Encryption is Useless!?

This week FTP (the file transfer protocol) celebrated its 40th birthday - and will hopefully retire soon! While a nice and simple means of transferring files, it is totally insecure: both the transferred contents and the authentication password are transfered unencrypted. FTP is not the only protocol that transfers data unencrypted: standard web traffic (“HTTP”) and e-mail (“SMTP”) are not encrypted either.

Not an issue? Think again! Nowadays, we all use wireless Ethernet from our laptops and mobile phones. This means that your traffic can be intercepted by anyone*… What if I could your web browsing history, read your last e-mail to your boyfriend/girlfriend, or see which commands you’ve just executed? I could easily intercept your Facebook session…

If this worries you, check for secrecy and encryption. Usually this is shown by an “S” in your communication protocol:

  · “HTTPS” for secure web browsing, as displayed in your browser’s address bar;

  · IMAPS/POPS for secure e-mail transfer; the default at CERN for sending e-mails to the CERN mail servers;

  · “SSH” and “SCP” for secure remote access and data transfer, mainly on Linux PCs. On Windows PCs, there is also “RDP”, the Remote Desktop Protocol, which is encrypted too. “SSH” can even be used to encrypt other protocols, a technique called “tunnelling”.

Of course, there is more to encryption than this. If you host sensitive or confidential data, access protection and data encryption are a must! This is particularly true if you keep this kind of data on a USB stick or a laptop, both of which can easily be lost or stolen while you're travelling... TrueCrypt is a good open source, on-the-fly encryption tool for data stored in Windows, Mac and Linux PCs.

If you are looking for recommendations or need help, check out https://cern.ch/Computer.Security or contact us at Computer.Security@cern.ch. The site gives furher information about:

  · securely connecting to CERN

  · encrypting connections with SSH

  · tunnelling through LXPLUS

  · transferring files with SSH, and plenty of other useful tips!

*... if your wireless access point does not encrypt traffic using e.g. the recommended WPA2 standard. At CERN, all wireless access points have no encryption in order to allow free roaming. Encryption would mean distributing a shared secret among all our users, colleagues and guests, so it would hardly be a “secret” anymore…


by IT Department