Download presentation
Presentation is loading. Please wait.
1
Security and Encryption
Dmitry Moiseev
2
Agenda – How to build up layered security
Physical Security Detect physical tampering Prevent unauthorized software Encrypt sensitive configuration data Defend against network attacks Management Security Prevent unauthorized access. Audit trail of who changed what and when Prepare for disaster Data Security Encryption of over-the-air data Prevent decoding of network transmissions Process Security Build security into the product upfront Gain validation from 3rd parties Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
3
Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Physical Security Detect physical tampering Tamper-evident serial numbered seals placed on unit seams prior to leaving factory Opaque enclosure prevents seeing inside box without breaking tamper-evident seal. Prevent unauthorized software Software images digitally signed and won’t load if modified Encrypt sensitive parameters Secure storage and erasure of critical security parameters (passwords, encryption keys, etc.) No hardcoded passwords in the unit. No default security certificates No user payload data stored on unit Defense against Network Attacks Denial of Service logic protecting management interface Un-used ports and protocols locked down Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
4
Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Management Security Secure Access to Management Interface Secure protocols (HTTPS and SNMPv3) No default passwords or security certificates Password rules and aging No manufacturer “back-doors” Supports user-installable X.509 certificates for authentication Out of Band Management Options (OOBM) Security banners Detect and Audit System Activity Identity based user accounts (3 roles/10 users) Multiple access levels Centralized storage of event logs (syslog) Centralized user authentication (RADIUS) Authenticated ntp (time server) Disaster Preparedness / Recovery ‘save and restore’ allows units to be quickly restored to approved settings Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
5
Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Wireless encryption Stream-based wireless encryption 128-bit and 256-bit AES encryption (validated to FIPS-197) Protects users data Prevents traffic analysis Efficient hardware-based crypto Optional over the air rekeying (OTAR) AES license Secure device authentication ODU will not connect to any unauthorized remote unit Factory-installed or user-supplied device certificates PSK, Whitelist, Blacklist authorization Encryption standards Wireless encryption based on standard approved algorithms and protocols: AES, SHA-256, SHA-384, RSA, TLS Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
6
Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Process Security ISO 9000 Software Development Process Structured code reviews Build integrity / Version control Vulnerability Scanning Each software release tested against set of latest known attacks with industry-standard tools Industry Validation Optional FIPS Level 2 validated by NIST on PTP 700 AES encryption algorithms validated against FIPS197 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.