Penetration Testing mailing list archives

Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs

From: "Rembolt, Dan" <Dan_Rembolt () RMIINC COM>
Date: Tue, 24 Oct 2000 17:03:31 -0700

'Switch' type sensors would be pretty easy to defeat.   Just jumper across
the contacts if they are normally closed under pressure, or stick a pin
through the two strands of wire.    I used to do that to test overtemp
sensors on some equipment I worked on back in the dark ages about 30 years
ago.    If the sensor put out a linear signal which was received by a
decoder then it would be harder to defeat, but that type of sensor would
be a lot more expensive also.      Whatever you can think of, someone can
think of a way around it.   I think the real advantage of putting
wiring/fiber inside conduit is to make it less susceptible to accidental
damage, such as someone crawling in the wiring tunnel  or animals chewing
on the insulation etc.   If you try to pressurize a pipe over a long time
you are probably going to have to spend some money on maintenance as it
will probably leak after awhile.




Peter Gamache <peter () LUNO ORG>
Sent by: Penetration Testers <PEN-TEST () SECURITYFOCUS COM>
10/24/2000 02:36 PM
Please respond to Penetration Testers


        To:     PEN-TEST () SECURITYFOCUS COM
        cc:
        Subject:        Re: How secure is an ISDN line? Fibre Optic TAPs
"van der Kooij, Hugo" wrote:

On Tue, 24 Oct 2000, Talisker wrote:

"OC-# - OC-1,2-48 etc.. Any fiber optic medium is going to require you

to

split the fiber itself at some point and redirect the signal into a

third

party tap. From there you will once again have to reconstruct the data
stream from the multiplexed/frame encapsulated data within.. this

applies to

almost any type of carrier."


I just saw some mentioning of using quantum level signaling to prevent
taps. As at this level you can't inspect a signal without altering it.

So

a good CRC check would notice tampering with the transmission.


I've only had one client who cared about fiberoptic security (it's outside
the
reach of most folks these days, and they didn't understand that their
competitors
aren't 14-year-olds with 486's) - and I advised them of a very simple
tactic: Put
the fiber within a metal pipe, then fill the pipe with air, under
pressure.  Once
the pressure is applied and the pipe sealed, a pressure sensor at either
end can
easily tell you of a physical security breach.  I thought of this after
the
installation, but an even better idea (to prevent rust within the pipe) is
to
pressurise the pipe with pure nitrogen gas instead of air.

Can anyone see a way to get past the nitrogen/pressure sensor defense?

- Peter

Current thread:

Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Rembolt, Dan (Oct 26)
- <Possible follow-ups>
- Re: [PEN-TEST] How secure is an ISDN line? Fibre Optic TAPs Alexander Sarras (SEA) (Oct 26)