Many DACS have provision for "monitoring" circuits and feeding the data off to a third circuit in an undetectable manner. The DACS question wasn't about DACS owned by the people using the circuit, it was about DACS inside the circuit provider. When you buy a DS1 that goes through more than one CO in between two points, you're virtually guaranteed that it goes through one or more of {DS-3 Mux, Fiber Mux, DACS, etc.}. All of these are under the control of the circuit provider and not you. Owen On Feb 20, 2013, at 09:47 , Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
If you are doing DS0 splitting on the DACS, you'll see that on the other end (it's not like channelized CAS ds1's or PRI's are difficult to look at now) assuming you have access to that. If the DACS is an issue, buy the DACS and lock it up. I was on a .mil project that used old school Coastcom DI III Mux with RLB cards and FXO/FXS cards, that DACS carried some pretty top notch traffic and the microwave network (licensed .gov band) brought it right back to the base that project was owned by. Security is expensive, because you cannot leverage a service provider model effectively around it. You can explain the billion dollars you spent on your global network of CRS-1's, but CRS-1's for a single application usually are difficult to swallow. I'm not saying that it isn't done EVER, I'm just saying there are ways to avoid your 1998 red hat box from rpc.statd exploitation - unplug aforementioned boxen from inter webs.
If you created a LAN at your house, disabled all types of insertable media, and had a decent lock on your front door, it would be pretty difficult to own that network. Sure there are spy types that argue EMI emission from cable etc, but they solved that issue with their tin foil hats. We broadcast extremely sensitive information (financial, medical, etc) to probably 75% of the worlds population all day long, if you walk outside of your house today my signal will be broadcasting down upon sunny St. Petersburg, Florida. Satellite Communications are widely used, the signal is propagated (from GSO generally) over a relatively wide area and no one knows the better. And for those of you who say.. I CAN LOOK AT A SPEC AN TO FIND THE SIGNAL, MEASURE AND DEMODULATE! Take a look at spread spectrum TDMA operation - my signal to noise on my returns is often -4dB to -6dB c/n0 and spread at a factor of 4 to 8. They are expensive, but as far as the planet is concerned they are awgn. I guess it's my argument that if you do a good enough job blending a signal into the noise, you are much more likely to maintain secrecy.
On 2/20/13 9:13 AM, "Jay Ashworth" <jra@baylink.com> wrote:
----- Original Message -----
From: "Warren Bailey" <wbailey@satelliteintelligencegroup.com>
We as Americans have plenty of things we have done halfass.. I hope an Internet kill switch doesn't end up being one of them. Build your own private networks, you can't get rooted if someone can't knock. Simple as that.
Well, Warren, I once had a discussion with someone about whether dedicated DS-1 to tie your SCADA network together were "secure enough" and they asked me:
"Does it run through a DACS? Where can you program the DACS from?"
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274