Cabling, Wires, and Communications 143 Coax supports both baseband and broadband signaling. Baseband signaling means that a single channel is carried through the coax, while broadband refers to multiple channels on the coax. Figure 3.20 illustrates this in detail. Baseband signaling would be similar in concept to a speaker wire. The speaker wire in your stereo connects one channel from the amplifier to the speaker. Broadband is similar to the cable TV connection in your home. The cable from the cable company carries hundreds of channels. Each of these channels is selected by your TV set, which uses a tuner to select which channel you choose to watch. FIGURE 3.20 Baseband versus broadband signaling Coax is present in many older networks and tends to provide reliable service once it is installed. In a coax network, some type of device must terminate all of the ends of a coax. Figure 3.21 shows this termination process in more detail. If a terminator, NIC card, T-connector, or inline connector malfunctions or becomes disconnected, the entire segment of wire in that network will malfunction and network services will cease operation. Coax tends to become brittle over time, and it can fail when handled. Coax is also expensive per foot when compared to UTP cable. These are the primary reasons that coax is falling from favor as a primary network media. Coax has two primary vulnerabilities from a security perspective. The most common would be the addition of a T-connector attached to a network sniffer. This sniffer would have unrestricted access to the signaling on the cable. The second and less common method involves a connection called a vampire tap. Vampire taps are a type of connection that directly attaches Broadband Baseband Frequency Time Broadband versus Baseband Each channel is a discrete frequency or subband. Ch1 Ch2 Ch3 Ch4 Ch5 Ch6 Time Single Wire or Channel Data Slot Data Slot Data Slot Data Slot Data Slot Data Slot Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 144 Chapter 3  Infrastructure and Connectivity to a coax by piercing the outer sheath and attaching a small wire to the center conductor or core. This type of attachment allows a tap to occur almost anywhere in the network. Taps can be hard to find because they can be any- where in the cable. Figure 3.22 shows the two common methods of tapping a coax cable. Notice that the T-connector is a standard connector that can be used at any place there is a connector on the cable. Additionally, an inductive pickup or RF collar can be placed around a coaxial cable to capture any stray RF that does not get blocked by the shield of the coax. FIGURE 3.21 Network termination in a coax network FIGURE 3.22 A vampire tap and a T-connector on a coax Coax Cable 50Ω Resistor Shield Center Conductor Terminator Vampire Tap BNC Connector BNC Connector The screw fang pierces the shielding and connects with the core. T-Connector Coax Coax Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Cabling, Wires, and Communications 145 Unshielded Twisted Pair and Shielded Twisted Pair Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP) are by far the most prevalent media installed today. UTP cabling and STP cabling are similar in function with the exception that STP wraps a shield, like a coax, over the wires. STP is popular, but UTP is by far the more popular cabling in use. Fig- ure 3.23 illustrates the difference between UTP and STP cable. Notice that the STP cable has a single shield around all of the pairs. Some versions of STP also have shields around each pair of wires. This is much less common in computer networks, but it reduces electrical and interference susceptibility in the cable. FIGURE 3.23 UTP and STP cable construction This discussion will revolve around UTP, but STP operates the same way. UTP cabling comes in seven grades or categories, which are listed in Table 3.1. TABLE 3.1 The Common UTP/STP Cable Specifications Category Speed Usage Category 1 Voice-grade cable Used strictly for telephone and modems. Category 2 4 Mbps speed Used extensively in older mainframe systems. Category 3 10 Mbps Ethernet Used in 10Base-T networks. Category 4 16 Mbps Used extensively in Token Ring networks. shield STP UTP Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 146 Chapter 3  Infrastructure and Connectivity The most common cable standards used at this time are Category 5 or CAT 5. CAT 3 is very common in older twisted-pair networks. The limit of a cable segment length of twisted-pair for use with Ethernet is 100 meters. Beyond this length, the attenuation of the cables may cause reliability problems. UTP and STP cabling is not as secure as coax, and it is used primarily for internal wiring. It is more difficult to splice into a twisted pair cable, but three-way breakout boxes are very easy to build or buy. The common net- works that use UTP are 10Base-T and 100Base-T. These networks use hubs for distribution, and hubs allow sniffers to be easily connected. Many modern hubs also include the capability of switching, and network monitoring does not work properly through a switch. Remember that each circuit through a switch is dedicated when switched and will not be seen on the other ports. Figure 3.24 illustrates a hub in a 10Base-T network and a sniffer attached to the hub. The sniffer in this situation is merely a portable PC with a NIC card for the network protocol. FIGURE 3.24 10Base-T network with a sniffer attached at the hub Category 5 1000 Mbps Used in 10-, 100-, and 1000Base-T and similar networks. The most common wiring in newer networks. Category 6 1000 Mbps Used in high-speed network installa- tions. Not