Protecting Data in Motion

What is Data in Motion? It’s exactly what it sounds like.

Anytime information is moving between systems, it is called Data in Motion. Let’s look at a network scenario to get a better idea of why protecting your Data in Motion is so important.

Security camera network

Let’s say we have a company that has decided to beef up site security by implementing a security camera network to help monitor a restricted portion of their property. Each camera is connected to the network using an ethernet cable. A computer on-site allows an authorized user to access the video feeds, as well as control the cameras. All the camera footage is also sent to an off-site server, which then stores that footage in a database. If someone wants to view the logged footage, they can remotely access it using an authorized computer on the network.

This scenario uses Data in Motion, Data at Rest, and Data in Use. For today’s discussion, we are focusing on Data in Motion. Among all the forms of communication over a computer network, Data in Motion is easiest to hack because the end systems do not have control over the data or what has access to it while it is physically moving between systems. This also explains why Data in Motion is an important consideration for network security.

Why do attackers target Data in Motion? Because it’s easily accessible.

Data in Motion is vulnerable:

Information is moving between systems.
Could contain credentials for verifying other systems.
Allows remote access to other systems.

Potential goals of attackers:

Steal credentials to impersonate a system.
Gather and store Data in Motion for use in Data at Rest attacks that take more time.
Control how a system responds to a protocol to get it to a more vulnerable state.
Render a system unusable, commonly known as a Denial of Service Attack (DoS).

How do I protect Data in Motion? It depends on the attack.

Let’s go back to our example of a security camera network. Data in Motion is the data moving between the server and computers, or the cameras and the control computer.

Sniffing: the most basic attack.

Sniffing allows Data in Motion to be collected or observed for later use. It is often a precursor to other attacks. If an attacker sniffs the security camera system credentials moving from the remote computer to the server, they can now log in to the server to access video files (compromising Data in Use and Data at Rest). To prevent this from happening, Data in Motion could be protected by end-to-end encryption. Encryption forces the attacker to take additional steps to use the data such as a brute force attack.

Spoofing: impersonating a system.

An attacker can spoof a system to take advantage of an existing trust architecture. By sending falsified or stolen data such as credentials, an attacker can manipulate a target system. In our scenario, if an attacker spoofs a camera, they can send bogus footage to the control computer. This breach could jeopardize the security of the facility. It can be protected by taking a zero-trust approach to user authentication, which requires confirmation of user identity to verify incoming information.

Man-in-the-middle (MiTM): controlling the movement of information between multiple systems.

MiTM control could allow an attacker to circumvent normal security processes or protocols such as a remote authentication server. In our security camera example, if a MiTM attack intercepted a security alert from the control computer and prevented it from being forwarded to the server, users may not be made aware of a potential breach. Logging of footage could be interrupted, while the attack keeps both systems thinking everything is normal. This attack would be protected by user authentication, which ensures every end point can be trusted.

Physical attacks: not subtle, but effective.

A physical attack could be as obvious as cutting network cables, or less detectable like jamming a wireless network. The goal of these attacks is usually Denial of Service between systems. In our security camera scenario, an attacker could physically cut the camera lines. No footage would be sent to the control computer, allowing attackers to enter the restricted area without being observed. The protection for this attack would be tamper detection mechanisms which allow you to monitor the status of your protected system.

Everything is connected.

It’s clear from this scenario that there are multiple ways attackers can infiltrate computer networks and put data at risk. In this article, we explored the importance of protecting Data in Motion. In future articles, we will cover more detail about Data at Rest, Data in Use, as well as encryption and tamper security. We are making sure that Crystal Group hardware and components are built with the security of Data in Motion in mind.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_H1FF8RS08T	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_1180346_2	1 minute	Set by Google to distinguish users.
_gat_UA-1180346-2	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
uid	5 months 27 days	This is a Google UserID cookie that tracks users across various website segments.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
sa-user-id	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
sa-user-id-v2	1 year	StackAdapt sets this cookie as a Random Identifier for user identification, to display relevant advertisements.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
lpv141931	30 minutes	No description
visitor_id141931	10 years	No description
visitor_id141931-hash	10 years	No description

How We Work

Who We Serve

Who We Are

News & Events

Protecting Data in Motion

What is Data in Motion? It’s exactly what it sounds like.

Why do attackers target Data in Motion? Because it’s easily accessible.

How do I protect Data in Motion? It depends on the attack.

Everything is connected.

Contact Us

Subscribe