The physical securing and guarding of your enterprise data cabling may have been neglected, leaving your fibre optic network accessible to anyone who has a mind to it. With so many business concerns drawing management attention and funds to other areas of your operation, protecting your data cabling from hacking attempts may have fallen low on the list of your priorities.
But with methods available to hackers which can enable them to tap into a line of data cabling more quickly than installing an update on a mobile phone, it's time to start thinking about how to protect your fibre optic network. In this article, we'll be offering suggestions and best practices on how this can be achieved.
A Change of Emphasis
As the digital economy continues to grow and expand, fibre optic cables are being relied upon to shepherd huge amounts of data traffic across the Internet. Corporate security strategies have been largely focused on protecting information "at rest" - intellectual property, information on transactions and enterprise databases held in on-site data centres, or remotely in the cloud.
Little consideration has been given to protecting the information which is being transported via data cabling networks across the globe. And experience has revealed that even the robust and high-speed technology of fibre optics isn't immune to physical assault.
Lessons Learned From Copper
For years, it's been an accepted wisdom that networks based on copper wiring are inherently unsecured, due to the physical vulnerabilities of the transmission medium. After all, hacking an Ethernet copper cable system requires little more than peeling back its external sheath, splicing into its internal wires and feeding the signal to an external computer by using a set of tools or software that (these days) costs less than a cup of coffee.
Protecting a traditional copper wired network therefore requires actual physical security measures to be put in place to guard exposed cables from interference. Similar measures of physical security also have to be factored into the protection of data cabling, which is based on fibre optic technology. Early assumptions that it was safe to ignore the physical aspect have been proved wrong through the discovery of a series of successful attempts at hacking into fibre-based networks.
Hacking A Fibre Optic Network
High power margins are routinely factored into the transmission levels used in a fibre optic network to allow for problems with dust, the bending of fibres or any other issue which might cause a drop in optical power along the transmission line. These excess allowances have been known to mask the dips in power which occur when a line is tapped into and signals are extracted by hackers.
While it's possible to use physical tapping methods to hack a fibre optic network, it's not a particularly economical procedure. An optical splitter must be introduced into the fibre line. The main line must first be unplugged from its fibre port, then the splitter introduced into the circuit which can then be connected to an external system. A media converter or an optical Network Interface Card (NIC) allows all the data transmitted over the fibre to be read by the hacker. The equipment and software required run to about ₤8,000.
If the information being hacked into is potentially valuable enough, this expense may be worth bearing. More problematic for the hacker is the period of disconnection required to fit an optical splitter to the data cabling. If a fibre optic network has been configured to flash alerts when a signal goes down for any length of time, this could lead to early discovery.
The preferred method for hackers these days is a passive one which involves bending an optical fibre until a small amount of light leaks out of the data cabling – enough to be converted back into an electrical signal which may be mined for information. Having gained access to a cable, the attacker must use a micro-bend clamping tool to force the light leakage. The extracted light is directed through an optical photo detector, then to an optical-electrical converter, which typically passes the converted Ethernet signal to an external laptop for processing with packet sniffing software. All the kit required to do this may be had for around ₤900.
Keeping It Structured
In all cases, physical access to your data cabling may be the precursor to the hacking of your fibre optic network. Remote runs of cable which pass through tunnels or enclosures may be considered safe enough from such intrusion – but monitoring them to ensure that the cables aren't being interfered with is always a factor which should be budgeted for.
Closer to home, industry experts like the specialists at LG Networks advise the use of a structured cabling system – and rightly so. Structured cabling brings a logical and spatially efficient architecture to all the cables and connectors on your system. It also allows monitoring, surveillance and physical protection measures to be applied to your entire fibre optic network.
Keeping a close eye on the data cabling at your populated sites won't be enough to safeguard all the information you have in transit as it passes through more distant sections of your fibre optic network. And momentary dips or losses in power which could point to an ongoing attack might be dismissed as standard glitches, rather than the siphoning off of data streams. So measures must be taken to secure those cable runs which aren't under your immediate control.
Extending the Coverage of Encryption
Information in storage is now routinely protected by enterprise-wide schemes for data encryption. Scrambling data so that it can't be easily read makes the work of potential hackers that much more difficult – and since everyone loves an easy life, they're more likely to seek softer targets elsewhere.
This same kind of protection should be extended to the data you have in transit. There are a number of optical encryption solutions available for securing data as it passes through a fibre optic network - and consultants like LG Networks can advise you as to the best system to implement for your business.
Likewise, the team at LG Networks can guide you through the process of selecting a system to safeguard your fibre optic network as a whole.
Tools and services are available which offer intrusion detection and intrusion prevention at the physical layer of a network – including hardware, routers, data cabling and connectors. These systems identify any anomalies. They also alert network operators or administrators to optical events such as cable breaks, receiver overloads, losses of power, weak optical signals, data-signal losses and malicious intrusions.
A final option to consider in reducing the risk of attacks on your data cabling is to institute a programme of continuous monitoring. This may be set up to observe the optical power received by specific devices on the network and they can detect any event which changes that received power. Alerts and reports may be configured in response to any suspicious or anomalous activities observed.
Using dedicated hardware, implementing a monitoring scheme such as this on every network device would be unduly expensive. However, commercial services and equipment are available for more strategic monitoring of specific network resources, critical runs of data cabling and business-critical aspects of your fibre optic network.
If you'd like a consultation, or need to know more about structured data cabling or methods for protecting your fibre optic network from hackers.