|
Q: How does Interceptor™ detect an intrusion into a fiber optic cable?
A: Interceptor launches a monitoring signal into a pair of fibers of the optical cable being protected, which turns the entire cable (up to 144 fibers) into a sensor. Specifically, when any component of the cable is abnormally handled, such as would occur during an intrusion attempt, the monitored fibers sense the disturbance and Interceptor reports the event.
Q: How does Interceptor distinguish between true intrusions and benign events that may cause nuisance alarms?
A:
Interceptor incorporates a patented feature, which is referred to as
Smart Filtering™ technology. This technology is used to enable
Interceptor to “autoconfigure” itself, meaning that it learns the
normal ambient state of the network to create a baseline of normal,
routine, benign, non-threatening events such as the vibration caused by
a nearby air conditioning unit, vehicle traffic, etc. While
monitoring, these normal events are ignored. As a result of this
technology, Interceptor has eliminated the false alarms which plague
legacy alarmed carrier systems derived from perimeter security devices.
Q: What type of fiber does Interceptor require for monitoring?
A:
No special fibers are required. Interceptor uses the standard
communications fibers inside the cable to perform the monitoring, no
matter whether they are dark (unused) or active (transmitting data).
The Interceptor model is used to monitor dark fibers. The Interceptor
Plus™ model is used to monitor active fibers.
Q: Does Interceptor protect a cable or just individual fibers?
A: For most cable designs, an entire 144-fiber cable can be protected by monitoring as few as 2 fibers within the cable. If ingress into the cable is attempted, the protected fibers will sense the disturbance and issue an alarm. The effectiveness of this is dependent upon the design of the optical cable itself. Some cable designs require monitoring on more fibers than others (for instance an 864-fiber cable). Based on extensive laboratory trials, Network Integrity Systems will recommend protection profiles according to your specific cable design.
Q: Is an Interceptor required at both ends of the cable run being protected?
A: In the case of dark fiber monitoring, a single Interceptor is required at one end of the cable. At the far end a simple, off-the-shelf optical loop back device is used in a patch panel to send the monitoring signal back to the Interceptor. For monitoring active fibers, a single Interceptor Plus™ is required at one end of the cable. At the far end, a Network Integrity Systems Remote Termination Unit (RTU) is required to separate the monitoring signal from the data signal. Click here for more information on Interceptor, Interceptor Plus or RTU.
Typical Installation For Dark Fiber Monitoring
Typical Installation For Active Fiber Monitioring
Q: How many separate buildings or drops can a single Interceptor provide a secure connection?
A: At a minimum, a single Interceptor can provide a secure connection to four separate locations. However, through some simple fiber concatenation methods (i.e. daisy chaining), a single Interceptor can provide secure connections to many separate locations. The exact numbers of locations a single Interceptor can connect vary as it is based on the specific network architecture of the deployment.
Q: Does the Interceptor have an impact on the bandwidth of the network?
A:
None whatsoever. Interceptor is a physical layer device, and does not
touch, process or verify the network data (IP or cell headers) or the
National Security Information, therefore no bandwidth bottlenecks are
created allowing full utilization of the network – up to 10Gbps and
beyond.
Q: Is it necessary to perform an autoconfiguration before Interceptor can start protecting a network?
A: The Interceptor is set at the factory with a default profile that enables it to be placed into service and protect the network immediately. Once installed, the protection profile is optimized by performing an autoconfiguration while the unit continues to monitor. After the autoconfiguration is complete, the Interceptor automatically updates its configuration with the new values and continues to protect using the optimized profile.
Q: I have an application on Guam, which is a volcanic island that experiences minor seismic activity everyday/all day. Will this cause a false alarm?
A: As long as the “earthquakes” occur while the Interceptor is autoconfiguring itself, Interceptor will learn their signature and ignore them while monitoring for true intrusions. Our suggestion is to pick an autoconfiguration duration long enough to experience a tremor.
Q: Am I required to contain the cables being protected by Interceptor inside of a hardened carrier system (i.e. rigid metallic conduit, EMT or commercial raceway)?
A: In some cases yes - more on that below. At a minimum, Interceptor permits you to install the conduit above the ceiling, or below the floor since the requirement for periodic visual inspections is eliminated when Interceptor is used – therefore the conduit doesn’t need to be visible and accessible with the further benefit of improving the facility aesthetics. In the case of an outside plant (building-to-building) deployment, using Interceptor eliminates the need to encase the underground duct banks in concrete.
In some cases, Interceptor when used to protect Interlocking Armored Optical Cables, allows you to eliminate the rigid metallic conduit system altogether permitting those cables to be carried in existing conveyance (wire basket, ladder rack) or as suspended cabling (on D-rings, J-Hooks, etc.) to drastically simplify and reduce the cost of installation. Click here for more information.
Q: What types of management or software tools are required to manage the Interceptor?
A:
The Interceptor can be locally managed by serial console, and remotely
managed by Telnet or Secure Shell (SSH). The INTERCEPTOR can be
accessed via terminal programs such as HyperTerminal or TeraTerm
Q: Doesn’t the requirement to respond to alarms create an additional need for manpower?
A:
Keep in mind that using Interceptor eliminates the requirements to
conduct a daily visual inspection of the PDS. Therefore, the resources
formerly used to perform the task of visually inspecting the PDS no
longer have that responsibility or the associated time-drain. This
also eliminates the need to provide manpower to inspect PDS systems
during off-duty/weekend/holiday times as well. Finally, the need to
visually inspect manhole lids on a daily basis for OSP deployments is
eliminated.
Q: Who typically monitors the Interceptor and how do they receive the alarms generated?
A: Monitoring responsibility is established on an organization-by-organization basis. Typically it is performed by Security/Military Police, IT Help Desks or Network Operations & Security Centers (NOSCs). If Security/Military Police forces are used, then the Interceptor is usually integrated via dry contact interfaces into the existing building security system, which those forces routinely monitor. If monitored by IT departments or NOSCs, then the alarms are usually received via SNMP traps. Interceptor was designed to include most prevalent reporting methods, which affords the end-user maximum flexibility.
A key thing to remember is that Interceptor prompts you when to conduct an inspection, versus conducting them day-in-and-day-out whether a threat to the network exists or not. Therefore the use of Interceptor actually reduces the amount of manpower necessary to secure a network.
Q: Can INTERCEPTOR monitor for intrusions into the hardened carrier system (rigid metallic conduit such as EMT)?
A:
While Interceptor was designed to improve upon legacy alarmed carrier
systems derived from perimeter security technology by protecting the
cable versus the cable pathway, it can be deployed in a manner that
enables it to detect intrusions into cable carrier systems.
Q: Which organizations have depolyed Interceptor?
A: Interceptor has been deployed by the US Air Force, US Army, US Coast Guard, US Marine Corps, CENTCOM, Department of Homeland Security, Defense Intelligence Agency, Department of Justice, DoD Department of Inspector General, Naval Surface Weapons Center, Naval Undersea Warfare Center, National Reconnaissance Office, SPAWAR, STRATCOM, The Pentagon, numerous large and small systems integrators, major defense contractors.
Q: What information do I need to provide to enable you to recommend a solution for monitoring my fiber network?
A: The necessary information is listed on the Client Network Configuration Questionnaire which collects all of the information required to determine the appropriate Interceptor configuration for your specific network. Click here to download a copy of the questionnaire.
|
