- Email: [email protected]
Tapping into fibre optic cables
FIBRE OPTIC CABLES
Tapping into fibre optic cables Bernard Everett, regional sales director, western and southern Europe, InfoGuard When researchers laid the first undersea comBernard Everett munication cable in the 1850s, they could not have known how long distance communications would advance in the subsequent 150 years. Thick copper wire laid under the ocean began carrying telegraph signals around 25 years before the first telephone patent was granted. Today, hairthin cables can carry terabits of information each second. They frequently serve individual organisations with 1 Gbit/sec or more between different metropolitan locations, both for primary data communication and backup infrastructures. The terror attacks in New York and London bought home the importance of having remote data backups. Fibre optic cables offer high data transmission rates and are thus particularly suited for the transmission of high data volumes. In the early years of optical transmission, both single-mode and multi-mode cables were used both within and outside of the data centre. Multi-mode fibre allows multiple light rays (or modes) to pass along the fibre at once, whereas single-mode allows only one. Today, multi-mode is typically used within the data centre, while single-mode is used for transmission over longer distances. Fibre optic cable is not particularly secure compared to traditional copper wire. Various tapping methods can be used to extract data from fibre optic networks with little or no risk of detection, and the network backbone is a particularly attractive place for industrial espionage. International studies suggest that digital eavesdropping has multiplied tenfold in the past two years in companies around the globe. The commercial damage resulting from attacks of this nature is enormous. In its Annual Report to Congress on Foreign collection and International Espionage in 2001, the Office of National Counterintelligence (NCIX) cited estimates of up to $100 -250bn of lost
May 2007
2000.1
sales in According to the 2005 CERT-CSO Survey, 80% of digital crime originates outside organisations.2
The risks of fibre optic networks By splitting (or ‘splicing’) the fibre optic cable, eavesdroppers can easily monitor communications without noticeably altering the signal en route to the recipient. Simply bending the fibre while keeping the cladding intact is sufficient to track the exchange of information with little to no chance of being detected. 3,4 Newer, subtler interception approaches make these methods look crude and outdated. Deutsche Telekom
AG has already registered an innovative technique with the European and American Patent Offices (EP 0 915 356 A1, and US 6,265,710 B1)5. This ‘non-touching’ method uses sensitive photo-detectors that capture a minimum amount of light emerging laterally from the glass fibre. This naturally-occuring process is called Rayleigh scattering.
“Most telecommunications providers fail to draw attention to this growing danger, or are simply ignorant of the facts.” An erbium amplifier designed to directly amplify laser light strengthens the emitted light to a usable intensity by injecting a controlled amount of additional light and then redirecting it to another glass fibre. This can in turn be connected to the appropriate monitoring equipment. As this technique does not use any light that would not have been lost anyway, the tapping due to light loss becomes undetectable. It is not as simple an approach as the more intrusive methods mentioned above, and it only works at lower bit rates today. Nevertheless, it is clearly only a matter of time before this method becomes commercially available with higher speed capabilities.