yet common. Category 7 1 Gbps Used in very-high speed network installa- tions. Not available—proposed standard. TABLE 3.1 The Common UTP/STP Cable Specifications (continued) Category Speed Usage 10Base-T Hub PC with Sniffer Software Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Cabling, Wires, and Communications 147 Fiber Optic Fiber optic technology takes network bandwidth to new levels of perfor- mance. Telecommunications and data communication providers worldwide have laid fiber cables extensively. At one point, the industry claimed that fiber would surpass wire as the preferred method of making network connections. Fiber optics and its assembly continue to be very expensive when compared to wire, and this technology has still not largely made it to the desktop. Figure 3.25 shows several of the more common fiber connections. The con- struction of fiber cable is simplicity itself. The cable consists of a glass or plastic conductor, surrounded by a protective coating or by layers of coating. FIGURE 3.25 Commonly used fiber connectors Fiber, as a media, is relatively secure because it cannot be easily tapped. Fiber’s greatest security weakness is at the connections to the fiber optic transceivers. Passive connections can be made at the connections, and signals can be tapped off from there. The other common security issue associated with fiber optics is that fiber connections are usually bridged to wire connec- tions. Figure 3.26 shows how a fiber connection to a transceiver can be tapped. This type of splitter requires a signal regenerator for the split to function, and it can be easily detected. ST connectors Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 148 Chapter 3  Infrastructure and Connectivity FIGURE 3.26 An inline fiber splitter Infrared Infrared (IR) uses a type of radiation for communications. This infrared radiation allows a point-to-point connection to be made between two IR transceiver-equipped devices. IR is line of sight and is not secure, but the interception device must be either in position between the two connections or in an area where a reflection has occurred. IR can be bounced off win- dows and mirrors, as can other radiation. IR connections also tend to be slow and are used for limited amounts of data. Many newer laptop PCs, PDAs, and portable printers now come equipped with IR devices for wire- less communications. Radio Frequency Radio frequency (RF) communication has had an interesting love/hate relationship with data communication. Early data communication systems, such as teletypes, used extensive networks of high-powered shortwave transmitters to send information and data. Most of the early news feeds were broadcast on shortwave frequencies and received around the world by news offices. These connections were also used for early facsimile trans- mission of weather maps and other graphically oriented images. These transmitters were very expensive, and they required large numbers of per- sonnel to manage and maintain them. Telephone connections largely replaced this means of communications, but teleprinters are still in use today. Fiber Splits single fiber into two connections. Fiber Splitter Fiber Network Fiber Connector Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Cabling, Wires, and Communications 149 RF transmissions use antennas to send signals across the airwaves. They are very easily intercepted. Anyone could connect a shortwave receiver to the sound card of a PC to intercept and receive shortwave and higher frequency transmissions and record them. Figure 3.27 illustrates a short- wave transmission between two ground sites used for text transmission. This is a very active hobby with tens of thousands of hobbyists worldwide eavesdropping. FIGURE 3.27 RF communications between two ground stations Microwave Microwaves use the RF spectrum, but they have some interesting character- istics and capabilities. The microwave frequency spectrum is the home of many interesting types of communications. Some of these communications involve huge amounts of data and information, and others involve very small Bridge Device Laser Printer Server Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 150 Chapter 3  Infrastructure and Connectivity amounts. Some of the more common applications of microwave today include cellular phones, police and aircraft communications, fax, and broadband telecommunication systems. The equipment to communicate on these fre- quencies is usually very small and power efficient. Much of the telecommunications system we use today is built on micro- wave technology. Microwave has the ability to carry huge amounts of data, communicate line-of-sight, and use broad power ranges. Figure 3.28 illustrates a cell network in a metropolitan area. A typical cell network is capable of handling hundreds of calls simultaneously, and cell usage is growing at a very fast rate worldwide. Communications on this cell network are easily intercepted by off-the- shelf equipment. Analog cellular communications can be easily understood, while digital cellular service requires additional equipment to decode trans- missions. Many people use cell phones for data communications. Most people assume that cell connections are private when, in fact, they may not be. FIGURE 3.28 Cellular network in a metropolitan area A relative newcomer on the communications scene involves wireless networks. Some of the wireless networks allow pagers, PDAs, and internal Cell sites Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. Removable Media 151 or private networks. Wireless networks operate in the 2.5 to 5.0GHz spec- trum. The frequency