Many countries are looking to roll out optical-fibre connectivity to support next-generation broadband access, giving download speeds of 100Mbit/s with low latency and greater upload capacity than is associated with conventional asymmetric digital subscriber line (ADSL) technology.
Carriers, ISPs and large corporations, especially financial services firms, use a large amount of optical-fibre connections and the security of those connections needs to be locked down.
Such concerns are addressed in a recent report on optical network security by IDC research analyst Romain Fouchereau. Entitled: Fibre Optic Networks: Is Safety Just an Optical Illusion?, the report discusses what firms need to consider when thinking about how to secure fibre-based networks.
The report references several examples of optical network hacking - perhaps the most serious commercial example was when US security forces found a device illegally installed on carrier Verizon's optical network. The placement appears to have been designed to eavesdrop on a mutual fund company, shortly before it released its quarterly financial figures.
"Remember this happens more than organisations want to admit, and there's a lot of hacking that goes unnoticed," said Fouchereau.
Firms spend huge amounts of money to protect their networks.
"It's a pity if all this money is going down the drain because they're not protecting the fibre part of the network transmitting all the data," said Fouchereau.
The report details the three main methods used for siphoning off data from optical fibre connections.
The first technique, and the crudest, involves physically cutting the cable and splicing a device into the fibre that can be used to pick up the data, and transmit or re-route it somewhere else.
"This is the oldest and most traditional way of collecting data from fibre networks," said Fouchereau, explaining that there was a possibility of alert IT administrators seeing that something was happening and taking remedial action.
The other two methods involve devices for collecting light emitted by optical fibres, allowing hackers to reconstruct the data. Bending the fibre and picking up stray light emission is one possibility. The other is more elaborate, said Fouchereau, and involves putting a photosensor around the cable and measuring scattered light, to rebuild the data.
Fouchereau advises IT leaders to take fibre network security very seriously.
"It's like you put an alarm in your house and then leave the back door open. It doesn't make much sense to protect one side of the network without protecting the rest," said Fouchereau.
To lock down optical networks and reduce the risk of data theft, Fouchereau points to a handful of security vendors who have products for end-to-end data encryption. These appliances can encrypt using key sizes of 128- or 256-bits using Advanced Encryption Standard (AES) with maximum data transmission rates.
But Rob Bamforth, Quocirca principal analyst for communications, said that while taking data from optical-fibre data transmission was more than just a theoretical possibility, there are still challenges for would-be hackers.
"How accessible is the fibre?" he said.
"Many companies, especially carriers, put systems in difficult to reach places, for example buried alongside gas mains."
Another problem for hackers, said Bamforth, was that optical fibre can be enabled with different types of equipment. "This can vary quite significantly, so some knowledge of the specific systems used would be required," he said.
Bamforth pointed out that even hackers would look at return on investment for their activity.
"If the effort is too great for the value returned, they'll move on to a more vulnerable target," he said.
"But it might be wise to iron out simpler-to-attack vulnerabilities elsewhere first".
Bamforth said that firms should wrap full encryption and authentication around the things they really want to protect.
Analysis: How secure is an optical-fibre network?
By Dave Bailey on Aug 7, 2009 7:06AM