Encryption is for data at rest, not just in transit

Monday, 16 June 2003, 5:22 PM EST

Everybody knows that it is easier to hit a stationary target than a fast-moving target. Yet an enormous amount of resources are being used to encrypt data in motion, while the bigger risk is in data at rest.

One reason for the focus on data transfer rather than storage dates back to pre-1994 days. At this time, ethernet broadcast all communications between two computers to all of the nearby computers, thus allowing a hacker with a sniffer (a piece of software that captures network traffic) to see other users' data.

But in most companies today, data is almost always transferred on switched networks and thus is transferred from point to point - with no visibility of that data by other network-attached devices. The only way to circumvent this is for the hacker to load his sniffer program onto the actual server itself, but even in this scenario, there are simpler ways to access the data directly.

Given this fact, the enormous amount of resources put into encrypting data in flight, travelling over the network, seems disproportionate.

[ Read more ]


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th