Information technology security, a word that’s so distant but discussed frequently everyday especially in the business world. What exactly is information technology and what role it plays in daily business settings? A thousand answers may be given by a thousand different interviewees. By definition, “information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.” Simply put, information technology security is a way to prevent your data from being accessed by identities you are not intended to give. However, information technology is an extremely broad topic, involving tons of different components. In this blog, the primary focus is on network security, a type of security designed to protect the usability and integrity of your network and data.
Virtual Private Network
VPN is used widely used in the corporation to protect its data traffic between employee’s devices outside of the corporate network and the servers within the corporate network. VPN extends a corporate network through encrypted connections made over the Internet, which means data was encrypted at the data link layer and network layer through different symmetric and asymmetric encryption technics, such as RSA, SHA, and SSL. Because the traffic is encrypted between the device and the network, traffic remains private as it travels. However, VPN only creates a tunnel between endpoints and servers, it is not able to encrypt information such as IP addresses and some activities monitored by your internet service providers.
Tor stands for anonymity network, s free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Tor is using a specific type of network routing technic called onion routing. Tor didn’t encrypt the data being transferred but simply encapsulated the data in layers of encryption.
Let’s take a step back, as you all may know, for a message to be delivered from source to its destinations, the message has to be sent from the device, traverse different routers(connecting point) and routes(cables), and then arrive its destination, similar to a physical package being sent from one city to another city, with freeways and connecting hubs. What’s special about onion routing? Similar to onions that have a lot of layers, data(the core of the onion) is being encapsulated with these layers of encryption. Whenever a message arrives at a router/connecting point, a layer is “peeled” so that the connecting point understands where is the next router/connecting point to send the message to. Since each connecting point/router only understands the next and the previous router/connecting point of this message, it is neither able to figure out its destinations and sources nor able to have an overview of the routes the message traversed.
Thus, Tor is an incredible privacy tool, while VPN can increase privacy by encrypting the data. Use them together would provide incredible security for corporate users.
VPN and Tor can be used in business in three main ways: to support basic information processing tasks, to help decision-making, and to support innovation. Information technology security is used to help streamline tasks from computing and printing payroll to creating presentations. The financial department is using information technology security to assist in sending sensitive data for analysis and protecting data from being manipulated and monitored by threats. The business also uses information technology to save customers’ data. Network security plays an important role in all of these business cases.
However, there are also drawbacks and risks of using top security measures to protect its data. The first and foremost one is efficiency and speed. With all of these complicated security placed on top of the data being transferred, large computation power and time is needed to make encryption and decryption. If the data being transferred is time-sensitive, companies may consider balancing its efficiency and security.