I've heard that there are issues with the security of fiber optic cables. What best practices should be implemented when using fiber connections?
Generally speaking, the issues surrounding fiber optic cable security are lower risk than those facing users of copper cable. Copper cables naturally produce electromagnetic emissions that may be easily tapped in a clandestine fashion, allowing attackers to intercept network packets and communications across the cables. Fiber optic cables, on the other hand, rely upon the use of light rather than electricity, and require more specialized equipment to tap them.
That said, the risk still remains that someone can tap into a fiber optic connection, and it would be extremely difficult to detect such a tap without conducting a physical inspection of the cable. Therefore, you should secure fiber in the same manner as you would secure copper media. Specifically, you should:
- Place all of your fiber runs in secure locations, wherever possible. Use a conduit to prevent damage to the cable and provide a layer of protection against those wishing to gain access to the cable.
- Pay particular attention to locations where the cable terminates. The easiest place to insert a tap is a location where the data is readily accessible, such as wiring closets, public areas, junction boxes and similar locations.
- Use encryption for sensitive data. The use of encryption adds an additional layer of security that protects enterprise data in the event an attacker does gain access to a fiber run.
In conclusion, treat fiber runs in the same manner as you treat your copper ones. If you are unable to guarantee the physical security of the media, use encryption to provide logical security.
Dig deeper on Network Device Management
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.