Re: Security over SONET/SDH

> Date: Tue, 25 Jun 2013 06:38:23 -0600 > From: Phil Fagan > Subject: Re: Security over SONET/SDH > Are these private links or customer links? Why encrypt at that > layer? I'm looking for the niche usecase. If I recall correctly the PCI stuff says an MPLS network is suf

Re: Security over SONET/SDH

Well put, and point taken :-). Sam > > On Jun 25, 2013, at 6:34 PM, s...@wwcandt.com wrote: > >> I believe that if you encrypted your links sufficiently that it was >> impossible to siphon the wanted data from your upstream the response >> would >> be for the tapping to move down into your data cen

Re: Security over SONET/SDH

Well put Leo; defense-in-depth. On Jun 25, 2013 6:57 PM, "Leo Bicknell" wrote: > > On Jun 25, 2013, at 6:34 PM, s...@wwcandt.com wrote: > > > I believe that if you encrypted your links sufficiently that it was > > impossible to siphon the wanted data from your upstream the response > would > > be

Re: Security over SONET/SDH

On Jun 25, 2013, at 6:34 PM, s...@wwcandt.com wrote: > I believe that if you encrypted your links sufficiently that it was > impossible to siphon the wanted data from your upstream the response would > be for the tapping to move down into your data center before the crypto. > > With CALEA requir

Re: Security over SONET/SDH

> --- morrowc.li...@gmail.com wrote: > From: Christopher Morrow > On Tue, Jun 25, 2013 at 2:02 PM, William Allen Simpson > wrote: > > :: ...in addition to everything else "What security protocols > :: are folks using to protect SONET/SDH? At what speeds?" > > : Correct. > > : But the answer appe

Re: Security over SONET/SDH

Since we're no longer trying to dodge the NSAwhy would one want to encrypt transport? I think protected links are a great business model. L3VPN encryption? Whats the best offering?

Re: Security over SONET/SDH

The sticky problem remains for any communications carrier, we are looking for a technical solution to a legal problem. I believe that if you encrypted your links sufficiently that it was impossible to siphon the wanted data from your upstream the response would be for the tapping to move down into

Re: Security over SONET/SDH

--- morrowc.li...@gmail.com wrote: From: Christopher Morrow On Tue, Jun 25, 2013 at 2:02 PM, William Allen Simpson wrote: :: ...in addition to everything else "What security protocols :: are folks using to protect SONET/SDH? At what speeds?" : Correct. : But the answer appears to be: none.

Re: Security over SONET/SDH

On Tue, Jun 25, 2013 at 2:02 PM, William Allen Simpson wrote: > But the answer appears to be: none. Not Google. Not any public N/ISP. would they say if they had?

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On 6/25/13, Warren Bailey wrote: > Is there a realistic way to deal with dropped packets in that situation? I > would think packet loss could get really messy.. ;) > > As you know this is not such a problem for UDP streams however, we have not worked out all the bugs for services that run on TCP.

Re: Security over SONET/SDH

On Mon, Jun 24, 2013 at 11:19:52PM -0500, Philip Dorr wrote: > On Mon, Jun 24, 2013 at 9:59 PM, Christopher Morrow > wrote: > > it's fair to say, I think, that if you want to say something on the > > network it's best that you consider: > > 1) is the communication something private between you

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On 6/25/13, Javier Henderson wrote: > RFC 1149 addresses the practice of avian carriers. > > -jav Jav, this one takes the trump!!! You sir are a man of few words! :) N.

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

>From the site: Problem - federal integrator with a government customer needed to connect geographically dispersed antenna sites to a central pool of monitoring equipment. Our Solution - With Glimmerglass managing the reconfiguration of optical signals, the integrator was able to create an RF-ove

Re: Security over SONET/SDH

On 6/25/13 3:55 AM, Scott Weeks wrote: Yeah, but I was just thinking through what the original question asked. After reading his emails over the years, I am assuming he meant in addition to everything else "What security protocols are folks using to protect SONET/SDH? At what speeds?" Correct.

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

At 10:38 25/06/2013 -0400, Christopher Morrow wrote: this involved, I think, just intuiting signals from the nearfield effects of the cable, no? 'drop a large sensor ontop-of/next-to the cable, win!' > this I thought included the capa

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] RFC 1149 addresses the practice of avian carriers. -jav On Tue, Jun 25, 2013 at 10:16 AM, Nick Khamis wrote: > Screw the pyramids. Look at that building Yeah we though about this > and c

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

RFC 1149 addresses the practice of avian carriers. -jav On Tue, Jun 25, 2013 at 10:16 AM, Nick Khamis wrote: > Screw the pyramids. Look at that building Yeah we though about this > and currently in the process of training pigeons to carry > messages. Will keep everyone posted. :) > > N

