Partner of:
When I was younger in elementary school, my best friend and I used to pass notes back and forth. We would pass a note secretly 90% of the time, but that 10% the teacher got ahold of our message, it would then be broadcasted to the whole class. Not exactly ideal for the super-secret nature of an elementary kid spy note. However, we eventually stumbled upon shifting our letters forward one letter to make the message impossible to read by the teacher. Using the alphabet plastered at the front of the room, we would write these notes by looking for the next letter and moving to the right one sequence in the alphabet. This made our message harder for the teacher to broadcast to the class, and more importantly, gave us a smug feeling when the teacher couldn’t read it.
.jpg)
While this childhood memory is fun to remember, it’s stunning to see how far we have come with encryption for information all around us. Unbeknownst to us as a child, we were using a Caesar cipher. There are countless ways to encrypt information today, and without getting into the thick of explaining symmetric and asymmetric encryption (although they are an interesting read if you have time), encryption comes down to simply making data unreadable to those who aren’t authorized. When we think of our data, we generally think of it in two “states” per se: at rest, and in transit. When our data is at rest, it is in a static state of storage such as being stored on our phone. When it is in transit, it is being transferred across the internet to another location much like those “secure” credit card portals claim to offer. Understanding when our data is at rest or in transit is key to understanding the capabilities that encryption both gives, and takes away.
When we refer to what encryption gives it, it’s easy to make a case for it enabling the confidence we have in putting credit card information to be used across the internet. Without an encryption algorithm helping our data in transit stay private, we would have malicious actors listening in over internet lines like they did in the days of old for telephone conversations. In addition, our encryption of data at rest is what gives us peace of mind that if we lose our iPhone that a malicious actor wouldn’t be able to simply plug the phone in and take whatever they wish. As a business owner, it would appear that encryption should be implemented whenever and however possible; why would we not want all of our traffic to be encrypted and data at rest to be protected?
Just as encryption giveth security, it also taketh away. What it takes away is transparency, which we all would agree is the obvious goal of encryption. However, there are moments where we need to see what is happening with our data while in transit to see information such as if the file or website we are trying to access is malicious. Due to encryption only being between two parties for data in transit, all the sudden the tools meant to keep us safe cannot see what we are doing! If you connected to a malicious website, even if it was over an encrypted channel, you would still have malware transferred to you and a firewall would have no idea what was happening. By using encryption, any protection methods that inspect data in transit are rendered useless. While there are ways to help mitigate this known as SSL inspection which essentially inserts itself in the way and communicates on behalf of you to read all of the data, these are becoming less common. If you are a business owner and run SSL decryption on your firewall, you’ll have noticed that lately more and more websites do not allow this SSL inspected because it is the exact trick attackers use to get your data. In addition to our troubles reading data encrypted in transit, we have seen encryption at rest being weaponized in ransomware attacks. By encrypting the drive with a key that is only avaliable to your captor, they now own your data simply by being the only one able to decrypt it.
With all these harsh words about encryption, security professionals are coming up with increasingly more effective ways to allow this encryption in transit to take place while still being able to inspect the data. One way which is gaining traction is watching the transfer of data off of the endpoint. By watching the request or file traverse from the computer and onto the wire, there is a brief moment the data is not encrypted by the encryption negotiator (There is more depth to this concept, but for explanation purpose we will not get into system-to-system API calls). Solutions such as endpoint web filtering and endpoint DLP utilize these methods and do not rely on the MITM (Man in The Middle) attacks to inspect data. If there is a situation where encryption is being considered, be cognizant of if the data should be monitored, and if so, that there is a capable solution to monitor/decrypt the encrypted data.
Encryption is a wonderful mechanism that is used to protect us, however, it is equally important to understand that with its great power must come great understanding of its threats. We can no doubt continue to leverage its usefulness, and its ability to protect our data is more important than ever before. Being thoughtful about when it is used, the ways it can hurt us, and what hoops we have to jump through to get our data back helps us from falling victim to the dreaded “I didn’t expect that” feeling. Encryption does not need to be cryptic or mysterious, and its use can help everyone from bankers protecting data from cyber thieves to elementary schoolers protecting secret notes from teachers.
Copyright © 2022 Security Connections. All rights reserved.
