You are on page 1of 2

overview

StronG SecuritY on ecLiPSe PAcKet node

KeY FeAtureS

Even though microwave communications have some built-in security-like features such as scrambling, narrow beamwidth, proprietary airframe, coding and other factors, it is not very hard for them to be broken by those with the proper expertise. Some vendors even openly offer commercial microwave interception systems for “legitimate” monitoring. This and the growing sophistication and willingness of those attempting to break into wireless networks makes a high level of security for microwave more important than ever.

• Support for Secure Management over unsecured networks through use of secure protocols (e.g., SNMP v3, SSL, TLS v1.2) based on FIPS-140-2 validated algorithms • Payload Encryption (e.g., AES-128, AES-256, 3DES, DES) of communications and OAM traffic compliant with FIPS-197 • RADIUS capability and centralized AAA domain support for User Authentication to track all authorized and unauthorized user activity and points of entry • Six categories of access privileges to create any type of highly customized user profiles that are most appropriate for your network • Capability to disable all unsecured physical ports for each radio link to prevent unauthorized connections and system break-ins

introduction
Strong Security on the Eclipse Packet Node platform is designed to provide peace of mind for those operators who need that extra level of security. Strong Security supports Secure Management over unsecured networks with support for standardized protocols based on FIPS-140-2 requirements. Payload Encryption is supported by a module designed to be compliant with FIPS-197. Integrated RADIUS and centralized AAA domain capability are supported by Strong Security for remote authentication, authorization and accounting for an additional level of security for wireless networks.

Secure MAnAGeMent
Management of the Eclipse Packet Node platform can be secured over unsecured networks. Strong Security supports secure management interfaces based on secure management protocols that have been validated against FIPS-140-2 requirements. Secure Management is very flexible and provides the security customers need for microwave transmission management. Using a craft interface tool for configuration and maintenance, the Eclipse Packet Node radio can be securely managed via TLS v1.2 tunneling. For centralized monitoring from a network operations center (NOC), Eclipse Packet Node can be securely accessed by way of any network management system (NMS) that supports SNMP v3 (Figure 1).

overview
StronG Securit Y on ecLiPSe PAcKet node

PAYLoAd encrYPtion
To provide Strong Security, data and management payloads on Eclipse Packet Node radios can be encrypted. Payload Encryption through Strong Security prevents wireless communications from being eavesdropped on (Figure 2). Any eavesdropping equipment, or sniffers, along the transmission path between links or in the transmitter’s vicinity will only receive a garbled transmission. With AES encryption and 128-, 192- or 256-bit symmetric keys, a randomly generated encryption combination protects each Eclipse Packet Node wireless link pair. These combinations are created and negotiated between links using the industry-standard Diffie-Hellman Key agreement method, which supports groups with modulo of at least 2048 bits. Given this level of support, no particular encryption combination will be repeated within 4000 years. Therefore, Payload Encryption is fully compatible with the AES encryption standard and complies with FIPS-197, which provides the definition for AES encryption.

If communications to the RADIUS server are interrupted for any reason, Strong Security supports a fallback position. RADIUS credentials can be cached for a userdefined period. When the RADIUS server is unavailable, the cached credentials may be used to log in. For extended periods where the RADIUS server cannot be reached, the user-based security model allows logging in with the local SNMP user database.

Secure Management Traffic

Secure Management Traffic

Secure Access via TLS / SNMPv3

Secure Access via TLS / SNMPv3

Unsecured Network (WAN, LAN, etc.)

Unsecured Network (WAN, LAN, etc.)

inteGrAted rAdiuS cAPABiLitY
For an even higher level of protection, Strong Security on Eclipse Packet Node configures RADIUS capability into existing customer IT infrastructure. With integrated RADIUS capability, access control based on more sophisticated permission attributes can be provided. Eclipse Packet Node RADIUS capability enables authentication, authorization and accounting of remote user accounts, and integration also allows customers to manage user accounts within existing IT infrastructure from a central location—the same way PC user accounts are managed. With integrated RADIUS capability and the Security Event Logger feature on Eclipse Packet Node, all management activity attempts on Eclipse are tracked, including actions that affect traffic, logins and logouts, any changes to user accounts and other security events. It does this by recording user logins and IP addresses.

NMS Terminal or Craft Interface Tool

OEM Equipment

Figure 1. Strong Security on the eclipse Packet node platform supports Secure Management via tLS v1.2 tunneling with a craft interface tool or SnMP v3 through a compatible nMS terminal.

Payload Traffic Management Traffic NO SNIFFING

Secure Unencrypted

Unencrypted Payload Traffic

Unsecured Management Traffic

Unencrypted Payload Traffic

Unsecured Management Traffic

Figure 2. with Payload encryption on eclipse Packet node, both payload and management traffic are encrypted to a high level of security against eavesdropping (i.e. sniffing).

www.AviAtnetworKS.coM
Aviat, Aviat Networks, and the Aviat logo are trademarks or registered trademarks of Aviat Networks, Inc.

© Aviat Networks, Inc. (2010) All Rights Reserved. Data subject to change without notice. _o_StrongSecurity_EcliPktNd_UNIV_11Nov10