|
|
|
|
|
|
by aaron42net
4676 days ago
|
|
|
Most companies have historically considered dark fiber (where nobody else's network gear is involved) to be secure enough. Passively decoding dumps of hundreds of gigabits or terabits spread over many colors of light (DWDM) into useful data was generally thought of as prohibitively expensive and therefore not a viable threat. The routers that can handle those speeds don't encrypt the link itself, so the most common solution is to do per-connection encryption between hosts with SSL or SSH or similar. Do you run SSL when talking to all of your internal APIs, databases, etc? What about between nodes in EC2, particularly between availability zones? Those are potentially subject to the same sort of sniffing without Amazon's involvement. |
|
|