In order to properly secure your electronic communications, you first need a basic understanding of the path your text messages, for example, take to get from your fingers on the keyboard to your friends’ or family’s eyes. This won’t be an in-depth, technical explanation, as the architecture behind each service provider is different. This will, however, give you enough of a map to determine at which point you should be placing the protections on your communications.
I will be presenting a written explanation of each means of communication and examples they apply to. I’ll also be providing a simple diagram, followed by an explanation of the places where these communications are under your control, and where you lose control of the data. This is important, because you want to keep your security (encryption), and your keys on the part of the map that you control.
Telephone is one of the earliest forms of two-way electronic communications that was widely available, is still commonly used, and is relatively easy for you to secure. This includes landline phonecalls, cell phone calls, and internet connected phonecalls. This does not include video or voice chat using apps like facebook messenger, facetime, snapchat, etc. as these all operate slightly differently.
The above diagram illustrates the key points of control that are important to keep in mind if/when you decide to secure your communications.
Computers are another means of communication that can be a bit more nuanced, but generally these are still fairly easy to secure once you understand what you’re doing.
This is a very important concept; with smartphones having become a vital part in everyone’s daily lives, everyone should realize that their phone should be treated simply as a small computer with a phone number (and this is how most people use them anyway).
At their core, computers operate on the same level that phones do, with an a few added layers. Let’s start with the most basic, highest level view of how computers communicate:
At the most basic level, your computer talks to a website, which sends your computer information, which it uses to show you your search results, social media feed, websites, or chat group. The connection to the ISP varies, depending on whether you’re using a smartphone (cell tower), your desktop computer (plugged into your router or modem), or a laptop (probably on your wireless router). Even many televisions operate the same way, most gaming console, and the occasional fridge, washer, toaster, or coffee maker follow the same basic principle: there is a small computer inside which sends information over the internet to something on the other end.
The nuances come into play right at the portion of the diagram labelled “Your PC” and the connection to the internet. There are multiple parts of the equation here, which I’ll break down in the next diagram.
“Wait, you can’t expect me to learn about protocols!” Not to worry, I’m not going to dig too much into different protocols in this series. The important thing to understand about those is just that they are another layer that your computer uses to talk to other devices. This will vary depending on what you’re using, and will be up to you to find out about when it comes time to start securing things. We’ll also ignore cases where you just get a Modem without a router for now, as this is no longer commonly used, and is not really recommended if you want a secure setup. I will go over this setup in a later portion about actual security implementations.
You do need to know that inside your computer, the application you’re using, whether it’s your favorite web browser, online game, or an app on your phone or TV, is doing a lot of things separate from the rest of your computer. This is the thing you’re looking at on your screen, and is a separate layer when it comes to security. The application then uses a specific protocol (just an all-encompassing word for all the rules the app uses to talk) to talk moving forward, which is another layer, before the actual 1’s and 0’s of information leave your device.
If you’re on a smartphone using 4G, from here on out the same general rules apply as a smartphone call (cell towers take over). In your home, there are a couple more layers to look at.
Most people get a “router” from their ISP when they sign up for internet. This is actually usually a combined device in most current applications, shown in the diagram as a dotted box. We’ll call this example an “ISP Router,” and actually has a couple of different devices inside of it, most importantly a Router and a Modem. The Router is the part that will connect to your device, using a cord or Wi-Fi. The Modem is the part that talks to your ISP and actually sends the data, among other things.
Some people, particularly people who are a little more tech savvy or want better performance or control, get their own Router and will plug this into the box provided by their ISP. We’ll call this a “Personal Router,” and if you have this setup and want to apply it to the diagram above, simply ignore the dotted box mentioned in the previous paragraph.
After this, the data is then sent by the Modem to your ISP via your cable plugged into the wall, and sent to internet.
Whew! That’s a lot of information, and this is why computers, smartphones, and the internet are so much more complex (not to mention heavier) than your run of the mill house phone. The important takeaways from this are just to remember that you have some level of control over many of these connecting points, and you can use that information to make sure you’re locking down the right parts of your network and know what kind of protection you can expect from those protections. Just as you wouldn’t expect your entire house to be safe by installing a lock on your bedroom door, you wouldn’t expect certain levels of protection by only locking down earlier parts of your transmission.
In my next post in this series, I’ll be going over some examples of ways hackers can and have broken each point, and what kind of information they could get from those attacks, along with what kinds of nasty things those guys could do with that information. Stay Tuned!