Increase your network s security by making the right premise cabling decisions

Transcription

1 Increase your network s security by making the right premise cabling decisions André Mouton, Product Line Manager Benoit Chevarie, Product Line Manager August 2006 Revision 2

2 Increase your network s security by making the right premise cabling decisions. In recent years we have seen the networks of some of our most respected and powerful agencies and banks breached, often by company insiders. IT and Network decision-makers are tuning in to this important buzzword, as security affects all layers of their network. We have come to realize that security is everyone s' business; and that it is a never-ending task with no room for blind spots. The U.S. Government is taking the security aspect very seriously and has implemented a new department of Homeland Security. The Homeland Security strategy focuses on six mission critical areas: intelligence and warning, border and transportations security, domestic counterterrorism, protecting critical infrastructure, defending against catastrophic terrorism, and emergency preparedness and response. As a cabling manufacturer, our products are used to support services and applications in all of these areas but the one area where we are the most present is in the protection of the critical infrastructure. As per the department of Homeland Security, the critical infrastructure consists of all the sectors that provide essential goods and services that people need in order to survive; for example, food, water, public health, government, telecommunications services, banking, energy, postal services, emergency services and so on. Protecting this critical infrastructure is essential to public safety. Each sector is required to evaluate the level of security needed and elaborate a security and disaster recovery plan. It is important that these plans include a method of protecting the LAN and its physical infrastructure, since these are the physical pathways required to transfer vital data, voice and images. Beyond this Homeland initiative, are the problems that may be encountered on a more frequent basis; network tampering or failure resulting in costly downtime. Cameras, access control systems, intrusion detection systems and a multitude of other powerful tools may be used in an effort to increase the security of the enterprise and of their information network. However, most of these products do not always protect the enterprise against the internal threat. And as numerous studies show, most security breaches occur by someone within the Local Area Network (LAN). As for the physical infrastructure supporting the LAN, well, most IT Managers are doing their best to protect it by keeping it locked. Is this enough? Maybe for some of the most secure and isolated networks where access is strictly controlled and people working in the IT room have been carefully cleared. However, this level of protection is not implemented for most of today s installations. operation. Take the necessary steps towards security. The first step towards securing a network is to define the targeted level of security based on the perceived level of threat and the consequence of that threat. Once the desired level of security is defined, one must take it into account at every step of the network design, implementation and For the structured cabling infrastructure, it is during the planning and design phases that the most important decisions will be taken. The component selection and the choice of partners will play an integral role in the realization of the targeted level of security.

3 Structured cabling solutions choices At the network design level, one of the first choices to be faced is the choice of media for the cabling system: copper or fiber. A secure network can be designed with either of these media; both feature different strengths in the security equation. Here are the criteria that should be used when comparing the two media: Data throughput required Security achievable with the media Specific project needs Cost Copper solutions If the objective is to prevent accidental access or restrict access only to authorized personnel, a copper infrastructure is a very cost-effective choice. By selecting the right products and using them in a design where security features are implemented it is possible to build a copper-based cabling infrastructure that will optimize your security plan. To reduce the possibility of accidental access or intrusion, the policy of color-coding services can be an effective method of discouraging unauthorized people from disconnecting or moving a part of the critical physical infrastructure. As an example, this policy is often integrated for fire alarm services. Also, security features are often built into certain components. For example, an IDC cross-connect system is an ideal candidate for providing a secure installation that has a specific need for redundancy, manageability and robustness. Redundancy can be implemented very efficiently since the system offers very high density, can be wall mounted and it only costs a fraction of the price of a modular patch panel system. Secure manageability is one of the biggest features of the IDC system. The use of cross-connect wire or specific patch cords allows all patching to be centralized on a wall. Well-identified distribution and equipment fields will prevent patching mistakes. Access to making changes on the patching fields can be controlled by using Locking Covers, Special Service Guards (to protect individual pairs) or by controlling access to the punch down tools. Belden s Category 6 IDC system is the GigaBIX Cross-Connect Solution. It offers a very high-density layout with quick and error-free installation techniques. Very cost-effective designs can be made using either cross-connect wire or GigaBIX Patch Cords; both designs providing the best performance in the market. Since the copper infrastructure is rather easier to bug, the challenge to prevent malicious intrusion may be difficult to achieve unless the access to the network can be controlled with physical layer features combined with software features. The security level of copper-based solutions can be greatly improved using an Intelligent Physical Layer Management System (IPLMS). These systems monitor the physical layer and report unauthorized disruptions. See the section Choices of structured cabling surveillance systems for further details on Belden s IPLMS Solution. Fiber solutions While generally being more expensive due to the cost of electronics, Fiber Solutions have several advantages over copper in the security arena. Although tapping into a fiber system is not impossible, it is not an easy thing to do. Tapping into the fiber is easily detectable by the significant power loss of the light signal and can be monitored by specific equipment to provide maximum security. For networks requiring a high level of security, a fiber solution like the Fiber-To-The-Desk (FTTD) infrastructure and fiber backbones, will optimize the security plan.