spectrum used in cellular and wireless networks is in the microwave band. When implementing wireless networks, you would be wise to make sure that you implement or install communications security devices or encryption technology to prevent the unauthorized disclosure of information in your net- work. Many of the newer devices include encryption protocols similar to IPSec. Removable Media Computer systems have become modular over the last few years, and one of the benefits of this is removable media. Disk drives that once cost thousands of dollars now cost hundreds or even less. What once took up a whole room can easily be put in a coat pocket. Removable media refers to any type of storage device (such as a floppy drive, magnetic tape cartridge, or CD-ROM) that can be removed from the system. Several of the more common removable media are covered in this section. The important thing to remember is that removable media is subject to viruses, physical damage, and theft. If a CD-ROM is stepped on or scratched, it probably will not work properly. If stolen, it will not be available and the information it contained will be gone forever. The following sections discuss the most common types of removable media in use today, and what physical and operational measures are needed to safeguard your removable media. Tape One of the oldest forms of removable media is magnetic tape. Magnetic tapes come in a variety of types and sizes. Older tapes were reel-to-reel and were bulky and very sensitive to environmental factors such as heat and moisture. Newer tapes are cartridge or cassette-oriented and are smaller and much more durable. Some of the new tape technologies can store on a single tape what would have required a 10-foot-by-10-foot tape vault. This single tape is slightly larger than a CD-ROM carrying case. Magnetic tapes have become very fast, and they can hold enormous amounts of data. They are commonly used to back up systems and archive old data. The major concern with tape involves physical security. It is very easy to remove one from the premises undetected. Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. 152 Chapter 3  Infrastructure and Connectivity Tape can be restored to another system, and all of the contents will be available for review and alteration. It is relatively easy to edit a document, put it back on the tape, and then restore the bogus file back to the original computer system. This of course, creates an integrity issue that may be difficult to detect. Tapes can also become infected with viruses, and they can infect a system during the data recovery process. Files going onto a tape drive should be scanned to ensure that they are virus free. CD-R The CD Recordable (CD-R) is a relatively new technology that allows CDs to be made or burned on a computer system. CD-Rs operate like a regular CD, and they can be burned quickly. Most new computer systems come standard with a CD-R “burner,” or CD-R drive. Data can be backed up or restored from the CD-R very quickly. CD-Rs are susceptible to computer viruses, and an infected file on the computer that is transferred to the CD-R will infect another system when the file is downloaded. Data theft is also very easy with a CD-R. An attacker can get on a system that has a CD-R and copy data from hard disks or servers. Files written to a CD-R can contain viruses just like any other files. This means that a CD can be a carrier. All files should be scanned for viruses before they are written to or read from a CD. Some older CD-Rs are susceptible to erasure by sustained exposure to sunlight. It is generally a good idea to keep CD-Rs out of environments that are high in ultraviolet (UV) light. Most software products now come on CD, and they can disappear quite easily. This type of theft can cost a com- pany thousands of dollars. Hard Drives Hard drives today are very small, and they can store a great deal of data. Usually, hard drives can be quickly removed from systems, and portable hard drives can be easily attached. Software that creates an exact copy, or image, of a drive can be used to download a system onto a hard drive in min- utes. Many of the hard drives available today use USB or parallel ports to connect, and some operating systems will install them automatically using Plug and Play technology. An attacker can attach a USB hard drive and then copy files from a workstation. This can happen in a matter of minutes with very little possibility of detection. Copyright © 2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. [...]...Removable Media 153 Another aspect of hard drive security involves the physical theft or removal of the actual drives If a drive containing key information is stolen, it may be difficult to replace unless a recent backup has been performed... applications, data, and any other information they need to have in order to run This eliminates the danger of viruses being introduced from student disks Copyright © 2003 SYBEX Inc., 1 151 Marina Village Parkway, Alameda, CA 9 450 1 World rights reserved . © 2003 SYBEX Inc., 1 151 Marina Village Parkway, Alameda, CA 9 450 1. World rights reserved. Removable Media 151 or private networks. Wireless networks operate in the 2 .5 to 5. 0GHz spec- trum. The. 1 151 Marina Village Parkway, Alameda, CA 9 450 1. World rights reserved. 146 Chapter 3  Infrastructure and Connectivity The most common cable standards used at this time are Category 5 or CAT 5. . physical security. It is very easy to remove one from the premises undetected. Copyright © 2003 SYBEX Inc., 1 151 Marina Village Parkway, Alameda, CA 9 450 1. World rights reserved. 152 Chapter