All that a network attacker has to do in this case is simply disable
LLID filtering rules and enjoy unrestricted access to all information transmitted in the
downstream channel. What makes the situation worse is that the employed eavesdropping
method is completely passive, undetectable at the OLT level, and does not trigger
any visible side-effects in network structure or behavior. Therefore, the attack might
go unnoticed and even worse, continue undisturbed 24/7. This definitely violates all the
provisions for data confidentiality and privacy.
In the upstream channel, subscriber data are more secure since, inherently, the network
architecture prevents other subscribers from eavesdropping transmission contents
from other stations at the hardware level. As such, the upstream channel is considered
secure, as far as passive monitoring is concerned. Only the OLT receives ONU
transmissions and is aware of the activity periods of individual ONUs.
Additionally, the PSC unit itself constitutes a significant security threat because this
device is typically manufactured as a fully reciprocal device. Therefore, even though
only one port of the device is connected to the trunk channel, many more ports are
available but remain unconnected.
Pages:
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477