I've heard that there are issues with the security of fiber optic cables. What best practices should be implemented
when using fiber connections?
Generally speaking, the issues surrounding fiber optic cable security are lower risk than those facing users of copper cable. Copper cables naturally produce electromagnetic emissions that may be easily tapped in a clandestine fashion, allowing attackers to intercept network packets and communications across the cables. Fiber optic cables, on the other hand, rely upon the use of light rather than electricity, and require more specialized equipment to tap them.
That said, the risk still remains that someone can tap into a fiber optic connection, and it would be extremely difficult to detect such a tap without conducting a physical inspection of the cable. Therefore, you should secure fiber in the same manner as you would secure copper media. Specifically, you should:
- Place all of your fiber runs in secure locations, wherever possible. Use a conduit to prevent damage to the cable and provide a layer of protection against those wishing to gain access to the cable.
- Pay particular attention to locations where the cable terminates. The easiest place to insert a tap is a location where the data is readily accessible, such as wiring closets, public areas, junction boxes and similar locations.
- Use encryption for sensitive data. The use of encryption adds an additional layer of security that protects enterprise data in the event an attacker does gain access to a fiber run.
In conclusion, treat fiber runs in the same manner as you treat your copper ones. If you are unable to guarantee the physical security of the media, use encryption to provide logical security.
Dig deeper on Network Device Management
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.