Solved

A communications group seeks the most secure form for consistent and diverse communication over the internet...

Posted on 2014-07-30
13
405 Views
Last Modified: 2014-08-01
My original title was too long.  It went like this:  What is the most secure form of CONSISTENT communication and information, over the internet?  Would specific network protocols (which I know little of) be necessary to achieve it?

If a group wanted to communicate their thoughts and ideas and information back and forth with one another, across borders and without limitation on the materials used to exchange that information (documents, texts, discussions, videos, audio files, Word/Excel/Powerpoint, you name it)...

...what would be the most secure method of keeping those communications private from ANY parties who might try looking in?  Is this even possible in today's world, and if by degrees, to what degrees?

Thanks!
0
Comment
Question by:Jeffereener
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 50 total points
ID: 40230079
I would say a good VPN tunnel would be the way to go.  That would cover the connection.  With what you're describing, I would also put a lot of attention into securing the devices being used for this communication, and I would spend a lot of time training the users to make sure they don't become the point of failure in securing this highly sensitive line of communication.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 190 total points
ID: 40230109
Depending on which borders you are talking about, "consistent across borders" is fairly unlikely.  Some governments (like China and Iran) will shutdown communications just because they can't decipher it.  Others like the US will try to decode it instead.  There is no method that can be guaranteed to work.  Note also that encrypted communications will be a red flag to all those countries that monitor and/or filter internet traffic.  Which is most of them now.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 260 total points
ID: 40230264
VPN is good, and probably the most secure. You can't trust IM providers unless you implement your own, and if you do I'd recommend XMPP. Understand that "text'ing" is not going to pass over a vpn or IM, that's a second network unless the phone/device is connected to a wifi and sends the message over that. Still the txt will have to exit your network to a cell provider to get to the other device.
If you want to be as agnostic as possible with the communication, you can do VPN. Setup the vpn between you and the other party, and send whatever you want on any protocol you want. There is no universal protocol you can use. Even when using the IM option, it can transfer files, share video and send textual data, but each one of those is a sub or separate protocol within a tunnel.
http://en.wikipedia.org/wiki/Jingle_%28protocol%29
http://xmpp.org/extensions/xep-0166.html
The Pidgin clients can be installed on most OS's and even mobile devices so you can communicate just like you can in Gtalk (aka G+), or FaceBooks FaceTime. But you can install your own XMPP server and control it rather than a 3rd party. The connections are encrypted like they would be in a VPN, and it's a medium more people are familiar with using.
-rich
0
 

Author Comment

by:Jeffereener
ID: 40230392
I am grateful, as my knowledge of the subject has just expanded a great deal.  That being said, I am also extremely limited in my basic understandings of these various elements of networking, and so I will need to break this information down to something I can digest in small bites in order to understand it.  This will take some time, for a novice like myself, obviously.

Therefore, no insult intended, I believe I will await any other responses of note in the next 24 hours or so, and then provide everyone with a share of the "points."  If questions arise for me in that time, I will post them here, if that is acceptable... or post them as new questions on their own, which may be the better and fairer manner of proceeding.  I truly appreciate this information, thanks to each of you for your offering.  My education on computer/communications networking is about to begin...
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 190 total points
ID: 40230416
Frankly, the internet is Not for keeping secrets.  If some of the governmental organizations have figured out how to read 'secure' communications, they are Not going to tell anyone about it.  They are just going to keep on reading.
0
 

Author Comment

by:Jeffereener
ID: 40230694
Right on, Dave! However, it appears to be the only real way to establish a communications network of unlimited diversity, unless there's some other way I don't know about. And, as you mentioned earlier, attempts to mask ones communications are actually targeted for closer inspection, defeating the entire purpose of the masking in the first place. This is good knowledge to have, going into any efforts to create such protections.  In other words, careful consideration may not plug all the holes, but may help.

What I wonder is, just how prevalent is corporate espionage, and are there all sorts of pirates finding ways into my system for the purpose of extracting data?

