SoylentNews is people
SoylentNews
Robert X. Cringely points out the hidden costs of running corporate IT over the public internet:
How cheap is IT, really, if it compromises customer data? Not cheap at all. Last year’s Target hack alone cost the company more than $1 billion, estimated Forrester Research. The comparably-sized Home Depot hack will probably cost about the same. JP Morgan Chase is likely to face even higher costs.
He wonders why companies aren't shifting to dedicated networks, like they used to make with leased lines.
Taking a bank or retail network back to circa 1989 would go a long way toward ending the current rash of data breaches. It would be expensive, sure, but not as expensive as losing all the money that Target and others have recently done.
Is this practical? If so, how would it be accomplished with modern equipment?
(Score: 2) by theluggage on Friday October 10 2014, @02:20PM
Instead crooks will know that you trust the line and make sure to access those junction boxes..
If your data was that sensitive, surely you'd go "belt & braces" and encrypt the data on your line anyway?
Plus, scalability anybody? Even if, at some stage in the history of telecoms, a "leased line" really was a physically private copper wire or fibre exclusively connecting A to B, I can't see that being viable in these days of ubiquitous networking and globalisation - you'd have to flood-wire the world! For anybody smaller than the average national security agency, a modern "leased line" must surely be a euphemism for "outsourcing your VPN kit to your telecoms provider".
(Score: 0) by Anonymous Coward on Friday October 10 2014, @03:48PM
wait, this is exactly what it was claimed that the nsa did to google and others, they tapped the exit and entrance nodes on the "point to points". Data wasn't encrypted between locations, and it undermined the entire system. Who cares it the data on the server is encrypted, if no one is walking off with the server. It's unencrypted the moment it leaves the box unless other actions are taken.
Considering that, a private leased line is not what people think it is. It is almost always on a shared network, and just because you can't see other customers doesn't mean it's configured right in the ISP from end to end. Privacy isn't what it used to be; unless you ran the line yourself, the telco can provide access.
Using VPNs for everything is foolish, but it makes a lot more sense to run a VPN over a leased line if you are really worried about security. Having permissions on a firewall to let unencrypted traffic through does nothing to protect against an entity tapping in and recording the transmissions, nor anything to stop something bad coming through on the ports you opened since you trust the other side. Nothing is stopping something on a, for example, MPLS network from being introduced into the "point to point" if the carrier is able to do so.
It takes a a secure approach to all methods and options for exit and entry, not just getting a leased line.
You would be more secure using a dial up modem. Demodulating a call is not something the current batch of tools is very good at doing, and if you encrypted the call--you'd be more secure than anything we've discused so far, but it would be slow. And very suitable for financial dropbox sort of transactions, like FTP or what have you, that you do not want anyone else to get a hold of.
Just don't set the modem to auto answer...
(Score: 2) by sjames on Sunday October 12 2014, @05:08AM
That is more or less what happened to Target. They had a secure VPN nailed up between them and their HVAC contractor. The hackers got into the contractor's network and came in through that to attack the POS systems.
The real failure was letting a route exist between HVAC and POS. An actual leased line instead of a VPN would have made exactly zero difference.