Dynamic Broadband - Get your business up to speed.

Security

Security in Dynamic Broadband!

Wireless Network

Unlike the analog radios and wireless voice radio phones of yesterday, modern digital wireless data communications systems of today offer customer security and protection for their confidential, financial or otherwise sensitive information. This security is in many cases as good as, and often better than, wire line based systems for a variety of reasons. The digital technology and multi-layered communications architecture employed today offer far more protection than systems of the past. In addition to the built in security aspects of the Dybb's network, there exist many open standards (VPN's and encryption) that are available. With this as additional protection, an attacker needs not only physical access to the equipment to intercept and falsify user data, but also have sophisticated unscrambling and information falsifying techniques at every layer of the communications structure. For the Dybb's network, security is supported at several layers:

Each of these elements is discussed below.

Proprietary Radio and MAC Layer

Today's wireless systems such as the Dybb's network all employ digital modulation and signaling processing technologies. With Broadband Wireless Access systems, unlike WLAN products, there is no standard governing the over the air RF and framing structure. In the WLAN environment, a hacker can use any subscriber device (PCMCIA or WLAN card) to break into any WLAN Access Point (AP) because they all use the same MAC layer, or "language."

Our equipment employs a proprietary RF modulation and MAC layer. This means that someone "listening in" on the frequency might be able to see the bits, the ones and zero's over the air. This would typically be done with a radio scanner, trying to get onto the wireless network emanating from a tower. However even if they were able to record the data transmission over the air they would not be able to interpret the bits, without knowing the "language" or MAC protocol being used and thus the raw data would be useless. The result of this approach means that if someone wanted to eavesdrop and/or falsify data, an interceptor must have a Dybb's subscriber unit, tuned to the same frequency, as the network being targeted for penetration. It might seem that this is enough, that all an interloper needs to crack the network is another SU device. If that were all the system had for security, an end user would have justification for concern. This is where the additional layers of Dybb's security come into play.

Provisioning at the Access Point

The scenario painted above, a person or entity with a Dybb subscriber unit trying to gain unauthorized access to the network, is prevented by two other security measures, both involving provisioning at the tower. The first involves provisioning the tower to accept an SU. When a Dybb's network is deployed, the tower is installed in a central location and SUs are then deployed in the surrounding geographic area. In order for an SU to be allowed access to the network, not only must it have the correct frequency or channel chosen but the tower must also create a layer two path, the Permanent Virtual Circuit (PVC). In the AP a PVC must be configured which is unique to the SU. Access to the tower operating system to configure and establish the PVC is password protected. In this manner if a PVC has not been configured for a given SU at the tower, it can not join the wireless network and is essentially locked out.

Routing

It has been shown previously that for an intruder to penetrate Dybb network, they must have Dybb equipment, and they must be a legitimate member of the network. However in this scenario there is still a security threat, from others in the wireless network. Now the question becomes, “How do users protect themselves from others in the network?” Security in this case resides in the networking protocols themselves. Dybb has the ability to deployed as a layer 2, Ethernet Bridge. When deployed in this manner, all traffic from a given SU must go to the tower first, even if it is destined for another SU in the network. Upon arriving at the tower, the data is still not allowed to be directed to another SU, it must first exit the tower out its LAN port to a third party device, a router, switch etc. With this deployment, all traffic can be forced through a central location deeper in the network where more sophisticated security devices can be deployed.

External Solutions

While it has been shown that the risk of infiltration in a Dybb network is, at a minimum, as secure as a wire line system where a pair of banana clips can siphon off data, in some instances more will be desired. For those cases, there are a plethora of solutions available. An end user can employ VPNs, which are typically embedded in most computer operating systems for free, and set up encrypted tunnels across the Internet. An end user can also choose to add in a third party box for stronger encryption if desired. In both of these cases, the Dybb's network is un-affected. The system cares not whether the data payload is scrambled or not, it's simply a packet of bits to be transmitted.

Feeling Secure, Being Secure

With the proliferation of information in the digital age, the dark side of openness and easy access resides the opportunities for the hackers of the world. Appropriate measures must be taken to generate confidence in the users of any network that their information is being guarded securely. Dybb's network has been deployed in sensitive installations, including banks and hospitals, two of the more security conscious applications. In these networks as in yours, the Dybb's network ensures the integrity and confidentiality of your most important data asset.