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Jun 25, 2013, at 9:53 PM, Måns Nilsson wrote: > IVY BELLS (USN is / was an ALL-CAPS org, right?) was a copper era project, > and it did use EMI tapping (TEMPEST) to get to the traffic > without tampering with the cable. Fiber can be tapped, too, though it's not as easy as EMI. Heck, it can

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Jun 25, 2013, at 9:38 PM, Christopher Morrow wrote: > this I thought included the capabilities to drag the fiber/line into the hull > for 'work' to be done... I'd note that introducing signal > loss on the longhaul fiber seems 'risky', you'd have to know (and this isn't > hard I bet) the tol

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Subject: Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Date: Tue, Jun 25, 2013 at 10:38:30AM -0400 Quoting Christopher Morrow (morrowc.li...@gmail.com): > > It's potentially a lot simpler than that: > > > > &

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Tue, Jun 25, 2013 at 10:23 AM, Dobbins, Roland wrote: > > On Jun 25, 2013, at 8:15 PM, Leo Bicknell wrote: > >> Which made me immediately realize it would be far simpler to strong arm the >> cable operators to split off all channels before connecting them to the >> customer. > > It's potentia

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Jun 25, 2013, at 8:15 PM, Leo Bicknell wrote: > Which made me immediately realize it would be far simpler to strong arm the > cable operators to split off all channels before connecting them to the > customer. It's potentially a lot simpler than that:

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Transnational seems like a good place to start. It seems like a tough space to break into ( no PUN intended). On Tue, Jun 25, 2013 at 7:15 AM, Leo Bicknell wrote: > > On Jun 25, 2013, at 7:38 AM, Phil Fagan wrote: > > > Are these private links or customer links? Why encrypt at that layer? I'm

Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Screw the pyramids. Look at that building Yeah we though about this and currently in the process of training pigeons to carry messages. Will keep everyone posted. :) Nick.

Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Jun 25, 2013, at 7:38 AM, Phil Fagan wrote: > Are these private links or customer links? Why encrypt at that layer? I'm > looking for the niche usecase. I was reading an article about the UK tapping undersea cables (http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communica

Re: Security over SONET/SDH

Are these private links or customer links? Why encrypt at that layer? I'm looking for the niche usecase. On Jun 24, 2013 1:57 PM, "Scott Weeks" wrote: > > > - william.allen.simpson wrote: - > And at $189,950 MSRP, obviously every ISP is dashing out the door > for a pair for each and every

Re: Security over SONET/SDH

Even if your crypto is good enough end to end CALEA will require you to hand over the keys and/or put in a backdoor if you have a US nexus. >From Wikipedia http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act USA telecommunications providers must install new hardware or

Re: Security over SONET/SDH

Link encryption isn't to protect the contents of the user's communication. There is no reason for users to trust their ISP more than a national institution full of people vetted to the highest level. What link encryption gets the user is protection from traffic analysis from parties other than th

Re: Security over SONET/SDH

I hope I've gotten the quotations correct... --- joe...@bogus.com wrote: From: joel jaeggli On 6/24/13 1:19 PM, Scott Weeks wrote: > joe...@bogus.com wrote: >> That's why I'm trying to follow up on the original question. Is >> there something similar the global public

Re: Security over SONET/SDH

On Mon, Jun 24, 2013 at 9:59 PM, Christopher Morrow wrote: > it's fair to say, I think, that if you want to say something on the > network it's best that you consider: > 1) is the communication something private between you and another party(s) > 2) is the communication going to be seen by ot

Re: Security over SONET/SDH

On Mon, Jun 24, 2013 at 10:25 PM, joel jaeggli wrote: > Securing the link layer however is not a replacement for an end to end > solution so just because it's protecting the air interface(s) doesn't really > mean somebody not looking at the traffic elsewhere. it's fair to say, I think, that if yo

Re: Security over SONET/SDH

On 6/24/13 1:19 PM, Scott Weeks wrote: joe...@bogus.com wrote: From: joel jaeggli That's why I'm trying to follow up on the original question. Is there something similar the global public can use to secure their connections that is not government designed. This is

Re: Security over SONET/SDH

On Mon, Jun 24, 2013 at 10:14:19PM +, Gary Buhrmaster wrote: > On Mon, Jun 24, 2013 at 9:37 PM, Jamie Bowden wrote: > > > Actually, you CAN do that, but you have to apply for ITAR exceptions. EXIM > > is complex and you really want a good legal team who are familiar with it > > hand ho

Re: Security over SONET/SDH

On Mon, Jun 24, 2013 at 9:37 PM, Jamie Bowden wrote: > Actually, you CAN do that, but you have to apply for ITAR exceptions. EXIM > is complex and you really want a good legal team who are familiar with it > hand holding you through it (and on extended retainer going forward...). We used

RE: Security over SONET/SDH

> -Original Message- > From: Scott Weeks [mailto:sur...@mauigateway.com] > joe...@bogus.com wrote: > From: joel jaeggli > > > That's why I'm trying to follow up on the original question. Is > > there something similar the global public can use to secure their >