4 Another advantage of a fiber network is the possibility of concentrating all the active equipment within the same telecommunications room by implementing a centralized fiber topology. By concentrating all active equipment in the same room, the access control and monitoring are facilitated. The purpose of Annex A of ANSI/TIA/EIA-568-B.1, Centralized optical fiber cabling, is to assist in the planning of a multimode fiber-to-the-desk cabling system utilizing centralized electronics versus the traditional method of distributing the electronics to the individual floors. Centralized electronics using the centralized fiber cabling topology allows for longer runs and reduces the number of telecommunications rooms thus limiting the number of potential intrusion points. To assure adequate flexibility and manageability with the cabling network, one must take the time to carefully plan and implement this topology. For example, one way to increase security in fiber networks is to physically segregate secure sections of the network by using products such as Belden s Secure/Keyed LC System. The various components offered in this product line allow network managers to efficiently design and build secure networks which offer restricted access to sensitive information to only those users who should have access. These products have been designed for the specific uses of government and military installations, but with security being such a prime focus these days, the use of these products can be applicable in segments of most of today s installations. The product line includes FiberExpress Manager Connector Modules, Patch Cords, Adapter Strips, Adapter Modules and field terminated connectors. These products are available with six different keying options, each carrying a different color to facilitate network administration. The patent-pending keying detail inside the components is tamper-resistant and can not be reproduced inside a standard LC adapter. All modules used in this product line are keyed both on the front and on the back to prevent installation errors and security breaches. Another way to control access to a secure site is to maintain the cabling infrastructure using local employees rather than bringing in outside technicians. A pre-terminated fiber system does not require specific fiber expertise and is quick and easy to deploy and maintain with local personnel. Its simple deployment also allows for a quick turn-around in case of an emergency. Fiber connection density is also crucial in secure installations where a lot of fiber terminations are used. Belden offers two pre-terminated solutions; the FiberExpress Bar and the Pre-terminated FiberExpress Manager Modules. Both solutions offer a high-capacity fiber termination solution and a quick and easy installation when parallel systems in disaster recovery applications are needed. Physical containment At all times, access to the cabling and network systems should be limited to authorized personnel only and be rigorously controlled. All spaces such as telecommunications rooms should be protected against intrusions by being locked and monitored by the security system for access control. Specific room signage should be used as dictated by the security plan of the building. Cabling should be routed through pathways and spaces that are not accessible by the public or by other tenants. The use of conduits or closed raceways may be use to limit access to the telecommunications cabling in pathways. These also provide security for when a special mechanical protection is required and/or the telecommunications cabling is going through public and accessible spaces.

5 Redundancy To reduce network vulnerability, a disaster recovery plan must be developed. One of the best ways this will be achieved is by adding redundancy to the network infrastructure. Redundancy will increase the reliability of the telecommunications network and contribute to the elimination of a possible single point of failure. The redundancy design should take into consideration active network as well as the telecommunications cabling infrastructure. Although redundancy incurs additional cost, it will increase the reliability and reduce the vulnerability of your telecommunications network. Reliability and vulnerability are two important considerations than impacts the security of your telecommunications network. Choices of structured cabling surveillance systems Once passive security components have been selected, structured cabling (fiber and copper) Intelligent Physical Layer Management Systems (IPLMS) can be used to protect the physical network. IPLMS are solutions that allow the IT manager to have real-time monitoring of the enterprise s physical network. Such technologies allow rapid detection of unauthorized disruptions and response, which is critical to any network security program. Belden has partnered with RiT Technologies to bring to market the IntelliMAC-Plus Intelligent Physical Layer Management Solution (IPLMS).This is a modular system that has been designed to be simple, efficient and dynamic. The IntelliMAC-Plus IPLMS, based on the PatchView technology, provides real-time management of the enterprise network. It reduces the total cost of network ownership by enabling IT departments to extract the maximum benefits of the system and equipment within tight operating budgets. The system achieves this cost reduction by improving response times to problems of unplanned downtime, redundant ports, inaccurate documentation, and inefficient maintenance. Beyond cost reduction, the solution addresses security issues by its ability to pinpoint the precise physical location of network devices and the web-based application makes it easy to manage remote sites from a central location. The main features of the IntelliMAC-Plus System Real-time retrieval of connectivity information 100% accurate documentation of all network connectivity Simple LED guidance for carrying out work orders for MACs Complete graphic representation of the exact location of each network asset Increased network security through maintaining tight, computerized control Business continuity; greatly reduced downtime Support for an unlimited number of ports Automatic mapping of all the PatchView monitored hardware Rack indicator lights make it easier to pinpoint correct rack in large communication rooms

6 Partnerships For high level security needs, the choice of key people and partnerships will make a difference in the quality of the product, the installation and maintainability of your network. Network vulnerability translates into network downtime. An experienced and qualified team along with the best cabling products in the market, proper cabling design, quality installation and good administration will translate into high performance, quick turnaround and a higher level of security. For example: The choice of a manufacturer with a recognized expertise in the telecommunications market for cabling and connectivity manufacturing in both copper and fiber product lines will give you breadth of choice in order to optimize your design to suit your targeted level of security. The choice of highly trained designers and installers will provide a high quality installation and technical support for the design, implementation and maintenance of your structured cabling infrastructure. The choice of the customer s authorized personnel that can access the pathways and spaces, the telecommunications cabling infrastructure and active equipment should be based on individual trust and experience. In the case of a failure or network disruption, proper management of the structured cabling system will become essential for a quick turnaround. Proper training, consistency and a high level of discipline will be required to maintain the telecommunications structured cabling to a disaster recovery level. Conclusion Planning for a secure network starts from the ground up. Security affects all levels of the network including the structured cabling infrastructure. Proper consideration and selection of the structured cabling media, components and partners will participate in the success of overall security strategy.