Security Management is used for wide range of purposes, such as setting virus-protecting software, making shure that access authentication procedures are established correctly, encrypting, develop security polices and principles, and preventing unauthorised access by installation of firewall software. The major goal is to establish guidelines for easy access of network resources. This control allows to assure that information could not be seen by people without appropriate access level and allows to prevent any type of sabotage (intentional and unintentional).
In the PON network, security management is having great role, because all the information going downstream can bee seen by all users attached to the PON, even if it is mentioned for different client. Different archittectures (BPON, EPON, GPON) have different type of protection assuring that information will not reach wrong customer. One of the standard techniques is the encryption of the data before sending it downstream. Encryption protects from unauthorized disclosure, modification, utilization or destruction of the information.

The BPON networks ITU-T G.983 standard is using security mechanism called churning and is used only for downstream going data (upstream information is assumed to be difficult to eavesdropp). This type of encryption is using separate keys to subscribe four upper and four lower bits of each byte. The key itself is updated at least once a second by ONTs and is sent to to OLT. OLT is requesting password from ONT to assure that ONT is not a malicious user pretenting to be one.

EPON equipment developers and manufacturers are adding some security mechanisms to their OLT and ONT offerings because Ethernet protocol doesn’t provide any built-in security solution. Most of the mechanisms are standard multilayered security solutions, such as firewalls, virtual private networks, Ip security and tunneling.
The GPON networks are using point-to-point encryption mechanism called Advanced Encryption Standard (AES). The AES is using cipher keys of 128, 192 or 256 bits to encrypt the data blocks of 128-bits. The result of incription is unintelligible and is extremely difficult to compromise. Decrypting of the information is changing information to its original state.