Figure 1: Detection of 'Rayleigh scattering' in optical cables
Network Security
13
FIBRE OPTIC CABLES Most telecommunication providers fail to draw attention to this growing danger, or are simply ignorant of the facts. And it is relatively easy to determine which fibre optic cables are being used by which customers, as the individual cables in a cable loom are marked for maintenance purposes. Thus it is sufficient to identify the cable emerging from a building and tap into it from a freely accessible point. Several thousand amplifiers are typically installed in optical networks, which as a rule are kept in housings that can be opened with a square locking key. These amplifiers are equipped with labelled service connectors for maintenance work and thus provide the easiest point of attack. Using sophisticated commercially available data monitoring equipment, the so-called Internet Business Infrastructure (IBI) analyses data traffic to better understand customer usage and communications needs. Companies are able to analyse traffic up to a speed of 10Gbps, or OC192. These products, regardless of protocol or network type, distinguish IP data from network traffic (communication overhead) and even give the user the ability to customise the monitoring functions. Narus, one American company that provides such monitoring tools, even lists numerous telecommunications companies across the world as customers.6
Secret rooms Based on the findings of a well-publicised internal AT&T paper in 2002, it is evident that the company’s WorldNet subsidiary formed six years earlier conducted systematic tapping of fibre optic cables in the USA. In various cities in the USA, secret rooms have been constructed on the instructions of the government (under the cloak of fighting terrorism), in order to analyse communication traffic. Splitters were already installed in the fibre optic cables when the infrastructure was put in place. Mark Klein, an AT&T technician for 22 years, reported that only people 14
Network Security
with NSA clearance were admitted into these rooms. In a written statement given to the press in April 2006, Klein wrote: “My job required me to connect new circuits to the splitter cabinet and get them up and running,” … “I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the splitter cabinet, which diverts some of the light signal to the secret room,” … “The circuits listed were the Peering Links, which connect WorldNet with other networks and hence the whole country, as well as the rest of the world.”7,8 Secret services in the United States detected espionage equipment illegally hooked into Verizon’s optical network just before the quarterly results were about to be published. It was believed that possibly terrorists wanted to bolster their finances by profiting from the gain in the price of shares.9 It is hardly possible to monitor the entire fibre infrastructure, and it is very difficult to estimate the seriousness of the gaps in security. Whilst network equipment vendors and network providers solely subscribe to a hypothetical risk, the largest North American National Association of Manufacturers (NAM) views the theft of optical data as a real threat. At NAM, it is even conjectured that tapping into fibre optic cables is a widespread method of industrial espionage. According to information provided by the German Federal Office for Information Security (BSI), fibre optic transmission paths pose a threat in terms of national security. Interesting to note however, only the armaments industry has been furnished with legal regulations. Nothing has been done to address the security issues that affect enterprises and government authorities with their data communication paths in remote data processing centres.10 According to former US National Security Agency (NSA) analyst John Pescatore, intelligence agencies have been tapping fibre-optic links since the mid 90s.11
The necessary tools can be easily found on the internet, and all it takes is approximately 0.1 to 0.2dB/s3 of light to be able to read all the data being transferred across the optical cable. Depending on the specification of the transceivers, a ‘link loss budget’ can be in the order of 40dBs. This represents between 0.5% and 2% of the overall light loss.
Wavelength division multiplexers During the late 80s and throughout the 90s, telecom companies laid huge amounts of optical cable, often laying far in excess of what was needed believing this would be a secured investment as bandwidth requirements grew exponentially. Telcos could lay these optical cables across the country using means that were previously unthinkable when using traditional copper wires. Not only would optical cable be laid under our streets, but given the physical properties of optical transmission, they could be co-hung from high voltage pylons, run along train lines and even laid in existing sewage ways.
“Should a line be tapped, a combination of a spectrum analyser and the appropriate data analysers can quickly decipher this data.” With the evolution of more sophisticated wavelength division multiplexing (WDM) technology in the 1990s, optical transmission signals could now be multiplexed together by beaming different frequencies of light down the same line. This greatly enhanced fibre capacity. When a technology enters the commercial market, service equipment has to be made readily available, which can trace, analyse, and follow a technical problem at every level and stage of transmission, regardless of how
May 2007
FIBRE OPTIC CABLES the data is handled; there are certainly no exceptions when it comes to Wavelength Division Multiplexers. Here once again, should a line be tapped, a combination of a spectrum analyser and the appropriate data analysers can quickly decipher this data. This presents an ideal source of information for the data thief, as there are only a handful of standard protocols (FICON, ESCON, iSCSI, GbE, SHD, and OC-3) which would typically be multiplexed across a single optical link in the first place. All that the trained criminal must do is work out which wavelength to examine using the spectrum analyser and data analyser together. In a single optical cable, snoopers can now have access to the transmitted data of one or more corporations, and will have all the time in the world to analyse it. Contrary to widespread thinking, large volumes of data provide no protection. In order to extract specific information from large amounts of data, corresponding IP numbers or key expressions are sufficient. Using the digits, packet ‘sniffer’ programs are able to filter out the information required from the data streams and store it in real time. Very often, solutions of this nature are offered to ISPs as a means of implementing new calculation models for data traffic. It goes without saying that these tools can also be used for analysing the data content. The same situation applies to small block sizes. Companies may think that they are safe when transmitting disk data, as this only forms part of a RAID system. They may think the same about mirrored data, because it uses a proprietary mirroring protocol. These assumptions are invalid. Using easily obtained shareware tools, disk data can be easily read and a standard 512 byte disk sector can reveal a lot of personal identity information.
