Geek Answers Handbook

Socket Security for the Client Server

Assuming we have server S and several Clients (C), and whenever the client updates the server, the internal database on the server is updated and replicated to other clients. All this is done using sockets in an intranet environment. I believe that an attacker can sniff out this regular text traffic quite easily. My colleagues believe that I am too paranoid because we are behind a firewall.

Am I too paranoid? Do you know any exploit (link, please) in which such a situation was used, like what, and what to do differently. Clients were rewritten in Java, but the server still uses C ++. Can any thing in the code protect against attack?

+5
source share
8 answers

Inside your company’s firewall, you are safe enough from direct hacker attacks from outside. However, statistics that I will not worry about digging up claim that much of the damage done to business data is done by INside. Most of them are a mere coincidence, but there are various reasons for employees to be unhappy and not to be discovered; and if your data is sensitive, it can harm your company in this way.

There are also boat laws on how to process personal identification data. If the data that you process is of this kind, treating it carefreely in your company, you can also open your company before the trial.

SSL-. . / , .

+5

- na & iuml; ve.

Heartland, , . , , - SSL . .

:

" ", , . - , "" sniffer "- ." , , ". , Heartland , , :" , ".

+3

SSL , . Java OpenSSL C/++.

+3

, . /IDS . , , :

  • PGP
  • - , .

, . , .

+1

. , .

? , . -, . .

, VAST . , , "" . "" - , , .

, , , - , , , .

, , sys - , , - . , .

, -, .

+1

? , , , . , , , . , , * , . , , , . .

* SSL, , , , .

+1

"" , , SSL - .

, , , - , , .

0

, , , . , , , .

There are not many companies that I know of that use secure sockets between clients and servers on the intranet, mainly because of higher costs and lower performance.

0
source

More articles:


All Articles