Fiber cut in SF area
sronan at fattoc.com
Sat Apr 11 09:59:05 CDT 2009
An easy way to describe what your saying is "Security by obscurity is
On Apr 11, 2009, at 8:31 AM, Joe Greco wrote:
>> JoÂ¢ wrote:
>>> I'm confussed, but please pardon the ignorance.
>>> All the data centers we have are at minimum keys to access
>>> data areas. Not that every area of fiber should have such, but
>>> at least should they? Manhole covers "can" be keyed. For those of
>>> you arguing that this is not enough, I would say at least itâ€™s a
>>> Yes if enough time goes by anything can happen, but how can one
>>> argue an ATM machince that has (at times) thousands of dollars
>>> out 24/7 without more immediate wealth. Perhaps I am missing
>>> something here, do the Cops stake out those areas? dunno
>> The nice thing about the outdoors is how much of it there is.
> Cute, but a lot of people seem to be wondering this, so a better
> is deserved.
> The ATM machine is somewhat protected for the extremely obvious reason
> that it has cash in it, but an ATM is hardly impervious.
> There are all sorts of strategies for attacking ATM's, and being
> susceptible to a sledgehammer, crowbar, or truck smashing into the
> unit shouldn't be hard to understand.
> Most data centers have security that is designed to keep honest people
> out of places that they shouldn't be. Think that "security guard" at
> the front will stop someone from running off with something valuable?
> Maybe. Have you considered following the emergency fire exits
> Running out the loading dock? Etc?
> Physical security is extremely difficult, and defending against a
> determined, knowledgeable, and appropriately resourced attacker out to
> get *you* is a losing battle, every time.
> Think about a door. You can close your bathroom door and set the
> lock, but any adult with a solid shoulder can break that door, or
> with a
> pin (or flathead or whatever your particular knob uses) can stick it
> and trigger the unlock. Your front door is more solid, but if it's
> and not reinforced, I'll give my steel-toed boots better than even
> against it. What? You have a commercial hollow steel door? Ok, that
> beats all of that, let me go get my big crowbar, a little bending will
> let me win. Something more solid? Ram it with a truck. You got a
> freakin' bank vault door? Explosives, torches, etc. Fort Knox?
> Bring a
> large enough army, you'll still get in.
> Notice a pattern? For any given level of protection,
> countermeasures are
> available. Your house is best "secured" by making changes that make
> appear ordinary and non-attractive. That means that a burglar is
> going to
> look at your house, say "nah," and move on to your neighbor's house,
> your neighbor left the garage open.
> But if I were a burglar and I really wanted in your house? There's
> that much you could really do to stop me. It's just a matter of how
> prepared I am, how well I plan.
> So. Now. Fiber.
> Here's the thing, now. First off, there usually isn't a financial
> motivation to attack fiber optic infrastructure. ATM's get some
> protection because without locks, criminals would just open them and
> take the cash. Having locks doesn't stop that, it just makes it
> However, the financial incentive for attacking a fiber line is low.
> Glass is cheap. We see attacks against copper because copper is
> valuable, and yet we cannot realistically guard the zillions of miles
> of copper that is all around.
> Next. Repair crews need to be able to access the manholes. This is a
> multifaceted problem. First off, since there are so many manholes to
> protect, and there are so many crews who might potentially need to
> them, you're probably stuck with a "standardized key" approach if you
> want to lock them. While this offers some protection against the
> person gaining unauthorized access, it does nothing to prevent "inside
> job" attacks (and I'll note that this looks suspiciously like an
> job" of some sort). Further, any locking mechanism can make it more
> difficult to gain access when you really need access; some manholes
> not opened for years or even decades at a time. What happens when the
> locks are rusted shut? Is the mechanism weak enough that it can be
> forced open, or is it tolerable to have to wait extra hours while a
> crew finds a way to open it? Speaking of that, a manhole cover is
> typically protecting some hole, accessway, or vault that's made out of
> concrete. Are you going to protect the concrete too? If not, what
> prevents me from simply breaking away the concrete around the manhole
> cover rim (admittedly a lot of work) and just discarding the whole
> Wait. I just want to *break* the cable? Screw all that. Get me a
> backhoe. I'll just eyeball the direction I think the cable's going,
> and start digging until I snag something.
> Start to see the problems?
> I'm not saying that security is a bad thing, just a tricky thing.
> ... JG
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance
> [and] then I
> won't contact you again." - Direct Marketing Ass'n position on e-
> mail spam(CNN)
> With 24 million small businesses in the US alone, that's way too
> many apples.
More information about the NANOG