Fiber cut in SF area

Jo¢ wrote:
> I'm confussed, but please pardon the ignorance.
> All the data centers we have are at minimum keys to access
> data areas. Not that every area of fiber should have such, but
> at least should they? Manhole covers "can" be keyed. For those of
> you arguing that this is not enough, I would say at least it’s a start.
> Yes if enough time goes by anything can happen, but how can one
> argue an ATM machince that has (at times) thousands of dollars stands
> out 24/7 without more immediate wealth. Perhaps I am missing
> something here, do the Cops stake out those areas? dunno

The nice thing about the outdoors is how much of it there is.

Cute, but a lot of people seem to be wondering this, so a better answer
is deserved.

The ATM machine is somewhat protected for the extremely obvious reason
that it has cash in it, but an ATM is hardly impervious.

There are all sorts of strategies for attacking ATM's, and being
susceptible to a sledgehammer, crowbar, or truck smashing into the
unit shouldn't be hard to understand.

Most data centers have security that is designed to keep honest people
out of places that they shouldn't be. Think that "security guard" at
the front will stop someone from running off with something valuable?
Maybe. Have you considered following the emergency fire exits instead?
Running out the loading dock? Etc?

Physical security is extremely difficult, and defending against a
determined, knowledgeable, and appropriately resourced attacker out to
get *you* is a losing battle, every time.

Think about a door. You can close your bathroom door and set the privacy
lock, but any adult with a solid shoulder can break that door, or with a
pin (or flathead or whatever your particular knob uses) can stick it in
and trigger the unlock. Your front door is more solid, but if it's wood,
and not reinforced, I'll give my steel-toed boots better than even odds
against it. What? You have a commercial hollow steel door? Ok, that
beats all of that, let me go get my big crowbar, a little bending will
let me win. Something more solid? Ram it with a truck. You got a
freakin' bank vault door? Explosives, torches, etc. Fort Knox? Bring a
large enough army, you'll still get in.

Notice a pattern? For any given level of protection, countermeasures are
available. Your house is best "secured" by making changes that make it
appear ordinary and non-attractive. That means that a burglar is going to
look at your house, say "nah," and move on to your neighbor's house, where
your neighbor left the garage open.

But if I were a burglar and I really wanted in your house? There's not
that much you could really do to stop me. It's just a matter of how well
prepared I am, how well I plan.

So. Now. Fiber.

Here's the thing, now. First off, there usually isn't a financial
motivation to attack fiber optic infrastructure. ATM's get some
protection because without locks, criminals would just open them and
take the cash. Having locks doesn't stop that, it just makes it harder.
However, the financial incentive for attacking a fiber line is low.
Glass is cheap. We see attacks against copper because copper is
valuable, and yet we cannot realistically guard the zillions of miles
of copper that is all around.

Next. Repair crews need to be able to access the manholes. This is a
multifaceted problem. First off, since there are so many manholes to
protect, and there are so many crews who might potentially need to access
them, you're probably stuck with a "standardized key" approach if you
want to lock them. While this offers some protection against the average
person gaining unauthorized access, it does nothing to prevent "inside
job" attacks (and I'll note that this looks suspiciously like an "inside
job" of some sort). Further, any locking mechanism can make it more
difficult to gain access when you really need access; some manholes are
not opened for years or even decades at a time. What happens when the
locks are rusted shut? Is the mechanism weak enough that it can be
forced open, or is it tolerable to have to wait extra hours while a
crew finds a way to open it? Speaking of that, a manhole cover is
typically protecting some hole, accessway, or vault that's made out of
concrete. Are you going to protect the concrete too? If not, what
prevents me from simply breaking away the concrete around the manhole
cover rim (admittedly a lot of work) and just discarding the whole
thing?

Wait. I just want to *break* the cable? Screw all that. Get me a
backhoe. I'll just eyeball the direction I think the cable's going,
and start digging until I snag something.

Start to see the problems?

I'm not saying that security is a bad thing, just a tricky thing.

... JG

An easy way to describe what your saying is "Security by obscurity is not security"

* Joe Greco:

The ATM machine is somewhat protected for the extremely obvious reason
that it has cash in it, but an ATM is hardly impervious.

http://www.youtube.com/watch?v=4P8WM8ZZDHk

Heh. Once you install ATMs into solid walls, the attacks get a tad
more interesting. In some places of the world, gas detectors are
almost mandatory because criminals pump gas into the machine, ignite
it, and hope that the explosion blows a hole into the machine without
damaging the money (which seems to work fairly well if you use the
right gas at the right concentration).

also, there is the fact that some very large percentage of ATM
machines were installed with the same admin passwd setup. I recall
~1.5 yrs ago some news about this, and that essentially banks send out
the ATM machines with a stock passwd (sometimes the default which is
documented in easily google-able documents) per bank (BoFA uses
passwd123, Citi uses passwd456 ....)

I'm not sure that the manholes == atm discussion is valid, but in the
end the same thing is prone to happen to the manholes, there isn't
going to be a unique key per manhole, at best it'll be 1/region or
1/manhole-owner. In the end that key is compromised as soon as the
decision is made Also keep in mind that keyed locks don't really
provide much protection, since anyone can order lockpicks over the
interwebs these days, even to states where ownership is apparently
illegal

-Chris

The best protecion is good engineering taking advantage of
technologies and architecures
available since long time ago at any of the different network layers.

Why network operators/carriers don't do it ?, it's another issue and
most of the time
is a question of bottom line numbers for which there are no
engineering solutions.

My .02

An oxyacetylene torch or a plasma cutter will slice through regular steel
manhole covers in minutes.

You can cut the concrete, too, for that matter, with oxyacetylene, as long as
you wear certain protective gear. We have a few vault covers here that are
concrete covering the largest vaults we have. You need more than a manhole
hook to get one of those covers up.

The locking covers I have seen here put the lock(s) on the inside cover cam
jackscrew (holes through the jackscrew close to the inside cover seal rod
nut), rather than on the outside cover, thus keeping the padlocks out of the
weather.

One way of making a site more resistant to 'inside job' issues is with SCIF-
like controls (see
http://en.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility )
and using combination locks such as the Sargent and Greenleaf 8077AD for
control, and the S&G 833 superpadlock for security (see
http://www.sargentandgreenleaf.com/PL-833.php ). The tech would have the
833's key, and the area supervisor the combination. The 8077AD's combination
is very easily changed in the field, and could be changed frequently. The key
to this method's success is that the keyholder to the 833 cannot have the
combination, and the holder of the combination cannot have an 833 key.
Requires a certain atmosphere of distrust, unfortunately. And slows repairs
way down, especially if the 833's key is lost....

I'm starting to wonder what makes more sense -- locking down
  thousands of miles of underground tunnel with mil-spec expensive locks
  that ideally keep unauthorized people out, OR simple motion and or video
  cameras in the tunnels themselves which relay their access back to a
  central facility, along with a video feed of sorts, to help identify who
  is there, whether approved or not.

  With locks, you know they gained access after the fact and that your
  locking wasn't sufficient enough. With active monitoring of the area
  where the cables live, you at least know the moment someone goes in, and
  have some lead time (and maybe a video) to do something to prevent it, or
  catch them in the act.

  Unfortunately, that kind of monitoring is also expensive and complex. I
  wonder what the cost of the outage was, and how much it might cost to
  monitor it? Would it be worth $2,000 per site per year?
  A great webcam, with day/night capability, and a cell phone, in a locked
  box, with a solar panel, on top of a pole, near the site. Sure, if you
  know it's there, taking it out is easy, but someone will still know
  something is wrong when it goes dark or the picture changes significantly.

  Are there some low-cost, highly-effective ways that the tunnels which
  carry our precious data and communications can at least be monitored
  remotely? Waiting for someone to cut a cable and then deploying a crew
  seems reactive, whereas knowing the moment someone goes INTO the tunnel is
  proactive, whether the person(s) are there to do some normal maintenance
  or something malicious.

Beckman

  I suppose rats and other rodents could cause such a system to be too
  annoying to pay attention to.

Too bad there isn't 1Password for manhole covers.