I'm looking for a best practice answer. We have a 100Mb point to point Carrier Ethernet circuit between a corporate office and an offsite data center. Basically we have SQL traffic replicating to the data center. It is mostly customer information but nothing like credit cards or social security numbers. Is it best practice to set up a VPN tunnel between the sites for encryption or just treat it like a regular Ethernet connection?
Asked
Active
Viewed 700 times
2 Answers
9
Any network segment that you don't fully control can be considered as a public network, so if you would encrypt traffic over a regular public network, do it for your case as well.
NB: With full control I mean that you have full and sole control over any network devices that are part of the connection, so a port on e.g. a router or switch you don't own doesn't qualify.
Sven
- 98,649
- 14
- 180
- 226
-
5+1 - Encrypt it. It's the only way to be sure. (Wire speed 100Mbps encryption also costs, like, next to nothing today.) – Evan Anderson Jun 24 '14 at 21:20
-
1Also, even if you have "full and sole control" over the hardware, it will be difficult to enforce it. You cannot patrol every meter of a kilometer-long cable. – sleske Jun 25 '14 at 07:42
0
No not really. Most encryption devices will slow down things like DB and fileserver backups to a crawl. Private line is reasonably secure and most people do not encrypt over it. The only people that can reliably intercept data over private line or cloudy line are ominous three letter government agencies. Everyone else gets in via your DMZ or tricks your users somehow.
keegan2149
- 71
- 3