Strong preemptive encryption solutions need to be deployed on fiber-optic networks

(03/08/2009)

A new IDC Technology Assessment has been released that highlights the dangers of illegal optical tapping on mission critical and sensitive information as it passes over fibre optic networks.

The report entitled, "Fiber Optic Networks: Is Safety Just an Optical Illusion?" by IDC Research Analyst Romain Fouchereau states, “Fiber-optic cable networks have been deemed the fastest, most reliable, and most secure way of transporting data through the network for decades. This reputation has now been proven wrong for several years with the arrival of new and inexpensive technologies making data theft easily available to hackers.”

Fouchereau, a specialist in firewall/VPN, IDS/IPS, and unified threat management, believes, “Corporate espionage is real and needs to be seriously taken into account in the security plans for every organization. Securing the inside network is not sufficient enough, data going from one site to the other can be intercepted and this security gap needs to be addressed.”

The report sites examples including a taps on the optical networks of Verizon and Deutsche Telekom as well as a major optical hack and data breach at the Hannaford supermarket chain that resulted in the theft of around 4.2 million credit and debit card details.

Fouchereau states, “As it is impossible to monitor the entire optical fiber network, the only real preventive solution to protect information is to encrypt the data before it goes through the network. At this point, the only thing that will prevent information from being poached for industrial espionage is if the encryption renders the data acquired unusable by the hackers.”

“Due to the sensitive nature of the information carried - being from financial institutions, insurance companies, public administration, or in the pharmaceutical and chemical industries - it is paramount that the privacy and reliability of the information carried are guaranteed, as the stakes and risks involved are high.” He adds.

Thomas Meier, CEO of InfoGuard, a leader in high-performance encryption solutions, commented, “This report is good for the business community as a whole as it states in clear and unequivocal language that high risk firms need to protect data in transit, especially as more organisations share resources to achieve new business processes or meet compliance requirements.”

“Optical hacking has been around for many years but few people are prepared to openly talk about the fact that fibre optic links are not as secure as the service providers would like us to believe,” Meier adds.

Fiber-optic cable networks have been deemed the fastest, most reliable, and most secure way of transporting data through the network for decades. This reputation has now been proven wrong for several years with the arrival of new and inexpensive technologies making data theft easily available to hackers.

In sectors such as banking, insurance, pharmaceutical or government, the data transmitted is of the utmost sensitivity and could have disastrous repercussions if it fell into the wrong hands.

With tapping and hacking technologies becoming easily available to anyone, tapping into fiber cables with very little chance of being detected is becoming easier than before. Most of the networks' cabling is relatively easy to access due to maintenance requirements and often only protected by very weak mechanical means. Once the targeted fiber-optic cable is acquired, hacks on optical networks are achieved by extracting light from the ultra-thin fibers.

There are three main types of optical tapping methods:

- Splice method
Splicing is the most common method to tap into the optical fiber - a break is made into the cable by the device, which can then be used to monitor data. Most carriers have preinstalled Y-bridges or splicepoints on their fiber networks for maintenance purposes. Hackers can easily abuse these maintenance points.

- Splitter/Coupler method or curve method
By bending the cable, a small amount of light will escape from the fiber. A hacker with the appropriate photo-detector equipment can then capture this light and the data it carries. Equipment and tools necessary for using this method is readily available and commonly used by maintenance technicians.

- Non-touching optical tapping method
Sensitive photo-detectors are placed around the optical cables. These detectors are used to capture the small amount of light that naturally radiates off the cables (called Rayleigh scattering). Hackers can get the information without physically touching the fiber or even the light signal itself.

Once a successful tap has been accomplished, a packet sniffer - software that records, monitors, and analyzes the data - can be used to capture all data transmitted. Readily available spectrum analyses even make users of optical multiplexing techniques, such as wavelength division multiplexing (WDM), vulnerable to attacks.

As it is impossible to monitor the entire optical fiber network, the only real preventive solution to protect information is to encrypt the data before it goes through the network.

The full report is available to the public at www.IDC.com

Related topics:  Data management and data security   Hacking and intrusion prevention   Knowledgebase 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources