How to Encrypt Data in Motion

There’s all this talk of encryption going on lately. Encrypt this. Encrypt that. I mean, does everyone expect us to encrypt all your personal information just because you visited our website? Why yes…. They do. In that case, we need to discuss encryption in motion.

An Overview of Encrypting Data in Motion

In this video, CBT Nuggets trainer Knox Hutchinson explains what it means to encrypt data in motion.  You’ll learn what it means to encrypt data in motion by learning how SSL works at a high level.

How to Encrypt Data in Motion

IT certs like the Server+ certification require you to know how to encrypt data in motion. That means understanding how things like SSL, TLS, SSH, RDP, and other protocols works. Let’s dive into SSL and TLS a bit as a better example of encrypting data in motion. 

Encrypting data in motion can also be called encrypting data while it is in transit. This means securing data when you surf the web, connecting to a managed switch, or connecting to a remote computer. The data that is sent between you and that other thing is encrypted during travel. 

SSL is a great example of this. You’re probably accustomed to seeing that little padlock up in the corner of your web browser next to the URL bar. That padlock is a symbol stating that no one can read the data sent to and from the web server except for you and that web server. It’s a symbol of security. It’s also an example of how to encrypt data in motion – specifically with SSL.

But Should You Use SSL?

All this to say… it’s not recommended to use SSL anymore. SSL can now be broken. Instead, it’s recommended to use TLS. 

A lot of systems administrators may want to configure their web servers to fall back to older versions of SSL if TLS is not available, but this is not recommended. Administrators allow falling back to older versions of SSL for people that use older browsers or physical devices. 

When a web browser reaches out to a web server, one of the first things that happen is that both the server and browser negotiate which SSL/TSL connection version to use. That system is designed to use the latest possible version, but the web server needs to be configured to use that version, too. 

By supporting older versions of SSL, attackers can use a downgrade attack to sniff secured communications. These downgrade attacks make the web server think that the browser it is communicating with can’t use newer versions of TLS.

 Are RDP and SSH. Encrypted Connections?

SSL and TLS connections are not the only way to encrypt data in motion. Did you know that RDP and SSH are also encrypted connections? 

Those types of connections are important to encrypt, too. Think about it. Both RDP and SSH are used to manage things like servers, switches, and routers. You don’t want to be able to let someone sniff your network to see what you are saying to those devices. You might be passing valuable data, such as login information or configuration information, to those devices. You don’t want anyone seeing that stuff. 

Before we were wise to the matter, administrators would use a tool like Telnet to operate remote equipment. Back in those days, security wasn’t a big deal. Networks were mostly isolated, and the gate to enter the IT world was insanely large. 

As time passed, we learned our lessons the hard way. We no have to longer shout into the void without securing our data first. 

We’ve already spent hundreds of words in this article strictly to explain why you encrypt data in motion. There’s so much more to learn, though. For example, we mentioned SSL, RDP, and SSH. How do they implement encryption? What kind of algorithms do you use? Why is reputation so important for SSL?

Hone Your Networking Skills With CBT Nuggets

We’ve barely scratched the surface of the fundamentals that administrators need to know. If you found this article interesting, though, it sounds like you may have found your calling in life.  

In that case, check out this totally awesome systems administrators fundamentals course. That course is a great way to start learning the building blocks for other certifications like Network+ or Server+.