From the course: Threat Modeling: Information Disclosure in Depth

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Encrypted and unencrypted

Encrypted and unencrypted

From the course: Threat Modeling: Information Disclosure in Depth

Start my 1-month free trial

Encrypted and unencrypted

- [Instructor] Messages travel through channels. An email is a message and it travels over an SMTP channel. Much like we apply integrity controls to protect against tampering, we can apply encryption to either messages, channels, or both to protect against information disclosure. Data in motion is easy to read. Just grab a tool like WireShark and go to town. Even if it's only on the local network, then you're trusting your router to do the right thing and never send it elsewhere. Lastly, if the data is encrypted, you're trusting the encryption is configured right. What happens when it's not configured right? If you haven't seen ECB Penguin, it's a great illustration of the importance of proper cipher setup. Which also includes secure fallbacks, and ensuring that key exchange is done properly. It's easy and wise to say encrypt at all, but sometimes that's hard. Encrypted can be hard with many parties. Getting agreement on…

Contents