2
P
ASSIVE
M
ONITORING
As mentioned previously, it is relatively easy to monitor clear text transmissions over an
IP network. Unfortunately, most of the time invaders are not easily detected. This is
because monitoring of the traffic is performed using passive devices that do not transmit
any data of their own. Therefore, they can’t be easily detected. In addition, attackers do
not require physical access to any particular facility to conduct these passive monitoring
sessions.
E
ND
-
TO
-E
ND
S
ECURITY
While hackers don’t require physical access to monitor
(hack)
a network, they can be
easily connected by placing a probe or analyzer anywhere along the transmission path —
from system initialization to destination
. Since vulnerabilities can exist anywhere along
the IP transmission path, complete system security can only be achieved by applying end-
to-end security measures. The security measures built into the Canopy system
architecture are designed to cover only the wireless portions of the network. These
include:
•
Access Point (AP)
•
Subscriber Module (SM)
•
Backhaul (BH) Module
•
Cluster Management Module (CMM)
•
Bandwidth and Authentication Manager (BAM)
The Canopy system security does not include elements outside of the wireless transport,
such as:
•
Client (Computer)
•
Wireless Modems
•
Local Area Networks
•
Routers
•
Printers
•
Servers
•
Various Network Peripheral Equipment
Protecting equipment outside of the Canopy system from security invasions can be
accomplished using software, devices and security techniques from various
manufacturers and should be included as part of an end-to-end system design.
S
ECURITY
F
EATURES
W
ITHIN
C
ANOPY
S
YSTEM
Privacy and integrity of data are key considerations for both broadband network
subscribers and operators. Security and authentication to prevent unwanted access to
critical data or services are necessary for the effective operation of any broadband
network. Applications such as medical, remote surveillance, safety, security and
homeland defense would not be possible without incorporating advanced security
features into the fixed wireless network. Gone are the days when it wasn’t necessary to
be concerned with security as a fundamental building block.
