Summary
Network hardening is a layered process. The first layer is allowing in only the traffic you want on your network via firewall rules and blocking illegitimate traffic. The next layer is protecting legitimate network traffic from snooping by encrypting it with TLS and by wrapping any traffic between two networks that has to go over the public Internet with a VPN. Finally, once all of that is protected, you can focus on preventing an attacker from even knowing you are using a network resource by masking the metadata in network traffic with Tor.
How far you go down these layers depends largely on what you are trying to protect and from whom you are trying to protect it. While everyone should use firewall rules throughout their network to block unwanted traffic, only some administrators will be willing to go the additional step of blocking egress (outbound) traffic as well as ingress (incoming). While protecting access to your sensitive networks with a VPN is a great way to protect them from snooping, some administrators may just resort to SSH tunnels. Finally, only those administrators protecting from the largest threats, where even the existence of the service is a problem, would need to go to the trouble of protecting it with Tor. In any of these circumstances, the key is making an honest assessment of what you are protecting, from whom you are protecting it, and what their abilities are.
No comments:
Post a Comment