Microwave link security.
Neal Rauhauser
neal at lists.rauhauser.net
Sat Oct 22 12:32:27 UTC 2005
If it is a high value target (government, banking, etc) you should
deploy a layer 3 security solution such as IPsec between the end points.
If the solution is based on a proprietary bridge radio where the only
method of snooping is to have a development version of the radio ...
well ... you'll likely have no trouble intrusion wise. Intrusion is much
less of a concern than interference, both intentional and accidental.
I've deployed 802.11b from Cisco & Orinoco, Alavarion frequency
hoppers, Western MUX Tsunami, Aperto, Adtran Tracer, and Proxin
Quickbridge. The biggest hazards in an urban environment are, in
descending order, unintentional interference, intentional interference,
sleazy behavior from Proxim Quickbridge tech support, and intrusion
running a distant fourth.
These days I'm using Soekris 4511 single board computers with hardware
crypto accelerators for point to point links. We started using OpenBSD
and we're converting them to MikroTik for advanced routing features.
We've got some multipoint access cells and there I'm holding my nose and
running WPA because it is what the clients and tech support folks can
handle.
Sorry no links, as microwave suffering is only chronicled in my head,
but willing to answer emails if it helps you ...
MARLON BORBA wrote:
>Fellow NANOGers,
>
>Please, do you know any documents and/or links about securing data microwave links? I am writing a project for MAN interconnection of several buildings with MW radios and concerned about possible security threats.
>
>TIA,
>
>Marlon Borba, CISSP.
>
>
>
>
More information about the NANOG
mailing list