Regulatory compliance Government and industry regulators are working hard to put the
necessary controls in place to protect the public interest. The growing number of such regulations not only focuses on the data retention issues but also the methods employed to enforce data privacy and integrity as well as access accountability. Such regulations include: •
•
•
•
• • •
•
EC Directive 2002/58/ Data Protection Act 1998: Appropriate technical and organisational measures shall be taken against unauthorised and/or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data. Basel II: Ensures appropriate capital allocation according to financial institutions’ market, credit and operational risk – loss resulting from inadequate or failed internal processes, people or systems. HIPAA Health Insurance Portability and Accountability Act of 1996 CA-SB California SB 1386: Disclose security breaches (unless data is encrypted) Sarbanes-Oxley Act of 2002 The German Telecommunications act (TGK) paragraph 87 Japan’s privacy law April 2005 – Personal Information Protection Act 2004 Payment Card Industry Security Standard (PCI): Applies to all members, merchants and service providers that store, process or transmits cardholder data. Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Hacking fibre optic link is a real danger that needs to be taken seriously. The only effective response to this threat is the encryption of the data at the point where it leaves the protected internal realm. It is not surprising that Swiss banks regard the encryption of optical connections to be an integral part of their best practice procedure.
Examples of published link breaches •
•
•
•
•
In 2003, an illegal eavesdropping device was discovered hooked into Verizon’s optical network; it was believed someone was trying to access the quarterly statement of a mutual fund company prior to its release—information that could have been worth millions.9 STASI (former East Germany) optical taps between W. Germany & Berlin.9 Optical taps found on police networks in the Netherlands and Germany.12 Optical taps on the networks of pharmaceutical giants in the U.K. and France.12 In 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport in Germany.1
Those companies that don’t take action to protect their WAN fibre links may end up literally shedding light on their corporate secrets.
References 1.
2.
3.
4.
5.
6.
2002 CSI/FBI Computer Crime and Security Survey, CSI/FBI, 2002 2005 CERT-CSO E-Crime Watch Survey, CERT, Fibre Optic Intrusion Detection Systems, Network Integrity Systems, 2005 M. E. Kabay, Tapping fiber optics gets easier, Network World, March 2003, H.Walter, Method and device for extracting signals out of a glass fiber, 6002822 Narus web site, 15
May 2007
Network Security
FIBRE OPTIC CABLES 7.
“AT&T Deploys Government Spy Gear on WorldNet Network”, Wired, January 2004, & 8. Jeffrey Klein & Paolo Pontoniere, Inside the Feds’ Secret Wiretapping Rooms, New America Media, September 2006 9. Wolfgang Müller-Scholz , Wolf Report, “Das Schweigekartell I & II”, March 2003 10. Herr Gábor Papp, Frankfurter Rundschau, “Glasfaser mit Durchblick”, 4 th September 2002 11. Dan Verton, “Intelligence ops in Baghdad show need for security
back home”, Computerworld, 8th April 2003 12. Sandra Kay Miller, Fiber optic networks vulnerable to attack, Information Security Magazine 15th Nov 2006 13. Sandra Kay Miller, Hacking at the Speed of Light“, Securitysolutions. com, April 2006,
Resources Brian Robinson, “Lights out”, FCW. com, June 2006 2002 & 2003 annual reports, German Federal Office for Information Security (BSI)
E. A. J. Marcatili, “Bends in Optical Dielectric Guides”, The Bell System Technical Journal
About the author Bernard Everett joined encryption vendor InfoGuard in January 2007 to help deliver its new product portfolio into western and southern Europe. In the past 30 years, he has held senior sales and management roles including time at CNT, Racal Milgo GmbH and Data Switch GmbH. More recently, he operated as an independent business consultant for US and European IT companies keen to establish European channel partner networks. He holds B.Sc. Honours in Control Engineering with a major in Computer Engineering.
