Blog - Network Security: It’s Time to Consider Passive Optical LAN

July 10, 2019
While what we don’t know all the threats that must be addressed, we can proactively plan, build, and operate more secure local area networks (LANs) with a passive optical LAN.

While tracking cybersecurity and breach mitigation issues, there are known-knowns, known-unknowns, and many unknown-unknowns relative to network security. In fact, experts say it is highly probable that your network has already been hacked and that the bad actors are already inside your network. Those that tap into this fear, uncertainty, and doubt perspective also believe that whatever you do next, the perpetrators will be one step ahead.

This is a scary predicament, especially when you consider everything you might not be aware of – which we refer to as the known-unknowns and unknown-unknowns. While what we don’t know must be addressed, the industry as a whole is failing to have an open and honest dialog concerning what we are aware of – the known-knowns. That is, we can proactively plan, build, and operate more secure local area networks (LANs) with a passive optical LAN.

We know passive optical LAN fiber cabling is highly secure and produces none of the EMI radiation that is typically associated with traditional copper-wired facilities. Utilizing fiber-optic cable for the transport mechanism effectively removes all TEMPEST concerns. In addition, we know:

  • Fiber-optic cabling is more secure than copper cabling. A passive optical LAN infrastructure is more difficult to physically tap, meaning it would take more sophisticated equipment and a very technologically savvy criminal to even attempt to illicitly tap into the network. And, even if one tries to infiltrate the network, passive optical LAN uses a stateful protocol that would likely discover and isolate rogue activity. In addition, fiber is not susceptible to interference nor does it introduce interference. With fiber, you have no cross-talk, no electromagnetic interference, no RF interference, and no electromagnetic pulses.
  • Centralized intelligence and management. Based on its architecture, passive optical LAN systems are inherently more secure than having full-functioning workgroup switches spread out across buildings and campuses. A passive optical LAN’s centralized intelligence and management is only accessible from its management software and optical line terminal (OLT) locked in the main data center. This ensures consistent policies and procedures are put in place from a single point of access.
  • Tight network access controls. Tight role-based network access controls for users can be established through strict authentication and authorization. This is where secure passwords are assigned and managed. Based on IT staff credentials, privileges are defined for what a user can view and modify. Then the activity of the IT staff can be tracked, which helps root cause analyses during troubleshooting and can help with junior IT staff training.
  • ONTs have no local management access. The lack of local management access at endpoint optical network terminals (ONTs) inherently make this architecture more secure. This set up typically has no local management access, eliminating human interaction because there are few needs for human touches at the ONTs. The ONTs are basically simple optical-to-electrical terminals. The low human touch operation means far less human error, leading to lower network downtime. In addition, negligent and malicious human activities are reduced, resulting in improved security.
  • ONTs do not store user or network information. With a passive optical LAN’s centralized intelligence and management, neither user information nor network information is locally stored within the ONTs. Simply stated, there is nothing for perpetrators to steal at the ONTs.

Based on these known-knowns, we can confidently say passive optical LANs reduce network points of vulnerability. Its ability to improve network security both at the electronics level as well as across the cabling infrastructure has been in the background for some time now, but the time has come for more organizations to see that passive optical LAN is the future.

Proving this point, the U.S. federal government and the U.S. Department of Defense were the early adopters of passive optical LAN. Which why it is no wonder that industries such as financial, healthcare, education, retail, and transportation are looking to the U.S. defense, civilian, and intelligence IT security experts for guidance on cybersecurity and breach mitigation. They are also looking to industry organizations, such as the Association for Passive Optical LAN, that are working to ensure more commercial markets continue to take advantage of how passive optical LAN can improve the defensibility of enterprise networks inside buildings and across campuses.

Whether it’s now or sometime in the near future, every copper-based legacy network must be upgraded or replaced to keep pace. Those in the know will consider passive optical LAN as the best course of action to stay relevant for years to come. If you are looking for a secure, cost-effective, reliable, and scalable option, you will find that all roads lead to passive optical LAN.

John Hoover is senior product manager at Tellabs and a board director for the Association for Passive Optical LAN (APOLAN).