0

An application is running in a customer's environment on a single server and consists of a collection of Windows Services that communicate with each other using (unencrypted) TCP messages.

Although these messages can't be viewed across the network, I am conscious that someone could theoretically run a tool like Wireshark on the server and view the content of these messages. Is this a serious enough risk to warrant updating the application to encrypt these messages? Or is there another - possibly simpler - to protect against this threat?

David Brower
  • 123
  • 4
  • 1
    You could give the attackers an older version of Wireshark, or more specifically WinPcap, because until fairly recently it didn't work on the loopback interface (and as a developer debugging things this was a big pain for me). Oh, wait a minute .... – dave_thompson_085 Jan 28 '21 at 01:18

1 Answers1

2

If a user is able to install and capture packets with Wireshark, they must already have administrative privileges. If a user has administrative privileges, they can likely already tamper with your application in other, more serious ways.

If you don't want a user to have the ability to tamper with your application, do not give that user administrative privileges.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42