WRITING SECURE CODE
Writing secure code
matter how good something is hidden or obscured–someone will discover it.
Gunter Ollmann, director of security strategy, IBM Internet Security Systems
The development lifecycle
Security forums and discussion groups are pebbled with descriptions of software vulnerabilities that will lead to a loss of data and application integrity. These warnings primarily focus upon popular commercially available software, but this is only the tip of the iceberg. As any security consultant or penetration tester worth their salt can testify, custom applications designed and tuned to satisfy the many demands of a business are typically riddled with flaws, and therefore ripe for attack and exploitation. The source of these vulnerabilities lies with the coders and application architects who design and build the applications. A disregard or misunderstanding of current security threats and exploits has led to vulnerable code within production systems. To stop developing vulnerable software, coders must acknowledge the threats targeting their software and include code elements capable of handling them. These security features must be conceived during application design and integrated during application development. Adding secure 16
Network Security
functionality to an application at any later data results in unwieldy, inconsistent and ineffective security countermeasures. The principles underlying secure application development are simple and based on common sense. A fundamental concept of application security is effective access control to information and functionality. To this end, coders must ensure that only the minimal subset of information and functionality is ever available to a user, that data to and from the application should never be trusted, and that no
The development lifecycle for most secure applications can become long and treacherous. Unless an organisation intends to spend a lot of time fixing application security failures as they crop up, team leaders and project managers must define a consistent process for the design, coding, testing, and deployment early on in the cycle.
“An important step in the design stage is to create a threat model. This lets coders and team leaders identify where an application is likely to be more vulnerable.” It is equally important that security also be included within the development process. You cannot hope to develop a secure application without a
May 2007
Tapping into fibre optic cables Bernard Everett, regional sales director, western and southern Europe, InfoGuard When researchers laid the first undersea comBernard Everett munication cable in the 1850s, they could not have known how long distance communications would advance in the subsequent 150 years. Thick copper wire laid under the ocean began carrying telegraph signals around 25 years before the first telephone patent was granted. Today, hairthin cables can carry terabits of information each second. They frequently serve individual organisations with 1 Gbit/sec or more between different metropolitan locations, both for primary data communication and backup infrastructures. The terror attacks in New York and London bought home the importance of having remote data backups. Fibre optic cables offer high data transmission rates and are thus particularly suited for the transmission of high data volumes. In the early years of optical transmission, both single-mode and multi-mode cables were used both within and outside of the data centre. Multi-mode fibre allows multiple light rays (or modes) to pass along the fibre at once, whereas single-mode allows only one. Today, multi-mode is typically used within the data centre, while single-mode is used for transmission over longer distances. Fibre optic cable is not particularly secure compared to traditional copper wire. Various tapping methods can be used to extract data from fibre optic networks with little or no risk of detection, and the network backbone is a particularly attractive place for industrial espionage. International studies suggest that digital eavesdropping has multiplied tenfold in the past two years in companies around the globe. The commercial damage resulting from attacks of this nature is enormous. In its Annual Report to Congress on Foreign collection and International Espionage in 2001, the Office of National Counterintelligence (NCIX) cited estimates of up to $100 -250bn of lost
May 2007
2000.1
sales in According to the 2005 CERT-CSO Survey, 80% of digital crime originates outside organisations.2
The risks of fibre optic networks By splitting (or ‘splicing’) the fibre optic cable, eavesdroppers can easily monitor communications without noticeably altering the signal en route to the recipient. Simply bending the fibre while keeping the cladding intact is sufficient to track the exchange of information with little to no chance of being detected. 3,4 Newer, subtler interception approaches make these methods look crude and outdated. Deutsche Telekom
AG has already registered an innovative technique with the European and American Patent Offices (EP 0 915 356 A1, and US 6,265,710 B1)5. This ‘non-touching’ method uses sensitive photo-detectors that capture a minimum amount of light emerging laterally from the glass fibre. This naturally-occuring process is called Rayleigh scattering.
