[115003] in North American Network Operators' Group
RE: Fiber cut - response in seconds?
daemon@ATHENA.MIT.EDU (Deepak Jain)
Tue Jun 2 16:27:35 2009
From: Deepak Jain <deepak@ai.net>
To: Charles Wyble <charles@thewybles.com>, David Barak <thegameiam@yahoo.com>
Date: Tue, 2 Jun 2009 16:27:06 -0400
In-Reply-To: <4A258056.4060804@thewybles.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
=20
> Really? The US Military uses a whole lot of wireless (satellite, ground
> baed, surface to air) links. Those links can be sniffed (by people with
> sufficient motivation/funding/gear to do so). They rely on encryption
> to
> protect them.
Which is why, if you have a satellite, you often position DIRECTLY over the=
antenna you are sending to, and using lasers (rather than other RF) to com=
municate with it. Likewise, if you want to maintain this kind of security (=
and reduce the ability to sniff) you do this in space as well. Highly colum=
nated photons are your friend.
Encryption helps, but if it was sufficient in all cases, you wouldn't go to=
such extremes.
This (in a much more NANOG related way) has ramifications for those selling=
/operating Wi-Fi, WiMax, P2P and FSO wireless links and trying to do *comme=
rcially important things* -- like finance.
The idea here is that fiber is FAR more secure than copper because almost e=
verything you want to do to fiber, you can do to copper, but from a further=
, less physically-in-contact distance.=20
Another idea is that commercially operated networks have lower standards fo=
r data security (but not necessarily data *integrity*) that intelligence *o=
riented* applications/networks.=20
The idea of installing a tap on an encrypted line to do traffic analysis is=
all very interesting, but no one mentioned the idea that at a critical tim=
e (such as an attack) you could easily DISRUPT vital communications links a=
nd prevent their function [and their protected paths]. Security cannot exis=
t without a level of integrity. Most commercial networks only need to conce=
rn themselves with integrity and let their customers deal with the security=
of their own applications.
Commercial networks are a great study of "highly" (in the commercial sense)=
secure data traversing over LSAs (lower sensitivity areas) with lower cont=
rol thresholds [think poles, manholes, etc]. The data is highly secure to a=
ny particular customer, but in the commercial sense, it's almost always los=
t in the noise. When a business entity crosses that threshold (e.g. the Fed=
eral Reserve banks or a transaction clearinghouse) where their data is *wor=
th* getting at no matter how much sifting has to go on... you see extraordi=
nary measures (e.g. properly implemented obfuscation, or what have you) imp=
lemented.
Deepak Jain
AiNET
