V. 1.0 - 21.02.2003
V. 1.1 - 05.10.2004
V. 1.2 - 10.06.2008
Copyright (C) 06/2003 by Howard Fuhs
Regarding the possibility to intercept and/or falsify satellite signals it should be a vital interest of a company to protect their telecommunications. This means the physical infrastructure as well as the content transported over the infrastructure. As we are talking here about communications, basicly the same procedures apply to increase security like we were talking about computers or networks.
Auditing the Infrastructure
Protecting a telecommunication infrastructure as such means to know the existent infrastructure which most companies often don't. Therefore it is neccessary to audit the infrastructure. Through an audit it is possible to define the actual state of the telecommunication infrastructure regarding the trustworthyness and it's (in)security. The audit can be performed by people from the IT- or Telekommunications Department or by the Security Department in charge for IT-Security. If there is no know-how or personal resources in the company available, it is recommended to buy external resources to perform the audit.
The set of information gained through an audit allows the person in charge to identify the weak spots in the telekommunikation infrastructure actual in use. After the identification of the weak spots appropriate countermeasures for securing the infrastructure can be put in place.
Securing the Content
Breaking this fact down to the information transfer over satellites it can be said, that trustworthy cryptographic measures must be applied within a company or organization to make sure that the information is secured properly when it passes a certain point. This point is usually where the company is providing the data stream to an external service provider for further transportation as in the case of satellite services.
The cryptographic measures must be designed and implemented in a way to make sure that all traffic is secured/encrypted and not only the traffic which is regarded as important or vital for the company and must therfore be protected. The total traffic encryption ensures that possible attackers are not able to do a traffic analysis beyond the fact of detecting the encrypted data stream.
The second offering is Internet-Over-Satellite. Even here encryption should take place to prevent other people to see the visited web sites (for traffic analysis purposes) or read my e-mails. As this has to be implemented into the downstream of the data it is not in the premises of the customer to implement strong security. And for economic reasons it is questionable that the service provider is including strong encryption just because one customer asks for.
Two recent offerings of the satellite industry to their corporate customers should only be regarded if secure precautions are already existing in the company. One ist the possibility to make centralized backups of distributed computers over satellite. I definitely would not like to have a Hacker or Monitor to be in my unencrypted or weak protected backup downstream! Companies which are interested in this kind of service MUST use commercial grade encryption before one bit of data is send over satellite.
Depending on the kind of information as well as the amount of information it is recommend to use scalable bulk encryption solutions. This ensures that even large amounts of data can be protected through encryption without implementing a bottleneck to a network.
As one result of many audits showed in the past, it is strongly recommended not to trust telecommunication companies and service providers as they will always and ever declare their systems and their infrastructure is safe and secure. On the other hand no telecommunication carrier has so far opend his facilities for independent auditors to verify the claims of security to the public. This should give someone to think.
I invite your suggestions for revising this document. I plan to review and revise this document as the need arises.
Copyright (C) 06/2003 by Howard Fuhs
All Rights Reserved!