Network Security – Wireline Versus Wireless
Common questions from those considering broadband wireless service often revolve around security. While these concerns are sensible valid and justified, it is rather ironic that users rarely ask these question with the same level of concern about their wireline network services; the security of information on the wire is, perhaps incorrectly, assumed as a given. Many have images of data on a wireless network floating freely in the air waiting for someone with a scanner to capture it and as data packets begin traveling through the air, a high degree of anxiety sets in. After all, it is reasoned, the wireline network is secure and the data stays on the wire, only available to authorized users with physical connections to that wire.

In fact, any network, wireless or wireline, is subject to substantial security risks and issues. These include:

• Threats to the physical security of a network
• Unauthorized access
• Privacy

With the advent of wireless broadband service, wireless service providers and equipment manufacturers have in fact included an additional set of unique security elements which are not available in the wireline world. Based on these elements, the argument can easily be made that wireless networks are at least as secure as wireline networks

What can be done

Physical Security
Given the obvious reliance of wireline networks on the wire, anyone gaining access to that wire can damage the network or compromise the integrity and security of information on it. Without the proper security measures in place, even registered users of the network may be able to access information that would otherwise be restricted. Disgruntled current and ex-employees have been known to read, distribute, and even alter valuable company data files. Network traffic can be intercepted and decoded with commonly available software tools once one has physical access to the network cabling. In a wireline network including cable systems, countless cases have been documented of wiretapping, hacking by authorized users and even people down the street hacking into their neighbor’s computers.

Subscribers, regardless of whether or not they have wireless segments on their networks, need to have the appropriate security products for their environments, the proper security levels set for their users, and an on-going process to audit the effectiveness of security policies and procedures. Physical access to network wires needs to be protected. Unfortunately, the vast amount of wire inherent in most networks provides many points for unauthorized access.

Unauthorized Access
Another area of concern for security-conscious subscribers is the growing use of the Internet. Often, if users from inside can get out to the Internet, then users from outside can get into a network if proper precautions haven't been taken. And this applies not only to the Internet, but also to any remote network access capabilities that might be installed. Remote access products that allow traveling sales and marketing people to dial in for their email, remote offices connected via dial-up lines, intranets, and "extranets" that connect vendors and customers to a network can all leave the network vulnerable to hackers, viruses, and other intruders. Firewall products offering packet filtering, proxy servers, and user-to-session filtering add additional protection.

Many products are available to help subscribers secure their networks from the above threats. User authentication and authorization is provided by most network operating systems, and can be enhanced by adding third-party products.

Privacy
Perhaps the most difficult threat to detect is someone just looking at (and likely copying) raw data on the network. Wireline networks are particularly vulnerable to eavesdropping. Most Ethernet adapters on the market today offer a "promiscuous mode" that, with off-the-shelf software, enables them to capture every packet on the network. Most network administrators have some kind of "packet sniffer" and/or network traffic analyzer for trouble-shooting the network. Inexpensive and readily available hardware and software let anyone with physical access to the network to read, capture, and display any type of packet data on the net. While data encryption is the only line of defense against this kind of threat unfortunately, no wireline network service provider incorporates this technology as even an option that subscriber could use with their product.

Wireless Network Security Considerations
We can see clearly that data security considerations impact the entire network architecture. And while these data security considerations apply equally to wireless networks, the technology used in the physical layer (airspace) of wireless networks actually increases overall network security, as follows:

Spread Spectrum Technology
UltraFast T1 Wireless’s wireless networks use a form of spread-spectrum radio transmission technique. Spread spectrum technology was first introduced about 50 years ago by the military with the objective of improving both message integrity and security. Spread-spectrum systems are designed to be resistant to noise, interference, jamming, and unauthorized detection.

Spread spectrum communications is a means of transmitting a signal over a much wider frequency bandwidth than the minimum bandwidth normally required to transmit the information. The minimum is for the spread spectrum to have a bandwidth of at least 10 times the information bandwidth.

A typical radio signal contains both the data itself (which is the useful content) and a carrier frequency, which is modulated or blended with the data signal in order to "carry" the transmission across the operating range of the transmitter.

In UltraFast T1 Wireless’s Direct Sequence Spread Spectrum (DSSS) transmissions, another element is introduced called a pseudo-noise (PN) code sequence. This is a binary – and hence digital – code sequence which, when modulated with the carrier frequency and original content, causes the resultant signal to spread across a much wider frequency spectrum, whereas the original radio signal would have occupied only a specific radio frequency. This has the resultant effect of dissipating the signal intensity over a broad range of frequencies, thus shrouding the transmitted signal, and making it indistinguishable from random white noise.

