Solution Physically Protects Network Conduit and Raceway
Fiber optic cable security technology carries a lower risk when compared to copper cable. Copper cables are affected by environmental conditions including EMI and RFI, and they naturally produce electromagnetic emissions that can be tapped. This allows attackers to intercept network packets and communications across the cables. Fiber optic cables, on the other hand, rely upon the use of light rather than electricity, and require more specialized equipment to tap them.
That said, the risk still remains that someone can tap into a fiber optic infrastructure connection, and it would be extremely difficult to detect such a tap without conducting a physical inspection of the cable. Therefore, it is recommended that IA managers and security designers secure fiber in the same manner as you would secure copper.
Here are a few guidelines:
For commercial installations, place all of your fiber runs in secure locations, wherever possible. Use a conduit to prevent damage to the cable and provide a layer of protection against those wishing to gain access to the cable.
Network designers should pay particular attention to locations where the cable terminates. The easiest place to insert a tap is a location where the data is readily accessible, such as wiring closets, public areas, junction boxes and similar locations. From an overall security standpoint, it is important to use encryption for the protection of sensitive data. The use of encryption adds an additional layer of security that protects enterprise data in the event an attacker does gain access to the fiber.
In the context of classified DOD networks, there are many areas where the use of encryption is un-wanted. Protected Distribution Systems (PDS) is a system of carriers (conduits, ducts, etc.) that are used to distribute Military and National Security Information (NSI) between two or more controlled areas or from a controlled area through an area of lesser classification (i.e., outside the SCIF or other similar area). PDS is required where the data packets are not encrypted.
National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 7003, Protective Distribution Systems (PDS), provides guidance for the protection of SIPRNET wireline and optical fiber PDS to transmit unencrypted classified National Security Information (NSI). SecurLAN is an approved and certified solution for the "Alarmed Carrier".
It is also important to consider this: Today, there is simply no way to provide 100% protection. As events have recently shown, it's not just the bad guys on the outside trying to gain access to your information; organizations must also be mindful of the insider threat. The best approach is a multi-layered approach to protecting systems. It starts at the outer most perimeter with firewalls and network intrusion prevention systems. Systems should be segregated so that a failure in one area does not expose all systems. Servers also need their own end point protection including host intrusion detection, malware protection and data encryption (where applicable).
>>> Read More about SecurLAN®: Physical Network Scurity
Fiber SenSys, Inc. (FSI) has produced a very informative series of Tech Tips and Application Notes, which further explore best practices and technical guidelines that are relevant to a recommended technology solution. These documents are available through this website. We invite you to register and login to gain access and download as necessary.