8.4. Good Encryption Required
If you are properly verifying your authentication session, why do you even need encryption? Encryption serves two purposes:
To protect the data from snooping
To protect the data from being altered
In the section on clear text transmissions earlier in this chapter, you saw how most IP services transmit all information in the clear. This fact should be sufficient justification for using encryption to shield your data from peering eyes.
Encryption can also help to ensure that your data is not altered during transmission. Altering data during transmission is commonly referred to as a man-in-the-middle attack (as mentioned earlier), because it relies on the attacker's ability to disrupt the data transfer. Let's assume ...
Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
