Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WAN link security

Posted on 2014-10-10
1
Medium Priority
?
218 Views
Last Modified: 2014-10-28
I am not from a network tech background, but from a risk angle I wanted your expert view on this. We have an application that is hosted by a 3rd party. The application isnt public facing, you need to be logged into our domain to access the system. I am trying to determine how safe the transfer of data to and from this system is. All the 3rd party have said is there is a "standard WAN link" in place between us and them (i.e. their app/database server). What are the best practices for security on "WAN link's". Are they by default secure, or if not what security do you need to make the link safe?

Technically what is the "link" (hardware wise).

Please keep answers management freindly low tech.

I presume I also need to research what "protocols" are used for client access to the application? My very novice view was - presumably the actual WAN link needs to be secure if data sent from client to server (within the application) is using a plain text protocol. Whereas if the protocol used in the system is secure/encrypted - then whether the WAN link is secure or not - the data would be difficult to intercept by a hacker. Or am I miles off the mark?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 40373787
A standard WAN link could be anything.  I think what they mean though is that it's a standard internet connection.

However, you say that the application isn't public-facing and that you need to be logged into your domain to access the system.  That would imply that the application isn't on the public internet.

To give you a proper answer we need to understand what the WAN link actually is and how the 3rd party host the application.  There are too many unknowns to be accurate.

Saying that, I would guess that the application is hosted on the internet, but it's firewalled and only allowing connections from your WAN circuit's IP address or range.  That would make more sense.  Ask the 3rd party if this is the case - they should be able to confirm whether or not that is the case relatively easily.

Something else which would need to be known is how secure is traffic between client and server.  Is it encrypted using SSL, etc?  Again, they can tell you this.

1] If the circuit is just internet, and the app isn't firewalled AND data isn't encrypted, that's BAD.
2] If the circuit is just internet and the app isn't firewalled OR data isn't encrypted, that's BAD.
3] If the circuit is just internet and the app is firewalled AND data is encrypted, that's OK.

As an added bonus to the last point, if the circuit is a private WAN circuit between you and the 3rd party that's even better.  This would mean points 1 and 2 could be acceptable.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
How does someone stay on the right and legal side of the hacking world?
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question