I will explore Rich's response further after i check out his links, but I am intrigued by these VPN suggestions you've all made, along with his "Pidgin" option. Great stuff!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Jeffereener
ID: 40230700
PS: I love and want to see the big picture, it's how i prefer to think of concepts such as this. It helps me assess the potential of my actions. Any suggestions to this end - such as Dave has made clear - for a country bumpkin like myself are further welcomed!
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 260 total points
ID: 40230738
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
If avoiding espionage is the goal, you don't communicate across the internet at large. While the NSA/GHQC are in the position to snoop on the tubes as a whole, more targeted attacks or snooping would work well for competitors. I'm not sure how prevalent digital espionage is, but if someone wants a copy of something on the internet, there is typically no way to know if it's been copied.
People speculate about backdoored programs or "skeleton key" encryption schemes... Those are the wrong places to go after data, you go after data where it's in the clear, not where it's semi-fortified. Take full disk encryption as an example, people think that somehow their data is better protected in general because the use BitLocker, PGP or TrueCrypt. It's better protected from physical theft only, and only if the OS isn't running or suspended. If the OS is running, then use a Flash or Java (or 10 million others) exploit and look at the data in it's "raw" form. Don't attack a bank vault when it's fully shut, go during the day when it's wide open.
Cloud services, Skype, GoogleTalk, FaceTime... each are provided by a 3rd party. And they are the proxy for you. You'd like them to have your best interest at heart, but alas they probably don't. That's why I said stand up your own XMPP server, it's what Google uses, and what many use, and you can control the encryption and certificates. The clients or the OS of the people using the IM clients are the weak points, not the connections between them and you.
You have to weigh your risks, and if you trust Box.net, Gdrive, DropBox, SendSpace or SkyDrive with your data, good for you. I don't, I encrypt prior to sending to them. Sure they can't index it, or upload it quicker because no-one else has previously uploaded that, but I have better piece of mind.
You have to have a healthy dose of paranoia, but if your competitors aren't that well funded, I doubt you'd have much to worry about. (Which is exactly what we want you think muahahaha!)
-rich
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 190 total points
ID: 40230748
The people who are running seriously 'secure' networks have two things you don't have:  teams of security experts to monitor and maintain their networks, and encryption methods that are not available to the public.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 260 total points
ID: 40230819
Encryption that is available, tried and tested stands a better chance:
http://en.wikipedia.org/wiki/Kerckhoffs%27_principle
https://www.schneier.com/crypto-gram-0205.html#1
But in general, outside encryption itself, you should keep your data a secret as possible.
-rich
0
 

Author Comment

by:Jeffereener
ID: 40234568
Hey, listen you guys, I gotta say thank you for being so up front with your thoughts.  I have such a better foundation now, truly great info.  Not that the path is clear of debris – clearly it isn’t – but at least I see it so much more clearly.  Trappings, dangers, steps available to me… there’s so much worthy info throughout this post, I couldn’t possibly award enough points.  

Off to the next question, but before closing, I got through about 20% of that first link you sent, Rich, and it's enormous!  Lol.  And virtually everything is well over my head – it is a completely different language - but I got a sense of it all through the patterns.  I saw a completely different manner of communicating in order to cause an effect, depending upon a choice, and get a result.  Completely unique terms and conditions, systematically placed (coding) in order to make software (or hardware?) run.  But the patterns indicate to me quite a systematic process of communication, one idea building upon the other, and gaining complexity as it advances.  Making errors would likely be the bane of all existence.  In my mind, it's something you would want to get right in the first place, that would be a hell of a lot easier than trying to find the needle in the haystack.  Clearly that, too, would be easier said than done, though.

I’m going to award the points, but there’s not enough to suffice for the valuable understanding you’ve all given me.  Funny thing is, I may have gone from a complete imbecile on the subject, to understanding more than about 70% of the people out there, in a matter of a few intelligent responses.  Thanks!
0
 

Author Closing Comment

by:Jeffereener
ID: 40234592
I couldn't have possibly asked for more; in fact, I got more than enough to keep me busy in understanding what I was seeking.  These "Experts"?  Awesome!
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40234629
The wiki link was only to show the protocol (jingle) that is built-upon XMPP's own protocol. The point being, with a web-front end, like some IM clients, you can transfer files and communicate at the same time. The front end helps tie the functionality together. The trusting of others is the next part, do you trust Google/M$/DropBox/Box.net with your data? They are in a position to look at it, do they, will they? If you can't allow that, you have to run your own. Even then you have to start trusting the software or the protocol at some point.
I'm glad you got your fill and then some on this question, I have a few articles that I put up last year, they seem to cover quite a bit in the security area, questions that come up here often, so I made them. I'm linking below:
Bring your own device
Duality of security tools
How secure are passwords?
2-factor authentication
Choosing the right encryption for you
-rich
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now