Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs

[Talisker <Talisker () NETWORKINTRUSION CO UK>]

"OC-# - OC-1,2-48 etc.. Any fiber optic medium is going to require you to
split the fiber itself at some point and redirect the signal into a third
party tap. From there you will once again have to reconstruct the data
stream from the multiplexed/frame encapsulated data within.. this applies to
almost any type of carrier."

Data can be recovered from fibre optic without splicing, there's a tool that
strips the cladding and bends the fibre so the light (and data) refracts out
leaving sufficient light to reach it's target

countermeasures -
    An alarmed optical receiver whichs alerts when the recived light falls
below a threshold  this is expensive and prone to false positives

    OTDM Optical Time Domain Reflectometer, this nifty gadget will draw a
graph of losses over distance, periodic comparisons will show TAPs moreover,
it will give you an indication of where the TAPs are.  This method is also
expensive, time consuming and in order the do the comparison the fibre has
to be taken off line and it is still prone to false alarms ie a nick in the
fibre when you trap it in the trunking will look like a TAP

Bottom Line - If your data within the fibre is valuable, site it in visible
trunking then seal the trunking and check it regularly for entry -
incidentally you can now get transparent trunking.

Please note I have heard rumours of a tool that doesn't need to strip the
cladding anyone have any further info ??

Andy
http://www.networkintrusion.co.uk Talisker's comprehensive IDS & Scanner
List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "John Brand" <jbrand () ARL ARMY MIL>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Monday, October 23, 2000 8:45 PM
Subject: Re: [PEN-TEST] OT - How secure is an ISDN line?


> If I remember from my 30-odd years ago basic optics course, total internal
> reflection operates by formation of an evanescent wave, a standing wave
> which decays exponentially away from the dense medium.  That could be
> tapped, as a lab demo, by a fiber needle or a spherical surface cozied up
> to the reflecting interface, which allowed the evanescent wave to sort of
> "detach" itself and propagate (leak) into the tapping dense medium.  You
> didn't have to actually make contact.  If that holds for fiber guided
> waves, might one tap the fibers that way?  It would weaken the transmitted
> signal, but if care were taken perhaps not unduly.
>
> Hardly worth a well deserved trip to the slammer to find out, though.
>
> My 2 cents.  Sorry if I am all wet.  They say the memory goes first.  Hate
> to think what might be next.
>
> regards,
> john b.