GE MDS Mercury Series Reference Manual page 28

18
The transceiver is capable of dealing with many common security
issues. Table 1-2 profiles security risks and how the transceiver pro-
vides a solution for minimizing vulnerability.
Table 1-2. Security Risk Management
Security Vulnerability
Unauthorized access to the backbone
network through a foreign remote radio
"Rogue" AP, where a foreign AP takes
control of some or all remote radios and
thus remote devices
Dictionary attacks, where a hacker runs a
program that sequentially tries to break a
password.
Denial of service, where Remote radios
could be reconfigured with bad
parameters, bringing the network down.
Airsnort and other war-driving hackers in
parking lots, etc.
Eavesdropping, intercepting messages
Unprotected access to configuration via
SNMPv1
Intrusion detection
Mercury Reference Manual
GE MDS Cyber Security Solution
•
IEEE 802.1x device authentication
•
Approved Remotes List (local)
Only those remotes included in the
AP list will associate
IEEE 802.1x device authentication
•
•
Approved AP List
A remote will only associate to those
APs included in its local authorized
list of APs
•
Failed-login lockdown
After five tries, the transceiver
ignores login requests for 5 minutes.
Critical event reports (traps) are
generated as well.
•
Remote login with SSH or HTTPS
•
Local console login
•
Disabled HTTP and Telnet to allow
only local management services
•
Operation is not interoperable with
standard 802.11 wireless cards
•
The transceiver cannot be put in a
promiscuous mode
•
Proprietary data framing
•
AES-128 encryption
•
Implement SNMPv3 secure
operation
• Provides early warning via SNMP
through critical event reports
(unauthorized, logging attempts,
etc.)
Unauthorized AP MAC address
•
detected at Remote
Unauthorized Remote MAC
•
address detected at AP
Login attempt limit exceeded
•
(Accessed via: Telnet, HTTP, or
local)
• Successful login/logout
(Accessed via: Telnet, HTTP, or
local)
05-4446A01, Rev. D