PASSIVE MONITORING
As mentioned previously, it is relatively easy to monitor clear text transmissions over an IP network. Unfortunately, most of the time invaders are not easily detected. This is because monitoring of the traffic is performed using passive devices that do not transmit any data of their own. Therefore, they can’t be easily detected. In addition, attackers do not require physical access to any particular facility to conduct these passive monitoring sessions.
While hackers don’t require physical access to monitor (hack) a network, they can be easily connected by placing a probe or analyzer anywhere along the transmission path — from system initialization to destination. Since vulnerabilities can exist anywhere along the IP transmission path, complete system security can only be achieved by applying end-
•Access Point (AP)
•Subscriber Module (SM)
•Backhaul (BH) Module
•Cluster Management Module (CMM)
•Bandwidth and Authentication Manager (BAM)
The Canopy system security does not include elements outside of the wireless transport, such as:
•Client (Computer)
•Wireless Modems
•Local Area Networks
•Routers
•Printers
•Servers
•Various Network Peripheral Equipment
Protecting equipment outside of the Canopy system from security invasions can be accomplished using software, devices and security techniques from various manufacturers and should be included as part of an
SECURITY FEATURES WITHIN CANOPY SYSTEM
Privacy and integrity of data are key considerations for both broadband network subscribers and operators. Security and authentication to prevent unwanted access to critical data or services are necessary for the effective operation of any broadband network. Applications such as medical, remote surveillance, safety, security and homeland defense would not be possible without incorporating advanced security features into the fixed wireless network. Gone are the days when it wasn’t necessary to be concerned with security as a fundamental building block.
2
