Arafat Yousef, Managing Director – Middle East & Africa, Nexans Data Network Solutions, provides a detailed insight into cybersecurity and LANs.
Bandwidth matters – but it shouldn’t be the only consideration!
Increasing vulnerability
As businesses and economies become more dependent on connectivity, they also become more vulnerable to cybercrime. Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a recent report from Cybersecurity Ventures. Global cybersecurity spending will exceed $1 trillion cumulatively for the period from 2017-2021. TÜV Rheinland’s latest annual report on Cybersecurity – a collaboration between global cybersecurity experts – lists key cybersecurity trends for 2020. According to the report, uncontrolled access to personal data carries the risk of destabilizing the digital society and smart devices are spreading faster than they can be secured. Attacks are currently focusing on supply chains and transport. Vulnerabilities in internet-connected personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers are another cause for concern. In addition, cloud, IoT and mobile devices are all giving security experts cause for concern.
The ‘S’ in IoT stands for ‘Security’…
As we connect more and more people and devices across locations to our networks, we open up more potential security vulnerabilities. Guests or employees using a wireless access point or connecting from home directly or via a VPN can introduce potential issues that may be very hard to detect and resolve. Wireless Access Points have also introduced new challenges. If unsecured, or poorly secured, anyone can join a WAP. Abuse can result in anything from Denial of Service to identity theft when someone has identified the MAC address of a computer with network privileges by eavesdropping on network traffic.
One comforting thought is the fact that fibre carrying data to and from buildings is as safe as possible. Hacking into a fibre cable is practically impossible. You would need direct access to the fibre and the opportunity to remove its protective covering – carefully. Actually, getting access to the data stream would require highly specific hardware and software tools, power levels and alignment. In the extremely unlikely event this could be successfully overcome, you’d need to capture, demodulate, restructure and decrypt information. So, although bending a cable beyond its prescribed radius might allow some light to escape, the chances of anyone abusing the escaped signal in any meaningful way are negligible.
When we look at LANs inside buildings, the architecture itself and proven safety measures usually provide a relatively high level of protection. Best practices include using WPA2 and data encryption, creating guest networks, and deactivating unused ports. Using a support router with an activated firewall and physically securing network hardware is also wise. In addition to these measures, an office, campus or hospital environment can put many other security measures in place. These range from physical access and security cameras to password logs. Using physical locks to project cable joints and connection points and regularly updating device and system passwords and encryption are also vital to enhancing protection.
Human behaviour
Of course, the solution isn’t only about technology and protocols. The human factor is equally important – if not even more so! The European Agency for Network and Information Security point out that “the starting point for any organisation is to gain understanding of its current cybersecurity status, and the ways in which human factors might support or detract from that defensive stance.” After all, most cyberattacks start with nothing more than an email. Carefully analysing people’s behaviour and engaging in discussion with users are key to improving the culture of safety, but also exposing flaws and security demands that are impractical or impossible to comply with.
Integrated security
A Fibre to the Office (FTTO) solution offers a high level of built-in protection. Fibre is laid vertically from a central building distributor to different floors. From there, cable runs horizontally to an FTTO switch installed at the workstation or service consolidation point, near WAPs or other devices. Switches ensure intelligent conversion from fibre to copper and vice versa, feed terminal devices with data and power and make it easy to set up ring topologies for redundancy at user level. Advanced redundancy and security concepts make planning and extending the network to accommodate future needs easy.
Intelligent system features help increase network security. The Nexans switches used in this concept provide the ideal basis for secure Gigabyte Ethernet networks in any environment. Intelligent Management Features help further increase the security of the network and minimise service costs. Nexans switches support all relevant security and encryption mechanisms such as IEEE 802.1x, SNMPv3, HTTPs, SSH and SCP. Hardened firmware of switches provides high-level protection against attacks. Because floor distributors or signal repeaters are not required between the central switch and FTTO workstation switches, there are fewer places where security breaches may occur.