Cryptography in optical networks. Is your data safe?
It is widely believed that fiber optic links are much more secure than those made on the basis of copper infrastructure because they do not produce an electromagnetic field and therefore there is a belief that they are more resistant to eavesdropping. Unfortunately, this is not the case.
Recent years have shown that fiber optic cables can also be tapped relatively easily. As a result, more and more companies, and especially financial and government institutions, are putting much greater emphasis on data security, also those transported by optical systems. For IT network administrators, one of the main priorities is to build secure networks, in the sense of reliable ones.
For this purpose, they use wave propagation technology, they build independent optical paths, implement automatic switching methods to backup paths, and all so that in the event of a fiber or a single device failure, all data is always available. So the question arises, in this pursuit of increasing bandwidth, shorter switching times and increasing availability, has data security missed somewhere in the sense of confidentiality and integrity?
Cyber attacks are a threat to any business today. Fiber optic can be eavesdropped and extract information from it using relatively simple and easily accessible tools. This means that having optical links is no longer a guarantee of data security.
Help us protect sensitive information encryption methods, previously used by military and intelligence services. When we delve into the topic, it turns out that we have to face several key challenges.
First, data encryption must take place without loss of information, be transparent and allow full bandwidth. We must also not forget the issue of delays, which is crucial especially for the financial industry.
The second challenge is the need to comply with the regulations governing the protection of sensitive information. And finally, the third issue, which is how to connect it to the existing infrastructure, No need to exchange links or equipment in the company's infrastructure.
For an encryption solution to provide a high level of security in the fiber infrastructure, it must therefore combine cryptographic data flow protection, a firewall, secure management protocols and monitoring of optical link parameters. Only such a combination will ensure Three key safety features:
- confidentiality — protection of information from disclosure to unauthorized persons,
- data integrity — ensuring that the data has not been modified in any way,
- authentication — confirming that the “parties involved” are who they claim to be.
It is also necessary to provide administrators with constant information on the parameters of the optical link, since their sudden deterioration may indicate the installation of wiretapping. This makes safety of the first layer jis a key part of the entire cyber security solution.
Taking into account the above requirements and supplementing them with specific guidelines and standards, we get a set of requirements for the encryption platform. These include: Layer 1 encryption with a key of at least 256bit (GCM-AES-256), NIST FIPS 140-2 and NSA Suite B compliant, support protocols such as 1/10/40/100Gb Ethernet, 4/8/16/32G Fibre Channel, and OTU2/3/4.
So what solution do you need to secure your data?
- Do you want to build an xWDM network from scratch with data encryption?
- Need to encrypt your data and dump it into an existing xWDM network?
- Or do you need to build a secure point-to-point connection?
In summary, the layer-one encryption solution is independent of the application and the SAN/LAN hardware used, which makes it economical and easy to implement solution. It allows integration with existing xWDM infrastructure and can be flexibly added without affecting existing services.
A good network, it's a safe network! At Salumanus we support our Partners by helping them build good ICT networks.