Protecting Data in Motion

What is Data in Motion? It’s exactly what it sounds like.

Anytime information is moving between systems, it is called Data in Motion. Let’s look at a network scenario to get a better idea of why protecting your Data in Motion is so important.

Security camera network

Let’s say we have a company that has decided to beef up site security by implementing a security camera network to help monitor a restricted portion of their property. Each camera is connected to the network using an ethernet cable. A computer on-site allows an authorized user to access the video feeds, as well as control the cameras. All the camera footage is also sent to an off-site server, which then stores that footage in a database. If someone wants to view the logged footage, they can remotely access it using an authorized computer on the network.

This scenario uses Data in Motion, Data at Rest, and Data in Use. For today’s discussion, we are focusing on Data in Motion. Among all the forms of communication over a computer network, Data in Motion is easiest to hack because the end systems do not have control over the data or what has access to it while it is physically moving between systems. This also explains why Data in Motion is an important consideration for network security.

Why do attackers target Data in Motion? Because it’s easily accessible.

Data in Motion is vulnerable:

  • Information is moving between systems.
  • Could contain credentials for verifying other systems.
  • Allows remote access to other systems.

Potential goals of attackers:

  • Steal credentials to impersonate a system.
  • Gather and store Data in Motion for use in Data at Rest attacks that take more time.
  • Control how a system responds to a protocol to get it to a more vulnerable state.
  • Render a system unusable, commonly known as a Denial of Service Attack (DoS).

How do I protect Data in Motion? It depends on the attack.

Let’s go back to our example of a security camera network. Data in Motion is the data moving between the server and computers, or the cameras and the control computer.

Sniffing: the most basic attack.

Sniffing allows Data in Motion to be collected or observed for later use. It is often a precursor to other attacks. If an attacker sniffs the security camera system credentials moving from the remote computer to the server, they can now log in to the server to access video files (compromising Data in Use and Data at Rest). To prevent this from happening, Data in Motion could be protected by end-to-end encryption. Encryption forces the attacker to take additional steps to use the data such as a brute force attack.

Spoofing: impersonating a system.

An attacker can spoof a system to take advantage of an existing trust architecture. By sending falsified or stolen data such as credentials, an attacker can manipulate a target system. In our scenario, if an attacker spoofs a camera, they can send bogus footage to the control computer. This breach could jeopardize the security of the facility. It can be protected by taking a zero-trust approach to user authentication, which requires confirmation of user identity to verify incoming information.

Man-in-the-middle (MiTM): controlling the movement of information between multiple systems.

MiTM control could allow an attacker to circumvent normal security processes or protocols such as a remote authentication server. In our security camera example, if a MiTM attack intercepted a security alert from the control computer and prevented it from being forwarded to the server, users may not be made aware of a potential breach. Logging of footage could be interrupted, while the attack keeps both systems thinking everything is normal. This attack would be protected by user authentication, which ensures every end point can be trusted.

Physical attacks: not subtle, but effective.

A physical attack could be as obvious as cutting network cables, or less detectable like jamming a wireless network. The goal of these attacks is usually Denial of Service between systems. In our security camera scenario, an attacker could physically cut the camera lines. No footage would be sent to the control computer, allowing attackers to enter the restricted area without being observed. The protection for this attack would be tamper detection mechanisms which allow you to monitor the status of your protected system.

Everything is connected.

It’s clear from this scenario that there are multiple ways attackers can infiltrate computer networks and put data at risk. In this article, we explored the importance of protecting Data in Motion. In future articles, we will cover more detail about Data at Rest, Data in Use, as well as encryption and tamper security. We are making sure that Crystal Group hardware and components are built with the security of Data in Motion in mind.