Information Security and Defense in Depth

By    August 15, 2017

The spread of available connectivity has outpaced the ability to keep information secure. In a previous blog post, I discussed the value of being informed about the security of public Wi-Fi networks, where each user can play a role in limiting their exposure to security risks. Working in from the Wi-Fi access layer, network operators need to build security into the backhaul infrastructure to ensure that the core of the distribution layer is secure.

Solutions like our PTP 670 wireless backhaul extend the network to connect Wi-Fi access networks– configured as a point-to-point link or a High Capacity Multipoint (HCMP) hub-and-spoke architecture to one or multiple points. Security in this section of the network is crucial, as it affects all users. At Cambium Networks, we have prioritized security on our PTP solutions to ensure that networks deliver consistently high performance and secure operations.

  • Physical Security includes tamper-evident seals and digitally signed software images that only load if the software is not modified. These steps, plus restricting against hard-coded passwords and keys and locking down unused ports and protocols, protect the system from intrusion and Denial of Service attacks.
  • Management Security ensures that only authorized personnel have access to the management interface. This includes removing all manufacturer “back doors” and default access and aging passwords and supporting user-installable X.509 certificates for authentication.
  • Data Security through wireless encryption ensures that the over-the-air signal is protected by 128-bit and 256-bit AES, SHA-256, SHA-384, RSA, and TLS encryption validated to the FIPS 197 industry standard. This prevents an intruder from intercepting the signal and performing data or traffic analysis or connecting to an unauthorized unit.
  • Process Security includes complying with ISO 9000 software development process standards, with structured code reviews and tight version controls. Each software release is tested against a set of latest known attacks and is validated against the FIPS 197 standard. The PTP 700 is additionally certified against the FIPS 140-2 Level 2 NIST standard.

Network users and designers have different responsibilities regarding security. Network users need connectivity for their work or personal business, and many choose to use unsecure Wi-Fi access networks even though they know the risks, because they feel that they do not have a choice. Network architects and operators do have a choice to design security into their infrastructure, however, and must consider the long-term benefits of deploying a proven solution with layered security.