Problem solve Get help with specific problems with your technologies, process and projects.

Have you ever heard of an attack through a fiber switch?

We've separated our tiers in the typical three-tier model (presentation, application, database) by firewalls -- not just between tiers one and two, but also between tiers two and three. I want to have servers in tiers two and three connect to a SAN via Brocade fiber switches, but our security folk nixed it due to the "electronic connection to the Brocade switch establishing a path around the firewall." Have you ever heard of a security attack through fiber that would make them this paranoid?
I have no documentation of such an attack. But, just because a bank has not been robbed, doesn't mean they should not follow sound security practices. For a bank, those practices could be: keep the safe on a timer that does not allow it to open, even when the correct combination is used, outside of banking hours. In a network a sound security practice is to not allow a path around the firewall -- any path.

Also, to the non-IT pro, the difference between TCP/IP and fiber is not clear. Once approved to use fiber, if a new SANS that uses TCP/IP replaces the switch, your company might just pull one plug and insert another. Then it would be just like putting any other machine or connection between the Internet and your network while going around the firewall. We do have evidence of those types of attacks.

Dig Deeper on Enterprise desktop management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.