Re: Security over SONET/SDH

joe...@bogus.com wrote: From: joel jaeggli > That's why I'm trying to follow up on the original question. Is > there something similar the global public can use to secure their > connections that is not government designed. This is even more > important on microwave

Re: Security over SONET/SDH

On 6/24/13 12:55 PM, Scott Weeks wrote: - william.allen.simpson wrote: - And at $189,950 MSRP, obviously every ISP is dashing out the door for a pair for each and every long haul fiber link. ;-) It's the same as buying, say, .nanog... >;-) -

Re: Security over SONET/SDH

- william.allen.simpson wrote: - And at $189,950 MSRP, obviously every ISP is dashing out the door for a pair for each and every long haul fiber link. ;-) It's the same as buying, say, .nanog... >;-) --- g...@gdt.id.au wrote: From: Glen Turne

Re: Security over SONET/SDH

On Sun, Jun 23, 2013 at 5:03 PM, William Allen Simpson wrote: > And at $189,950 MSRP, obviously every ISP is dashing out the door > for a pair for each and every long haul fiber link. ;-) cheaper by the dozen?

Re: Security over SONET/SDH

On Sun, Jun 23, 2013 at 10:18 PM, Glen Turner wrote: > > On 23/06/2013, at 1:21 PM, William Allen Simpson wrote: > >> What security protocols are folks using to protect SONET/SDH? >> At what speeds? > > > "Excuse me NSA, can I have export approval for one KG-530 SDH encryptor?" > What are the odd

Re: Security over SONET/SDH

On 6/23/2013 9:18 PM, Glen Turner wrote: On 23/06/2013, at 1:21 PM, William Allen Simpson wrote: What security protocols are folks using to protect SONET/SDH? At what speeds? "Excuse me NSA, can I have export approval for one KG-530 SDH encryptor?" What are the odds :-) And how would we kn

Re: Security over SONET/SDH

On 23/06/2013, at 1:21 PM, William Allen Simpson wrote: > What security protocols are folks using to protect SONET/SDH? > At what speeds? "Excuse me NSA, can I have export approval for one KG-530 SDH encryptor?" What are the odds :-) And how would we know that the "export model" isn't simply

Re: Security over SONET/SDH

On Sun, 23 Jun 2013 17:03:49 -0400, William Allen Simpson said: > Hard to see the IETF multi-vendor interoperability specifications. It > does mention SNMPv3, unlike all their other products which use a > proprietary management scheme. Also HTTP, Not HTTPS? :) pgpquXDBR6uaH.pgp Description: PG

Re: Security over SONET/SDH

--- william.allen.simp...@gmail.com wrote: From: William Allen Simpson On 6/23/13 12:48 AM, Scott Weeks wrote: > By security protocol do you mean encrypting the traffic? > Like what a Fastlane does? > > http://www.gdc4s.com/Documents/Products/SecureVoiceData/NetworkEncryption/GD-FASTLANE-w.pdf

Re: Security over SONET/SDH

On 6/23/13 10:57 AM, Christopher Morrow wrote: On Sun, Jun 23, 2013 at 10:54 AM, Christopher Morrow wrote: On Sun, Jun 23, 2013 at 9:47 AM, William Allen Simpson wrote: On 6/23/13 12:48 AM, Scott Weeks wrote: http://www.gdc4s.com/Documents/Products/SecureVoiceData/NetworkEncryption/GD-FASTLA

Re: Security over SONET/SDH

On Sun, Jun 23, 2013 at 10:54 AM, Christopher Morrow wrote: > On Sun, Jun 23, 2013 at 9:47 AM, William Allen Simpson > wrote: >> On 6/23/13 12:48 AM, Scott Weeks wrote: >>> >>> By security protocol do you mean encrypting the traffic? >>> Like what a Fastlane does? >>> >>> >>> http://www.gdc4s.com

Re: Security over SONET/SDH

On Sun, Jun 23, 2013 at 9:47 AM, William Allen Simpson wrote: > On 6/23/13 12:48 AM, Scott Weeks wrote: >> >> By security protocol do you mean encrypting the traffic? >> Like what a Fastlane does? >> >> >> http://www.gdc4s.com/Documents/Products/SecureVoiceData/NetworkEncryption/GD-FASTLANE-w.pdf

Re: Security over SONET/SDH

On 6/23/13 12:48 AM, Scott Weeks wrote: By security protocol do you mean encrypting the traffic? Like what a Fastlane does? http://www.gdc4s.com/Documents/Products/SecureVoiceData/NetworkEncryption/GD-FASTLANE-w.pdf That's rather a surprising choice (ATM product) for an IP network. Please desc

Re: Security over SONET/SDH

--- william.allen.simp...@gmail.com wrote: From: William Allen Simpson What security protocols are folks using to protect SONET/SDH? At what speeds? -- By security protocol do you mean encrypting the traffic? Like what a Fastlane does? htt