Timeline for Do I need to encrypt connections inside a corporate network?
Current License: CC BY-SA 4.0
34 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 31, 2020 at 9:01 | comment | added | Robert Cutajar | Good news everyone, We are now running on HTTPS. | |
| Jul 3, 2018 at 1:06 | history | protected | CommunityBot | ||
| Jul 1, 2018 at 18:51 | answer | added | Jan Hertsens | timeline score: -1 | |
| Jun 30, 2018 at 7:42 | answer | added | Dmitry Grigoryev | timeline score: 1 | |
| Jun 25, 2018 at 17:38 | comment | added | Nat | If you're trying to sell this to management, seems like you might make an analogy to locking office doors and filing cabinets in the building. I mean if they're good with unencrypted internal communications, why not unlocked doors? Plus not having to deal with pesky locks could save a lot of time! | |
| Jun 25, 2018 at 9:38 | comment | added | arp | If you need a bumper sticker type slogan: "Firewalls. Crunchy on the outside, chewy on the inside." | |
| Jun 24, 2018 at 19:17 | comment | added | gnasher729 | For certain information, I would be in trouble if I sent it over an unencryted connection and my boss found out. | |
| Jun 23, 2018 at 6:18 | comment | added | Thorbjørn Ravn Andersen | Relevant reading: gearbrain.com/iot-hack-on-casino-aquarium-2560513466.html | |
| Jun 22, 2018 at 22:54 | comment | added | ctrl-alt-delor | As an attacker you have IP-address based security (I don't care), you have MAC-address based security (I don't care). You have put glue in all the network sockets. It will slow me down, but it also tells me that you probably are relying on it (you have no other security). | |
| Jun 22, 2018 at 20:06 | comment | added | Todd Wilcox | Note that for US government agencies, internal encryption of all traffic is generally mandatory, and likewise with government contractors. The highest profile breaches of the last ten years have all been insider threats. | |
| Jun 22, 2018 at 16:01 | comment | added | Wayne Werner |
Also, I used to work at a company where every single employee's AD login credentials were passed as basic auth unencrypted to our squid proxy. That was when I changed my work password to Password1
|
|
| Jun 22, 2018 at 15:59 | comment | added | Wayne Werner | I'll just leave this here arstechnica.com/information-technology/2013/11/… | |
| Jun 22, 2018 at 12:13 | comment | added | Robert Cutajar | I must admit the guilt of a little trolling excursion. I have spoken on behalf of the organization while I am the guy complaining. Your amazing reactions may help convince the IT department to do something :D Thanks everyone! | |
| Jun 22, 2018 at 12:08 | vote | accept | Robert Cutajar | ||
| Jun 22, 2018 at 7:34 | answer | added | Falco | timeline score: 7 | |
| Jun 22, 2018 at 2:38 | comment | added | Jeffrey Bosboom | What's your threat model? Employees attacking the company, the company attacking the employees, employees attacking each other, third parties attacking the employees, third parties attacking an employee and pivoting into an attack on the company, ...? It's hard to evaluate the cost-benefit of a security measure without knowing what you want to defend against. | |
| Jun 22, 2018 at 1:12 | answer | added | Tom | timeline score: 14 | |
| Jun 21, 2018 at 22:44 | comment | added | HopelessN00b | If I wanted to steal another employee’s credentials to, say, snoop through confidential company data, sabotage employees I don’t like, or cryptojack our computers in a way that someone else takes the fall, sniffing logins to an http intranet would be a good way to go about it, dontcha think? | |
| Jun 21, 2018 at 22:15 | comment | added | Arminius | Related: security.stackexchange.com/questions/152019/… | |
| Jun 21, 2018 at 22:11 | answer | added | JesseM | timeline score: 9 | |
| Jun 21, 2018 at 22:08 | answer | added | AllInOne | timeline score: 29 | |
| Jun 21, 2018 at 20:44 | history | tweeted | twitter.com/StackSecurity/status/1009899982370017281 | ||
| Jun 21, 2018 at 20:42 | answer | added | Patrick Horn | timeline score: 7 | |
| Jun 21, 2018 at 20:20 | answer | added | le3th4x0rbot | timeline score: 110 | |
| Jun 21, 2018 at 19:07 | comment | added | Xander | If you want clear-cut recommendations, read Google's BeyondCorp paper(s). | |
| S Jun 21, 2018 at 18:44 | history | suggested | user173641 | CC BY-SA 4.0 |
Corrected grammar, changed formatting to include a paragraph.
|
| Jun 21, 2018 at 17:22 | answer | added | multithr3at3d | timeline score: 14 | |
| Jun 21, 2018 at 16:26 | answer | added | Sayan | timeline score: 41 | |
| Jun 21, 2018 at 15:52 | comment | added | user173641 | I believe the employee is well within his right to complain in such case. Just thought I'd add that. Also when talking about "trusted parties" who are you exactly referring to - do you have any reasons to trust them beyond the fact they told you they're trustworthy, etc? | |
| Jun 21, 2018 at 15:52 | review | Suggested edits | |||
| S Jun 21, 2018 at 18:44 | |||||
| Jun 21, 2018 at 15:19 | answer | added | Joe M | timeline score: 259 | |
| Jun 21, 2018 at 15:04 | answer | added | symcbean | timeline score: 3 | |
| Jun 21, 2018 at 15:01 | review | First posts | |||
| Jun 21, 2018 at 15:06 | |||||
| Jun 21, 2018 at 14:58 | history | asked | Robert Cutajar | CC BY-SA 4.0 |