Data security is of paramount interest to the users of
fixed wireless networks. Numerous published reports have
cited security vulnerabilities in the very popular 802.11b
wireless LAN standard (commonly referred to as WiFi). The
open standards architecture of 802.11b permits competing
equipment manufactures to coexist on the same local area
network. Unfortunately, this interoperability limits the
security of networks employing such technology.
MultiMeg's
wireless broadband access system does NOT employ the 802.11b
(WiFi) RF protocol. Instead we utilize a proprietary communication
protocol that is fortified with direct sequence spread spectrum
transmission, user authentication, and point-to-point scrambling.
The resulting wireless links provide an almost impenetrable
level of security.
The proprietary polling and authentication techniques employed
by MultiMeg virtually
eliminate decryption and unauthorized access. Unlike WiFi
links, there are no off-the-shelf sniffers or other devices
that can "hack" into or eavesdrop on the transmissions.
The advanced nature of the modulation and data-scrambling
techniques ensure that the only method of over-the-air system
access is with another matching subscriber unit (SU). MultiMeg's
individual SU authentication process ensures that the network
will not recognize unauthorized SUs.
MULTIMEG
WIRELESS LOOPS ARE MORE SECURE THAN ANY TELCO PRODUCT
-- INCLUDING T1s, WHICH DO NOT EMPLOY ANY ADVANCED
SECURITY OR AUTHENTICATION PRACTICES.
|
The MultiMeg wireless
broadband access system utilizes four distinct security
features, all of which contribute to a very high level of
security, through both design and implementation:
Dynamic Polling Protocol
Spread Spectrum Modulation at 5.8 GHz
Subscriber Unit Authentication
Proprietary Data Scrambling of Radio Frequency (RF)
Data Packets
MultiMeg employs a smart
proprietary polling protocol that provides security in addition
to a very high level of bandwidth efficiency. Our wireless
network is comprised of multiple master radios (AKA Access
Points -- or APs) and multiple subscriber units (SUs). Dynamic
polling is an algorithm executed by an AP that allocates
varying timeslots at varying intervals to each SU in order
to grant it permission to send or receive data. The polling
sequence and allocation of timeslots is determined according
to multiple parameters, including size and frequency of
the data being sent. The resulting sequence of data transmissions
is dynamic and not set to a synchronous, predetermined pattern
(unlike straight Time Division Multiple Access based systems
- or TDMA). This prohibits potential invaders from predicting
the polling sequence and tampering with the system.
The MultiMeg wireless
broadband access system utilizes Spread Spectrum modulation
in the unlicensed 5.8 and 5.3 GHz ISM band to provide an
additional layer of security. In this process, the encoded
data is modulated with an 8-bit pseudo noise code and spread
over a band of frequencies. There is no simple demodulator
(either on the market or easily constructed) that can intercept
a Spread Spectrum 5.8 GHz signal.
In order for information to pass between an AP and SU, the
AP must first authenticate the SU through a password protected
database administered by MultiMeg.
This database, located within the nonvolatile memory of
the AP, contains the unique MAC identification (MAC ID)
and SU identification (SU ID) of every MultiMeg
authorized SU. Both unique numbers can only be confirmed
by the AP that has been assigned to that specific SU.
In short, only authenticated SUs can associate with a specifically
assigned AP. In the event an unauthorized or rogue SU is
brought into the proximity of the wireless network, the
AP will not authenticate it and network access will be refused.
When more that one SU associates with an AP, an additional
layer of authentication is added to each data packet outbound
from the AP; a scrambled identifier is encoded with the
data packet along with a target SU "address".
In other words, only the intended SU will be able to receive
and descramble the data necessary to recreate the original
Ethernet packet.
MultiMeg employs wireless
hardware-based patterns of sequencing, combining each data
byte with one of 256 scrambling bytes. This proprietary
scrambling method offers a significant level of over-the-air
security and ensures that only authorized equipment will
be able to receive and de-scramble data.
These four advanced security practices combine to provide
unparalleled protection for traffic on the MultiMeg
managed network (between the Customer's router and the Internet
peering point); however, the end user must still take measures
to secure internal LAN and WAN traffic. The Internet is
an open media accessible by some very intelligent and crafty
individuals. We encourage all businesses to employ other
means of protecting their total network operations, such
as Firewalls, VPNs and packet encryption (IPSec or SSL,
for example). MultiMeg
can help to design and implement a total security solution
that best suits your business. Please contact
us for additional information.