If insecure protocols must be used, what is the recommended approach to data protection?

• A. All data transmission should be left unencrypted to save CPU.
• B. All data transmission should be encrypted.
• C. Encrypt only some packets randomly.
• D. Use plaintext plus a VPN as only defense.

Answer: (B)

When you must use insecure protocols, the protective approach is to encrypt all data in transit. Encrypting every bit of transmitted information ensures confidentiality and integrity even if the underlying protocol is weak, so intercepted traffic reveals nothing readable and tampering is detectable. Encrypting only some packets leaves gaps that an attacker can exploit, making it easier to capture sensitive data. Relying on plaintext plus a VPN as the only defense isn’t enough because parts of the communication can still leak information or be exposed if the VPN or its configuration is compromised. Implement robust transport or application-layer encryption (for example, TLS/SSL, IPsec, or a secure VPN tunnel) and manage keys and cipher suites properly to maximize protection.