StrongSwan: The Internet – Data on show
Unencrypted...
When you have a look at the basic structure of the Internet you are going to
notice that all data is traveling across the network unencrypted and therefore
can be read by everyone.
In the beginning days of the Internet this didn't pose so much a problem,
because it had been about exchanging information that was publicly available,
which didn't require that the data be encrypted. Commercial applications,
snoopers and online criminals didn't appear until later. Whereas the former
have a legitimate concern in encrypting all transactions, simply to protect
them against eavesdropping and manipulation – after all, sensitive information
like addresses, bank details, credit card numbers and other data is transferred
that isn't meant for anybody else – the latter try to intercept this data in an
attempt to benefit from it one way or another. Any snoopers attempt to
determine from the transmitted data who poses a problem and who doesn't, which
all too often results in a false positive, and the bigger the amount of data
grabbed, the more problematic things become since one could read anything into
anything. This could suddenly have respectable citizens find themselves on some
wanted list or observation register. On top of that specially prepared
intermediate stations that record the data stream they are forwarding so that
it might be used for dubious ends.
It has therefore been reacted on this threat, and for some applications countermeasures have been developed to thwart eavesdropping and manipulating the data stream. That's why in the meantime SSH is used instead of Telnet for logging in to a remote server, and for critical data transmissions HTTPS is used instead of HTTP. The same can be found in FTP, e-mail and other applications that transmit data that isn't supposed to be read along by anyone else.
to the top... and unsecured!
Another problem that arises in the Internet is the fact that any data isn't
protected against modification. This means that any intermediate station could
intercept the data stream between two boxes and inject its own data; the
recipient wouldn't have any chance to discover that something is amiss. Here it
is again necessary that the programs used take care of checking the data sent
for its integrity by attaching a digital signature that allows for checking
whether or not the data has been modified.
Unfortunately this validation is only done half-heartedly in some cases, if at
all, and therefore can be thwarted relatively quickly. Here the various
wireless networks should be recalled that are either secured only with WEP or
- even worse – without any kind of security. This way it isn't just possible
for any imbeciles to easily connect to such a network, but to make things even
better, they are able to read along the data stream as well. This problem is
even worse in publicly accessible wireless networks, because they have to be
freely accessible by definition.
Since it is therefore impossible for the access point to impose any security
measures, other safeguards are necessary.