Layer One Network Security

25/4/2024

In the ISO/OSI model, the first layer is referred to as the physical transmission medium. Usually it is a cable or possibly radio waves. Until recently, it was believed that these elements were of little importance for data security. In terms of safety, the first violin was played by the second and third layers. Layer 1 systems, meanwhile, have undergone considerable development over the years. New standards have been created, the mechanisms of action of which we can compare to the second layer.

Today, layer one is no longer just the medium itself, but advanced transmission systems. They give administrators many advantages both in terms of the efficient use of fiber optics and the ability to secure running services.

How can we secure services on layer one?

Software security

From the software level we can run encryption on layer one. This is a solution analogous to MAC SEC, that is, encryption on layer two. The main difference is that in the case of layer one we can encrypt all services (Fiber Chanel, Ethernet, etc.) on the transmission system, while in the case of layer two, a single switch can encrypt one protocol.

Thanks to transmission systems, we can encrypt all services from the same device, be it Ethernet, Fibre Channel, OTN or STM, and all this process introduces lower latency than traditional MAC Sec or IP Sec.

Physical security

Backup route — this is the first thing that comes to mind when we need physical security in layer one. Everyone probably associates stories in which workers damage the optical fiber during work, which, as a consequence, causes considerable losses for enterprises. The only thing we can do to eliminate such situations is to apply a backup route. We achieve this by installing an additional device that will automatically switch all services in the event of a breakdown.

Transmission systems give us several options for solutions for backup routes. Starting from the already mentioned dedicated traffic switching device, through active systems with two linear ports, ending with full hardware redundancy. The last of the listed solutions provides full protection. The failure of any element of the system does not affect the work of services. Each of these methods has slightly different advantages over the others. It all depends on the needs of the administrator and the effect we want to achieve.

summary

The physical layer has a number of mechanisms by which we can support switches and routers in terms of security. Starting from additional encryption methods, ending with protecting the fiber optic fiber from physical damage. And all this to ensure the uninterrupted provision of services on the network. Transmission systems not only ensure the operation of services, but also provide an opportunity to easily expand our network with additional transmissions.