• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Encrypting data in transit

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Encrypting data in transit

    Woo hoo.

    So we have done our 'encrypting data at rest' bit of work.

    And now we are being told to 'encrypt data in transit'.

    Unsurprisingly I am getting a lot of different answer non of which make sense.

    So lest assume we want to encrypt a web service - so it needs to be sent as an https message rather than http - I am being told we need to encrypt that somewhere in the application.

    However my understand was that it is just a mode of transport for the message - so i could send the same message via either http or https but the one which goes via https is 'more secure' and 'more difficult for someone to intercept and read' than the one going via http.

    Appreciate this is a large topic but can anyone shed any light on this?


    #2
    You called??

    Comment


      #3
      Kerberos? Krb5p....

      Comment


        #4
        Originally posted by stek View Post
        Kerberos? Krb5p....
        Cheers much appreciated

        So lets assume we are passing these messages around a secure network (e.g. inside companies firewall) - is Kerberos still a thing?

        Also we are very much a Microsoft company and this seems to be the default method for Windows machines?

        In addition to this the messages we send go through a message broker - which needs to read the message to know where to route it - and this would need to decrypt the message, read it the encrypt it again.

        So does that add an overhead?

        Is there really that much benefit in encrypting messages in transit within your own network?

        TIA!

        Comment


          #5
          Yes kerberos is an common authentication method. Normally just for logging on etc but can be extended to all traffic not just user/pass - there will be a performance hit - ive used it for NFSv4 and to be honest not really noticed any.

          It can all get rather arcane but a product like Centrify makes it much easier.

          WRT internal traffic, if thats what they want....

          Comment


            #6
            Originally posted by stek View Post
            Yes kerberos is an common authentication method. Normally just for logging on etc but can be extended to all traffic not just user/pass - there will be a performance hit - ive used it for NFSv4 and to be honest not really noticed any.

            It can all get rather arcane but a product like Centrify makes it much easier.

            WRT internal traffic, if thats what they want....
            Thanks much appreciated!

            In terms of what they want - they have no idea - KPMG have come in and said here are your GDPR gaps and so they are saying they need it. (note it is not even a GDPR gap as nowhere does GDPR insist on having encrypted messages within a firewall network)

            But they do not really know what benefit it actually gives as they are just box ticking moron's.

            Comment


              #7
              Originally posted by stek View Post
              Kerberos? Krb5p....
              Random fact I learnt this week, Cerberus the name of the muti headed hound of hell comes from the word k̑érberos, meaning "spotted".

              So Hades, lord of the dead, named his pet dog spot
              Originally posted by Stevie Wonder Boy
              I can't see any way to do it can you please advise?

              I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

              Comment


                #8
                If all you need to do is to encrypt data between two nodes using https then I suggest you research TLS and certificates. Not sure your exact requirements but most web servers such as IIS, Apache, nginx, etc support TLS. If you are using a broker such as RabbitMQ this supports TLS too.

                https://en.m.wikipedia.org/wiki/Tran...Layer_Security

                https://www.rabbitmq.com/ssl.html

                Feel free to PM me if you need more info.
                Last edited by rocketjet; 28 March 2018, 15:43.

                Comment


                  #9
                  Originally posted by rocketjet View Post
                  If all you need to do is to encrypt data between two nodes using https then I suggest you research TLS 1.2 and certificates. Not sure your exact requirements but most web servers such as IIS, Apache, nginx, etc support TLS 1.2.

                  https://en.m.wikipedia.org/wiki/Tran...Layer_Security

                  Feel free to PM me if you need more info.
                  OP mentions messages and message broker and i know WAS does end to end krb5p encryption.

                  If its a big environment and using certs probs gonna need a lot of HSM’s.

                  Comment


                    #10
                    Originally posted by SimonMac View Post
                    Random fact I learnt this week, Cerberus the name of the muti headed hound of hell comes from the word k̑érberos, meaning "spotted".

                    So Hades, lord of the dead, named his pet dog spot
                    Hades was god of the underworld, Thanatos was the god of the dead

                    Comment

                    Working...
                    X