We often used IPsec VPN, Site-t-Site VPN and implement different kind of encryption suit but do we focused on Telecom backbone like transmission mask, were multiple customer data exchanging. Do they enforce SSL inspection while transposing data via under sea fiber. Are we really check that same frequency or oscillation used by some other service prover. Anyone tapping data in between customer and cloud service provider that is not traceable anymore and there are no such Cyber Control take places.
thanks for highlighting this risk. I think many of aren't implementing integrity and monitoring practices yet. I will review this with my team. thanks!
Typically Telcos do not encrypt the data they transmit, thus eavesdropping is possible but not easy, as they configure their lines and interconnections as private connections. You can ask the telco you use for guarantees on the confidentiality of the data you transmit, but probably they will promise only a 'best effort' protection. If this is not sufficient for your data, then you shoud implement yourself a strong endpoint-to-endpoint or site-to-site encryption technology.
but we don't know everyday how much information espionage through the DWDM and SONAT ring. We you know TAP can be deployed any such backbone.
End-to-End not secure because to high jack such information only way to have sniffer on your internet raw Ethernet link .
yes I think the IDN (Tempered and Dispersive) and SDN (Cisco, Juniper, etc) solutions are really starting to help secure critical information across these vastly expansive communication networks. The use cases for needing this are quite interesting with the proliferation of DERs and the necessity to secure remote facilities and communications.
I don’t undestand the question. SSL inspection by the telco? That kind of defeats the purpose of the method: the endpoint would have to accept a bogus inspection certificate. VPNs treat all networks as untrusted, including undersea cables.
Communication channel providers are likely more interested in encoding that detects and corrects errors than providing confidentiality. The best practice is to encrypt end-to-end communications if you’re concerned about confidentiality. This includes “internal” traffic.
But Under sea cable only carry L2 not L3 so anyone can track what is going on inside fiber/copper while trans passing such VPN traffic as well. Telco equipment are talk with each other NSAP address. There is no such encryption being enforces.