“Most telecommunications providers fail to draw attention to this growing danger, or are simply ignorant of the facts.” An erbium amplifier designed to directly amplify laser light strengthens the emitted light to a usable intensity by injecting a controlled amount of additional light and then redirecting it to another glass fibre. This can in turn be connected to the appropriate monitoring equipment. As this technique does not use any light that would not have been lost anyway, the tapping due to light loss becomes undetectable. It is not as simple an approach as the more intrusive methods mentioned above, and it only works at lower bit rates today. Nevertheless, it is clearly only a matter of time before this method becomes commercially available with higher speed capabilities.
Figure 1: Detection of 'Rayleigh scattering' in optical cables
Network Security
13
FIBRE OPTIC CABLES Most telecommunication providers fail to draw attention to this growing danger, or are simply ignorant of the facts. And it is relatively easy to determine which fibre optic cables are being used by which customers, as the individual cables in a cable loom are marked for maintenance purposes. Thus it is sufficient to identify the cable emerging from a building and tap into it from a freely accessible point. Several thousand amplifiers are typically installed in optical networks, which as a rule are kept in housings that can be opened with a square locking key. These amplifiers are equipped with labelled service connectors for maintenance work and thus provide the easiest point of attack. Using sophisticated commercially available data monitoring equipment, the so-called Internet Business Infrastructure (IBI) analyses data traffic to better understand customer usage and communications needs. Companies are able to analyse traffic up to a speed of 10Gbps, or OC192. These products, regardless of protocol or network type, distinguish IP data from network traffic (communication overhead) and even give the user the ability to customise the monitoring functions. Narus, one American company that provides such monitoring tools, even lists numerous telecommunications companies across the world as customers.6
Secret rooms Based on the findings of a well-publicised internal AT&T paper in 2002, it is evident that the company’s WorldNet subsidiary formed six years earlier conducted systematic tapping of fibre optic cables in the USA. In various cities in the USA, secret rooms have been constructed on the instructions of the government (under the cloak of fighting terrorism), in order to analyse communication traffic. Splitters were already installed in the fibre optic cables when the infrastructure was put in place. Mark Klein, an AT&T technician for 22 years, reported that only people 14
Network Security
with NSA clearance were admitted into these rooms. In a written statement given to the press in April 2006, Klein wrote: “My job required me to connect new circuits to the splitter cabinet and get them up and running,” … “I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the splitter cabinet, which diverts some of the light signal to the secret room,” … “The circuits listed were the Peering Links, which connect WorldNet with other networks and hence the whole country, as well as the rest of the world.”7,8 Secret services in the United States detected espionage equipment illegally hooked into Verizon’s optical network just before the quarterly results were about to be published. It was believed that possibly terrorists wanted to bolster their finances by profiting from the gain in the price of shares.9 It is hardly possible to monitor the entire fibre infrastructure, and it is very difficult to estimate the seriousness of the gaps in security. Whilst network equipment vendors and network providers solely subscribe to a hypothetical risk, the largest North American National Association of Manufacturers (NAM) views the theft of optical data as a real threat. At NAM, it is even conjectured that tapping into fibre optic cables is a widespread method of industrial espionage. According to information provided by the German Federal Office for Information Security (BSI), fibre optic transmission paths pose a threat in terms of national security. Interesting to note however, only the armaments industry has been furnished with legal regulations. Nothing has been done to address the security issues that affect enterprises and government authorities with their data communication paths in remote data processing centres.10 According to former US National Security Agency (NSA) analyst John Pescatore, intelligence agencies have been tapping fibre-optic links since the mid 90s.11
The necessary tools can be easily found on the internet, and all it takes is approximately 0.1 to 0.2dB/s3 of light to be able to read all the data being transferred across the optical cable. Depending on the specification of the transceivers, a ‘link loss budget’ can be in the order of 40dBs. This represents between 0.5% and 2% of the overall light loss.
