[ANSS-netops] ethernet bridges
Richard Godbee
rwg at vt.edu
Fri Oct 31 23:05:12 GMT 2008
On Oct 31, 2008, at 5:00 PM, Mark E Meremonte wrote:
> All sounds great! However, do any of these radios comply to FIPS
> 140-2 wireless security standards. This especially important if
> Ethernet link is directly to an internal network even with a
> firewall. May not be important for non-DOI networks but becoming a
> hot security topic and requirement for DOI wireless networks, i.e.,
> "Trusted Internet Connection" (TIC).
As I understand it, the federal government is requiring that all
federal agencies use FIPS 140-2 validated cryptography modules for
*all* of their crypto needs, even if they're securing unclassified data.
At low price points, I doubt you will ever find any radios that are
FIPS 140-2 validated. Getting your code validated under FIPS 140-2 is
costly, both in time and money. After getting a crypto module
validated, it can't be altered without going through the certification
process again. It's a pain for vendors seeking certification, and
they'll pass the pain on to you in the form of higher prices.
Ignoring FIPS 140-2, the MaxStream/AvaLAN point-to-point Ethernet
radios claim to use "128-bit encryption," which could mean AES or
could mean XORing data with the string "Yay, encryption!" The
Ubiquiti gear supports WPA2 Personal (AES) for encryption and
authorization. However, its actual security depends on how strong of
a shared WPA password you pick.
--
Richard Godbee, Unix Systems Administrator
Department of Geosciences, Virginia Tech
4044 Derring Hall (0420), Blacksburg, VA 24061
rwg at vt.edu / +1.540.231.7002 / +1.540.231.3386 (FAX)
More information about the ANSS-netops
mailing list