At the receiver end, in a process known as "correlation", a similar pseudo-noise code sequence matching exactly the one used by the transmitter is generated in order to "decode" the transmission by reconstituting the spread spectrum signal into intelligible information again. Naturally, without this code sequence, the spread spectrum signal is useless.

Therein lies the security-enhancing feature of DSSS transmissions, which explains why there is military interest in the technology. Because DSSS transmissions are harder to detect, there is a lower probability of interception. Because it does not occupy specific radio frequencies, it is harder to jam. And because it employs binary code sequences to "encrypt" the transmitted data, it makes it hard for unauthorized parties to "listen in", or to spoof or imitate network members.

Finally, UltraFast T1 Wireless’s DSSS equipment incorporates the use of optional encryption, . The IEEE 802.11 standard, under which UltraFast T1 Wireless operates, includes a security technique known as "wireline equivalent privacy" (WEP), which is based on the use of 64-bit keys and the popular RC4 encryption algorithm. Users without knowledge of the current key (password) will find themselves excluded from network traffic. Encryption, as noted above, is always advisable on any network, and is certainly easier to implement in wireless networks than in their wireline counterparts.

Station Authentication
UltraFast T1 Wireless’s wireless network like most wireless networks, has the ability, through an authentication management function, to specifically authorize or exclude individual wireless stations. Thus an individual wireless user can be included in a network, or, at any time, locked out. Stations also need to know a wide variety of information, including radio domains, channels (specific frequencies) as well as IP addresses and subnets in order to access the network. Thus unauthorized network access becomes very difficult even for hackers who possess the equipment to attack the UltraFast T1 Wireless network..

Even with encryption there was always the possiblity of someone gaining access to a firewalled network with file sharing enabled if they could aquire the right hardware and all settings AS WELL AS THE SECURITY CODE. With most other wireless networks this has been a published fault, not often dealt with. At Ultrafast, we do not give the security codes to the end user for this reason However, we take security very seriously, so in that vein we built a radius authentication unit. The purpose of this unit is to prevent anyone gaining access to the network without Client software to do so, a user name specific to the hardware's MAC address and a passwd. This is separate and apart from the WEP discussed earlier. Just to make what may be considered an in-penetrable wall even more secure we assign a 10.0.0.1 network address scheme where feasible. This prevents scanning or access from outside the netwo rk under any circumstances, period

VPN
It is a commonly accepted fact that Internet technologies have changed the way that companies disseminate information to their customers, partners, employees, and suppliers. Initially, companies were conservative with the information they published on the Internet – product information, product availability and other less business critical items. More recently, using the Internet as a means of providing more cost effective access to business critical information such as order status, inventory levels, or even financial information has gained wider acceptance through Virtual Private Networks or VPNs. A Virtual Private Network is a business solution that provides secure, private connections to network applications using a public or "unsecured" medium such as the Internet. With a VPN deployed across the Internet, virtual private connections can be established from almost anywhere in the world.

While subscribers currently have the capability to implement VPNs on there network through external CPE, UltraFast T1 Wireless will soon have the ability to offer an integral VPN option in its network.

Adaptive Polling
UltraFast T1 Wireless overcomes many of the problems inherent in wireless networks by centralizing control of the wireless network at the UltraFast T1 Wireless Base Station. The UltraFast T1 Wireless Base Station uses a highly optimized polling technique to tell remote wireless stations when they can transmit.

First of all, UltraFast T1 Wireless polling is adaptive. Each station's polling interval is determined by a number of independent factors, including the remote station's recent usage history. The total number of currently connected systems (among other variables) is used to determine maximum and minimum polling intervals.

Second, UltraFast T1 Wireless polling is dynamic. As remote stations transmit less frequently (i.e. they do not have a packet to transmit when polled), they are polled less often. For example: a station, which has been dormant for several minutes may, not be polled for an extended period of time. Stations that have data ready when to transmit when polled are polled more often. This enables UltraFast T1 Wireless to make optimum use of the wireless bandwidth, while still maintaining a high level of "fairness" between wireless clients.

To avoid problems associated with pure polling schemes, UltraFast T1 Wireless also employs a "free for all" period to enable stations that have data available but are low in the polling queue to transmit without much delay. The "free for all" period allows a station that may not have transmitted for a long period of time to begin transmitting once again and move to a higher priority in the polling scheme.

The determination of polling intervals based on a complex combination of factors is finely tuned and the result of years of research into wireless performance in production environments. UltraFast T1 Wireless polling and the associated "free for all" period, combined with superpacket aggregation, allow wireless networks running UltraFast T1 Wireless to perform at the highest rate possible.