February
22nd,
2006
Insights into Information Security: IPSEC everywhere? Bad idea
Excellent post pointing out why encryption can be a bad thing. It sounds counter-intuitive at first, in that security people will spend a lot of time telling you to use things like SSH instead of telnet and SFTP instead of FTP because the they use encryption...
but too much encryption can be a bad thing. It can blind devices like Intrusion detection systems and actually help an attacker, if that attacker has already broken into an endpoint system, and in the majority of attack scenarios that will be the case...
so the net effect of encrypting everything is actually a decrease in security...