Wavelength division multiplexers During the late 80s and throughout the 90s, telecom companies laid huge amounts of optical cable, often laying far in excess of what was needed believing this would be a secured investment as bandwidth requirements grew exponentially. Telcos could lay these optical cables across the country using means that were previously unthinkable when using traditional copper wires. Not only would optical cable be laid under our streets, but given the physical properties of optical transmission, they could be co-hung from high voltage pylons, run along train lines and even laid in existing sewage ways.
“Should a line be tapped, a combination of a spectrum analyser and the appropriate data analysers can quickly decipher this data.” With the evolution of more sophisticated wavelength division multiplexing (WDM) technology in the 1990s, optical transmission signals could now be multiplexed together by beaming different frequencies of light down the same line. This greatly enhanced fibre capacity. When a technology enters the commercial market, service equipment has to be made readily available, which can trace, analyse, and follow a technical problem at every level and stage of transmission, regardless of how
May 2007
FIBRE OPTIC CABLES the data is handled; there are certainly no exceptions when it comes to Wavelength Division Multiplexers. Here once again, should a line be tapped, a combination of a spectrum analyser and the appropriate data analysers can quickly decipher this data. This presents an ideal source of information for the data thief, as there are only a handful of standard protocols (FICON, ESCON, iSCSI, GbE, SHD, and OC-3) which would typically be multiplexed across a single optical link in the first place. All that the trained criminal must do is work out which wavelength to examine using the spectrum analyser and data analyser together. In a single optical cable, snoopers can now have access to the transmitted data of one or more corporations, and will have all the time in the world to analyse it. Contrary to widespread thinking, large volumes of data provide no protection. In order to extract specific information from large amounts of data, corresponding IP numbers or key expressions are sufficient. Using the digits, packet ‘sniffer’ programs are able to filter out the information required from the data streams and store it in real time. Very often, solutions of this nature are offered to ISPs as a means of implementing new calculation models for data traffic. It goes without saying that these tools can also be used for analysing the data content. The same situation applies to small block sizes. Companies may think that they are safe when transmitting disk data, as this only forms part of a RAID system. They may think the same about mirrored data, because it uses a proprietary mirroring protocol. These assumptions are invalid. Using easily obtained shareware tools, disk data can be easily read and a standard 512 byte disk sector can reveal a lot of personal identity information.
Regulatory compliance Government and industry regulators are working hard to put the
necessary controls in place to protect the public interest. The growing number of such regulations not only focuses on the data retention issues but also the methods employed to enforce data privacy and integrity as well as access accountability. Such regulations include: •
•
•
•
• • •
•
EC Directive 2002/58/ Data Protection Act 1998: Appropriate technical and organisational measures shall be taken against unauthorised and/or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data. Basel II: Ensures appropriate capital allocation according to financial institutions’ market, credit and operational risk – loss resulting from inadequate or failed internal processes, people or systems. HIPAA Health Insurance Portability and Accountability Act of 1996 CA-SB California SB 1386: Disclose security breaches (unless data is encrypted) Sarbanes-Oxley Act of 2002 The German Telecommunications act (TGK) paragraph 87 Japan’s privacy law April 2005 – Personal Information Protection Act 2004 Payment Card Industry Security Standard (PCI): Applies to all members, merchants and service providers that store, process or transmits cardholder data. Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Hacking fibre optic link is a real danger that needs to be taken seriously. The only effective response to this threat is the encryption of the data at the point where it leaves the protected internal realm. It is not surprising that Swiss banks regard the encryption of optical connections to be an integral part of their best practice procedure.
