SoylentNews is people
SoylentNews
Robert X. Cringely points out the hidden costs of running corporate IT over the public internet:
How cheap is IT, really, if it compromises customer data? Not cheap at all. Last year’s Target hack alone cost the company more than $1 billion, estimated Forrester Research. The comparably-sized Home Depot hack will probably cost about the same. JP Morgan Chase is likely to face even higher costs.
He wonders why companies aren't shifting to dedicated networks, like they used to make with leased lines.
Taking a bank or retail network back to circa 1989 would go a long way toward ending the current rash of data breaches. It would be expensive, sure, but not as expensive as losing all the money that Target and others have recently done.
Is this practical? If so, how would it be accomplished with modern equipment?
(Score: 0) by Anonymous Coward on Friday October 10 2014, @03:48PM
wait, this is exactly what it was claimed that the nsa did to google and others, they tapped the exit and entrance nodes on the "point to points". Data wasn't encrypted between locations, and it undermined the entire system. Who cares it the data on the server is encrypted, if no one is walking off with the server. It's unencrypted the moment it leaves the box unless other actions are taken.
Considering that, a private leased line is not what people think it is. It is almost always on a shared network, and just because you can't see other customers doesn't mean it's configured right in the ISP from end to end. Privacy isn't what it used to be; unless you ran the line yourself, the telco can provide access.
Using VPNs for everything is foolish, but it makes a lot more sense to run a VPN over a leased line if you are really worried about security. Having permissions on a firewall to let unencrypted traffic through does nothing to protect against an entity tapping in and recording the transmissions, nor anything to stop something bad coming through on the ports you opened since you trust the other side. Nothing is stopping something on a, for example, MPLS network from being introduced into the "point to point" if the carrier is able to do so.
It takes a a secure approach to all methods and options for exit and entry, not just getting a leased line.
You would be more secure using a dial up modem. Demodulating a call is not something the current batch of tools is very good at doing, and if you encrypted the call--you'd be more secure than anything we've discused so far, but it would be slow. And very suitable for financial dropbox sort of transactions, like FTP or what have you, that you do not want anyone else to get a hold of.
Just don't set the modem to auto answer...
(Score: 2) by sjames on Sunday October 12 2014, @05:08AM
That is more or less what happened to Target. They had a secure VPN nailed up between them and their HVAC contractor. The hackers got into the contractor's network and came in through that to attack the POS systems.
The real failure was letting a route exist between HVAC and POS. An actual leased line instead of a VPN would have made exactly zero difference.