J Wolfgang Goerlich's thoughts on Information Security
Essential Insecurities Part 2 -- Cabling

By wolfgang. 25 October 2002 08:18

Let’s talk a bit about cabling. In particular, twisted-pair copper versus Fibre. One of touted benefits of Fibre cables over Twisted-pair is that you cannot eavesdrop on the data communications. However, again, forget about confidentiality. The data can still be captured from the end-points; from switches and routers. No, if you can afford the cost, the benefits of Fibre is that it is fast and that it fails cleanly.

Fibre natively supports 1 Gbps transfer speeds. 1 Gbps has been achieved with CAT5, however, the frequencies needed exceed the cable’s ratings. Put another way, it may be possible to get close to 1 Gbps on Twisted-pair but the network will be dropping packets. This means data integrity issues. So best to stick with 100 Mbps on CAT5.

Fibre also fails cleanly which, at first, might not look like a benefit. Twisted-pair can be physically damaged and yet continue transmitting traffic. This results in sporadic problems like corrupted communications, network drops, or poor performance. These are difficult to reproduce and time consuming to repair. It might take days before the bad cable is identified. Fibre, when physically damaged, stops transmitting altogether. This is immediately noticed and therefore can be quickly identified and replaced.



Essential Insecurities Part 1 -- Introduction

By wolfgang. 18 October 2002 05:48

Functionality equals vulnerability. Networks connect computers to share information and resources. That is the functionality.  Once connected, what is shared is no longer private and protected. That is the vulnerability. An unplugged computer is secure. By contrast, a networked computer is vulnerable. There you have it.

The vulnerabilities, generally speaking, are that shared resources may become unavailable, corrupted, or shared with the wrong people. So we put in the network to facilitate business and then mitigate the risk by maintaining on availability, integrity, and confidentiality.

These three areas are common in all types of networks. Now, the major classifications of networks are Lans, Wans, Mans, and Pans. That is, respectively, Local Area Networks, Wide Area Networks, Metropolitan Area Networks, and Personal Area Networks. All four can be broken. All four can lose data or eat emails. And, of course, all four can leak confidential information. 

In fact, at the network level, it is best to assume no confidentiality. Sure, there might be some in Lans. But this can be broken. If you are going out over a Wan link, you have no control over the equipment. There is no guarantee that someone is not reading your data. In fact, according to the news lately, there is a good chance that someone is reading your data. Address confidentiality issues at higher layers, and focus on network availability and integrity.



    Log in