Examples of published link breaches •
•
•
•
•
In 2003, an illegal eavesdropping device was discovered hooked into Verizon’s optical network; it was believed someone was trying to access the quarterly statement of a mutual fund company prior to its release—information that could have been worth millions.9 STASI (former East Germany) optical taps between W. Germany & Berlin.9 Optical taps found on police networks in the Netherlands and Germany.12 Optical taps on the networks of pharmaceutical giants in the U.K. and France.12 In 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport in Germany.1
Those companies that don’t take action to protect their WAN fibre links may end up literally shedding light on their corporate secrets.
References 1.
2.
3.
4.
5.
6.
2002 CSI/FBI Computer Crime and Security Survey, CSI/FBI, 2002
May 2007
Network Security
FIBRE OPTIC CABLES 7.
“AT&T Deploys Government Spy Gear on WorldNet Network”, Wired, January 2004,
back home”, Computerworld, 8th April 2003 12. Sandra Kay Miller, Fiber optic networks vulnerable to attack, Information Security Magazine 15th Nov 2006 13. Sandra Kay Miller, Hacking at the Speed of Light“, Securitysolutions. com, April 2006,
Resources Brian Robinson, “Lights out”, FCW. com, June 2006 2002 & 2003 annual reports, German Federal Office for Information Security (BSI)
E. A. J. Marcatili, “Bends in Optical Dielectric Guides”, The Bell System Technical Journal
About the author Bernard Everett joined encryption vendor InfoGuard in January 2007 to help deliver its new product portfolio into western and southern Europe. In the past 30 years, he has held senior sales and management roles including time at CNT, Racal Milgo GmbH and Data Switch GmbH. More recently, he operated as an independent business consultant for US and European IT companies keen to establish European channel partner networks. He holds B.Sc. Honours in Control Engineering with a major in Computer Engineering.
WRITING SECURE CODE
Writing secure code
matter how good something is hidden or obscured–someone will discover it.
Gunter Ollmann, director of security strategy, IBM Internet Security Systems
The development lifecycle
Security forums and discussion groups are pebbled with descriptions of software vulnerabilities that will lead to a loss of data and application integrity. These warnings primarily focus upon popular commercially available software, but this is only the tip of the iceberg. As any security consultant or penetration tester worth their salt can testify, custom applications designed and tuned to satisfy the many demands of a business are typically riddled with flaws, and therefore ripe for attack and exploitation. The source of these vulnerabilities lies with the coders and application architects who design and build the applications. A disregard or misunderstanding of current security threats and exploits has led to vulnerable code within production systems. To stop developing vulnerable software, coders must acknowledge the threats targeting their software and include code elements capable of handling them. These security features must be conceived during application design and integrated during application development. Adding secure 16
Network Security
functionality to an application at any later data results in unwieldy, inconsistent and ineffective security countermeasures. The principles underlying secure application development are simple and based on common sense. A fundamental concept of application security is effective access control to information and functionality. To this end, coders must ensure that only the minimal subset of information and functionality is ever available to a user, that data to and from the application should never be trusted, and that no
The development lifecycle for most secure applications can become long and treacherous. Unless an organisation intends to spend a lot of time fixing application security failures as they crop up, team leaders and project managers must define a consistent process for the design, coding, testing, and deployment early on in the cycle.
“An important step in the design stage is to create a threat model. This lets coders and team leaders identify where an application is likely to be more vulnerable.” It is equally important that security also be included within the development process. You cannot hope to develop a secure application without a
May 2007