Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Waves And Optics

Isolation-of-Electrical-and-Optical-Interfaces-2_2-blurred

advertisement 
Network Integrity Systems
1937 Tate Blvd SE
Hickory, NC 28602
Phone: 828.322.2181
Fax: 828.322.5294
info@networkintegritysystems.com
www.networkintegritysystems.com
Application Note:
Isolation of Monitored Optical Network Interface and Electrical
Control Interface in Interceptor
To preclude any compromise of sensitive data, Interceptor is designed for maximum
isolation between the optical network ports and the electrical control ports. The
following is a description of this design methodology.
Architecture of Interceptor
Designed with security in mind, Interceptor is partitioned as shown below, with
separate sections for the monitored optical signal and the Ethernet (RJ-45) and Serial
(RS-232) control ports. Shown are block diagram and annotated picture.
Top View
Electronic Section
Optical Section
Interface
Control
System Control
Alarm Reporting
Network Interface
INTERCEPTOR
I/O
100BASE - T
Intrusion
Signal
CW Laser Transmitters
Optical Components
Low Frequency Optical Receivers
A/D Converters
Fiber Optic Intrusion Detection System
Status
Local
Rx
Tx
Console
1
2
3
1
Remote
Rx
Tx
Local
Rx
Tx
2
Remote
Rx
Tx
Local
Rx
Tx
3
Remote
Rx
Tx
Local
Rx
Tx
4
Remote
Rx
Tx
4
Reset
8000-4-U-S9-3L
AN-112/June 2011
Network Integrity Systems
1
Network Integrity Systems
1937 Tate Blvd SE
Hickory, NC 28602
Phone: 828.322.2181
Fax: 828.322.5294
info@networkintegritysystems.com
www.networkintegritysystems.com
Optical Section
This section contains the CW (continuous wave, or non-modulated) laser transmitters,
the low frequency receivers, the proprietary optical components, and the electronics
required to control them. Isolation from the secure data occurs here in multiple ways:
1. The optical design separates the data from the out-of-band monitor wavelength
as follows:
AN-112/June 2011
2
Network Integrity Systems
1937 Tate Blvd SE
Hickory, NC 28602
Phone: 828.322.2181
Fax: 828.322.5294
info@networkintegritysystems.com
www.networkintegritysystems.com
a. In Interceptor “dark” units, there is no data present on the fiber as the
unit is used exclusively for monitoring unused fibers within the protected
cable.
b. In Interceptor+Plus units, wavelength division multiplexers (WDMs) are
used to route protected data only to the Remote port, and only the
separate out-of-band monitor wavelength to the Interceptor internal
receiver. This out-of-band isolation is tightly monitored and controlled
during manufacture; as part of our ISO9001 QC procedure, Interceptor
units are 100% tested for insertion loss and isolation of both data and
monitor wavelengths.
2. The optical receiver is bandwidth limited to below 1 kHz. By utilizing sub-data
bandwidth for the monitoring wavelength, Interceptor is incapable of reading
any data from network traffic that might be present (see section 1 above). The
monitor wavelength, exclusively, is analyzed for trends characteristic of physical
perturbations.
3. The low frequency monitor signal alone is communicated across the interface to
the electronic section, by virtue of the limited bandwidth, electrically isolating
the optical data from the control RJ-45 and RS-232.
Interface Section
This section supplies the communication between the electronic and optical sections.
This allows the processor to enable optical ports, perform maintenance and safety
monitoring, and receive low frequency signal from the optical receiver for perturbation
and intrusion analysis.
Electronic Section
This section contains the Ethernet and Serial interfaces, power switch, status lights,
reset buttons, processor board, and the electronics needed to interface between them.
Communication with the Ethernet and Serial interfaces are limited to this section, and
no network connectivity exists between these electrical interfaces and the optical
network ports in the optical section. Analysis of the low frequency signal from optical
receivers occurs in this section.
Designed For Security
As shown, great lengths were taken to separate the control and data paths in
Interceptor, thereby assuring isolation and security of data in a protected network.
For a summary of software security features, please see NIS Application Note:
“Interceptor Version 2.3 Software Security Features”.
AN-112/June 2011
3
Related documents
Special Effects
Special Effects
Competition between superconductivity and spin-density
Competition between superconductivity and spin-density
Institute of laser for postgraduate studies
Institute of laser for postgraduate studies
Linear and non-linear optics and FTIR characteristics of borosilicate
Linear and non-linear optics and FTIR characteristics of borosilicate
G-CLEF Optical Design
G-CLEF Optical Design
PM2.5 Sourcing: A Multi-System Geochemical Approach for
PM2.5 Sourcing: A Multi-System Geochemical Approach for
chapter 9
chapter 9
ISSN (Online) : 2230-8849 - International Journal of Enterprise
ISSN (Online) : 2230-8849 - International Journal of Enterprise
Download
advertisement