Solved

WAN link security

Posted on 2014-10-10
1
216 Views
Last Modified: 2014-10-28
I am not from a network tech background, but from a risk angle I wanted your expert view on this. We have an application that is hosted by a 3rd party. The application isnt public facing, you need to be logged into our domain to access the system. I am trying to determine how safe the transfer of data to and from this system is. All the 3rd party have said is there is a "standard WAN link" in place between us and them (i.e. their app/database server). What are the best practices for security on "WAN link's". Are they by default secure, or if not what security do you need to make the link safe?

Technically what is the "link" (hardware wise).

Please keep answers management freindly low tech.

I presume I also need to research what "protocols" are used for client access to the application? My very novice view was - presumably the actual WAN link needs to be secure if data sent from client to server (within the application) is using a plain text protocol. Whereas if the protocol used in the system is secure/encrypted - then whether the WAN link is secure or not - the data would be difficult to intercept by a hacker. Or am I miles off the mark?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 40373787
A standard WAN link could be anything.  I think what they mean though is that it's a standard internet connection.

However, you say that the application isn't public-facing and that you need to be logged into your domain to access the system.  That would imply that the application isn't on the public internet.

To give you a proper answer we need to understand what the WAN link actually is and how the 3rd party host the application.  There are too many unknowns to be accurate.

Saying that, I would guess that the application is hosted on the internet, but it's firewalled and only allowing connections from your WAN circuit's IP address or range.  That would make more sense.  Ask the 3rd party if this is the case - they should be able to confirm whether or not that is the case relatively easily.

Something else which would need to be known is how secure is traffic between client and server.  Is it encrypted using SSL, etc?  Again, they can tell you this.

1] If the circuit is just internet, and the app isn't firewalled AND data isn't encrypted, that's BAD.
2] If the circuit is just internet and the app isn't firewalled OR data isn't encrypted, that's BAD.
3] If the circuit is just internet and the app is firewalled AND data is encrypted, that's OK.

As an added bonus to the last point, if the circuit is a private WAN circuit between you and the 3rd party that's even better.  This would mean points 1 and 2 could be acceptable.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This program is used to assist in finding and resolving common problems with wireless connections.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question