLS] takes residence in the presentation and application layer.
[TLS] is used in [HTTP] connections (the best known are the web-browsers), known as [HTTPS] and it is used for [FTPS]. Do not mistake this with [sFTP] which uses [Secure Shell] ([SSH]) to encrypt the data. SSH has some weaknesses prior to version 2. Secure Socket Layer [SSL] and every version of it is considered insecure, just as [TLS 1.0] and [TLS 1.1] are. Do not use those protocols anymore!
In summary, [TLS 1.2] and [SSH] version 2 are safe to use. Therefore [HTTPS], [FTPS] and [sFTP] and other protocols based on [TLS] and [SSH] are also safe to use.
There is also the phenomenon of [VPN] [Virtual Private Network] Tunneling on layer 2, 3 and 7. In general every [VPN] tunnel is insecure when additional security measures are not taken. If you do not trust the underlying network of the [VPN] tunnel (for instance, the Internet), then you will have to take security measures in the VPN tunnel itself. These measures can be protocols like [IPsec] in conjunction to Layer 2 Tunneling Protocol (L2TP) or the use of TLS and SSH.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Guidelines for building an encryption and hashing policy - part 3|http://www.teusink.eu/2015/06/guidelines-encryption-hashing-policy-part-3.html|target='_blank'] - based on data observed:2015-06-29