Tuesday, September 13, 2011

Security+ Topic - Cabling

We all know that fiber is the ideal choice for cabling security for obvious reasons. Here I would like to beyond the textbook answer of being light instead of electrical impulses. In order to get the full picture there must be an understanding of how the signal travels through the wires. In our day-to-day cabling we use copper and that does great for our needs. If we were to run fiber to all of our nodes then it would get extremely expensive. These electrical signals flying down the wire have some inherent problems that must be addressed though. What you learn about in school is the need to not have these wires around light fixtures and other items that would be a problem for your electrical signals.


The TEMPEST project is where the United States Government worked on methods to be able to shield cabling against the loss or interference to/from outside sources. Having top secret data on your network leaking out would be a very bad thing and so these standards were developed to help mitigate data leakage. The TEMPEST program is now the standard for shielding protection against levels of EMI or RFI and any product wishing to claim they are compliant must go through rigorous testing. Generally speaking, the cabling cost almost double to regular cabling.


How can the shielded cabling help your network?


In a sabotage example there are clear benefits to be had with shielded cables. Take for example a company that has a shared server room. Many of the cables that run to the internet service provider will run outside of isolated caged sections or locked server cabinets. If an attacker were able to identify a power over ethernet run they could tap into it and place a small motor near your uplink lines. This type of denial of service would distort the signals going to and from the ISP leaving you with minimal throughput and possibly taking out the connection all-together. While this attack would be very hard to mitigate it is also something that is very specific and very hard to put into place. I would say to worry about other parts of your network before going down to your server room everyday to check the wires.


I want to focus here on the wireless side of “cabling” also. Many internet service providers are transmitting their uplink connection to businesses via wireless access points. These are not the same access points you have in your house but are very similar in nature. They still run on 2.4Ghz or 5Ghz meaning they are still susceptible to a large range of interference. In the example above with uplink sabotage, say the business is running a wireless internet service provider connection. As a competitor, I could easily place something near your uplink bridge that would interfere with your signal. I could be in a van in the parking lot or near the tower that you make a connection to. Either way it would be very difficult to detect where the problem is coming from.


Wireless connections have their place and I am not saying to rule them out completely. Wired connections will be king for a very long time due to security and speeds available. Keep these in mind if your company is in the position to have to worry about mitigating attacks on the physical level.

-- Joe McShinsky

No comments: