Hi Fibre can be tapped, the first and most noticeable is to break the fiber insert your TAP and then re-enable the circuit. Intrusion Inc demonstrated a pretty cool Fiber TAP to me at http://www.intrusion.com/products/technicalspec.asp?lngProdNmId=39&lngCatId= 4 There are 2 problems with doing this covertly, the first is that the circuit has to be broken, but as you can fusion splice 4 new tails on in around 1 minute this will just be seen as a glitch by most and be ignored. However, most fiber circuits do have records regarding their losses which are available for scrutiny and can be compared, introduction of a fusion splice, if my memory serves me correctly, will introduce around 3dB loss. That is when I do a fusion splice experts reduce this significantly almost to the point where there is no significant loss.
Optical Time Domain Reflectometers (OTDR) will graph losses over distance, this is a great security tool and you can see splices and TAPs in line. However, unless the losses are significant you need a benchmark OTDR graph for each fiber. Furthermore, fibers do degrade over time, especially in areas with X-Ray radiation (hospitals etc) therefore it would be difficult to identify if an anomaly was malicious or just degradation. As an OTDR plots over distance you can see where the problem is ie 300' from point A Back to the original question, vampire TAPs are feasible by removing the cladding and bending the fiber such that the refractive index is altered allowing some light to escape. 2 years ago when I asked an expert the same question I was told that the multiplexing and complex makeup of channels make it very difficult to reconstitute meaningful data, especially as today's bandwidth increases. Vampire TAPs are detectable with an OTDR. I used to use fiber transceivers which would alarm if the signal strength dropped, but after 12 months of 900 devices with 600KM of fiber alerting, the false positive rate was unmanageable. Hope this helps take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Alvey Robert W KPWA" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, December 23, 2002 10:47 PM Subject: RE: Fiber optic vampire taps > In order to tap into a fiber line you have to break the sheath. The signal > is entirely optic, if you don't break the sheath you can't even see the > signal. However, even if someone does decide to break into it then they've > got another problem, exactly how to do it, it's extremely difficult because > any sort of tapping into the signal seriously degrades the link, that's if > it doesn't go down entirely, and it would be immediately noticeable if > someone was tapping into your fiber line. > > -----Original Message----- > From: Nick Iglehart [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 20, 2002 3:41 PM > To: [EMAIL PROTECTED] > Subject: Fiber optic vampire taps > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have a client who has a fiber optic line between two buildings. > There is no physical security and so they are concerned about someone > tapping into the fiber line and capturing data. > > I read something a while back about tapping fiber optic lines without > breaking the sheathing and now I can't seem to find anything but vague > references to it. I have googled for hours and checked the sf archives with > no luck. Anyone have any references to this? Any help is appreciated. > > Nick > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPgOqcKq/UK5/FuEgEQJrawCgqX64DN0KqFv4h373stMEcU70vB8AoMZ3 > 9YU6ysv+TwubV0jkbfAJ3K5n > =LoN2 > -----END PGP SIGNATURE-----
