I'm trying to assess what are the security risks of transmitting data using a point-to-point microwave broadcast. Since the beam is a narrow one, it limits of course the possibility of intercepting the signal from accross the street.
Assuming an attacker inserts a fake receiver dish between the transmitting and receiving antenna, could eavesdropping be performed without disrupting the broadcasting between the 2 legit antennas ?
Are there any encryption standards when it comes specifically to point-to-point microwave broadcast such as PPTP?
That's a good point. I haven't seen much sites discussing vulnerabilities on point-to-point microwave broadcast, so I don't know what realistic these possibilities are.
Assuming 2.4GHz, a 24dBi dish has a -3dB beamwidth of about 5 degrees. However, there is enough leakage and side lobes around the antenna that it can be heard from all angles but up close.. There isn't much signal but it usually can be effectively sniffed. In order to hear both sides of the link, either a location in between the antennas, or two seperate sniffers are required.
Yes. The beam is not that narrow. It is not necessary to block the signal in order to hear it. For example, at a distance of 1000ft, the
5 degree beamwidth dish antenna can be heard across a beam diameter of
88ft.
PPTP is point to point tunnelling protocol which is a form of VPN (virtual private network). This is usually sufficient to provide the necessary security. The wireless data itself can be encrypted with WEP, which is terribly insecure and easily sniffed. Much better is WPA, which has not been cracked except for badly chosen pass phrases. WPA-TKIP, which does regular key exchanges, is even better. WPA-AES2-TKIP is probably the most secure.
See "man in the middle attack" section:
formatting link
References:
formatting link
If you really want decent security from sniffing, I suggest you investigate FSO (free-space optical) links. For example:
formatting link
won't like the price.
So, what problem are you trying to solve and what do you have to work with?
Thanks for the detailed response. My client is currently operating microwave point-to-point broadcast between 2 buildings, and he asked me to assess what are the risks that his data be intercepted by a non-authorized user. Very little has been written on the subject (as opposed to Wi-Fi vulnerabilities) and googling security sites with "microwave" returns the usual stuff on Wi-Fi. Therefore it is actually hard to find out what the "real" risks are for microwave point-to-point broadcast.
Therefore a microwave point-to-point isn't totally secure (if such a concept exist). Taking your scenario, anyone without a radius of 88 feet could intercept data if a rogue dish is pointed toward the transmitting antenna. How easy it is then to extract information from that data depends on encryption used.
Wifi *is* microwave. It is just one of many different types of microwave, and is the least expensive and most common form you'll find today.
There are other types of microwave systems, but the essentials are are the same, and only specific details differ. The whole point in any case is that anyone with the same type of microwave can downlink the signal, and unless it is encrypted can demodulate it to the same data that the intended receiver delivers.
OK. He's running a wireless bridge. No clue on equipment, antennas, distance, topology, location, or altitude. I can't offer any specifics or opinions on the relative security of such an unspecified installation.
Incidentally, he's not doing a "broadcast". I think the term "wireless link" or "wireless bridge" might be more appropriate. Broadcasting is one way.
Reading between the lines, I seem to smell that this system is NOT a wi-fi link but some other proprietary or non-standard wireless link. Quite a bit has been written on the standard methods of encryption for wireless, that are used by various vendors. If I had some clue as to what you're working with, I could offer some hints.
Actually, it's quite simple. *ALL* microwave signals can be intercepted given the proper equipment and antennas. Most modulation methods and protocols can be captured and decoded. Therefore, you're only real protection is the level of encryption present on the wireless link. To the best of my knowledge, all current vendors of point to point wireless system offer some level of encryption in their radios.
Totally secure to a small business is quite different from totally secure for the NSA, CIA, FBI, etc. Security really depends upon how much effort one is willing to expend on decryption. If I have a room full of state-o-de-art dedicated computers simultaneously working on one problem, then I'm highly likely to crack anything you throw at it.
No. Not a radius. 88ft is the diameter of the 5 degree wide "beam" at 1000ft for a parabolic dish with a gain of 24dBi at 2.4Ghz. Think of it like a flashlight. It's the width of the spot of light on the wall. Anyone inside the spot will see the light. Those outside, won't see as much. Other gains, antenna types, and frequencies will have different beamwidths.
I have no idea. You define the type and level of encryption and I'll pass judgment on the technology. Otherwise, I'm just guessing.
Drivel: I still do some computer work for one large corporation. They once asked me to assess the security of their system. They rented a nearby building and had a 5.7GHz wireless bridge between buildings. Everyone thought I was going to attack the wireless link with sniffers and decryption software. Instead, I social engineered the lock on the phone closet in a likely hallway, found the CAT5 going to the 5.7Ghz radios, peeled the insulation, and tapped the data pairs with my handy dandy home made ethernet tap[1]. I was on their inside network in about 5 minutes. I also identified about 15 other exposed points where I could tap into the network. I captured some data from the bridge and reassembled a few interesting email messages.
[1] Type 110 punchdown to RJ45 adapter block ($3) plus a heavily modified ethernet hub.
Jeff, thanks for your detailed reply. I'd like to raise a final question on this post.
Since Wi-Fi equipment is becoming cheaper each day, would it be reasonable to say that wireless links using non-802.11 frequencies (such as 5.7 GHz) is likely to become a thing of the past? On the other hand, it might be possible as well to say that non-802.11 wireless links have their place since they won't interfere with the gazillion of gadgets that crowd the 2.4 GHz frequency.
First, just for clarification, there are several setups that run in the unlicensed frequency range (900 MHz, 2.4GHz and 5GHz). Wifi is merely a subset/protocol available using that frequency. Just because you use an "off beat" system doesn't mean that you're in the clear for security vulnerabilities and just because a system doesnt use the term WIFI, doesn't mean it doesn't run in these spectrums.
Additionally, systems that run on licensed frequencies are very expensive to maintain, and eventually the manufacturer will end-of-life the product. Make sure that IF you change systems, ever, you do your due dilligence, and select a system that is secure, sturdy, and cost effective. I like orthogon
formatting link
for their use of the unlicensed spectrum, without the mechanisms of 802.11. Additionally, the AES encryption of the data traversing the wireless link is a huge bonus, for all. That says nothing for the wire-side, but honestly, if someone gets access to your wire, you've got bigger issues. :)
I hope this helps. Please feel free to contact me with any questions or comments.
Christopher M. Hutchison, CEO NetSteady Communications, Ltd.
The surrest sign of success is pollution, and Wi-Fi is certainly successful. Just wait until Zigbee and active RFID tags appear on
2.4GHz.
Slight correction. The Wi-Fi certification includes 2.4GHz 802.11b/g and 5.7GHz 802.11a products. Wi-Fi is not specific to any particular Part 15 band.
Personally, I expect to see the FCC allocate more unlicensed spectrum. However, my guess is that they will do it in the same manner as the new 3.6Ghz WiMax allocation. Lots of limitations and a requirement for registration of xmitters. Basically, it's an automatic license without an auction and no coordination requirement. When this will happen is largely dependent on when the current fashion in monopoly building at the FCC runs its course.
Actually most non wi-fi schemes just clobber wi-fi. For example a frequency hopper will hog the entire band and simply slow sown in the presence of intereference, while Wi-Fi just dies if faces with FHSS interference. A Proxim/Wmux Lynx radio belches continuous RF in both directions, even if there's no data being passed. Not exactly what I call being a considerate neighbor.
I don't know where your questions are leading or what problem you're trying to solve. If you're trying to "future proof" your customers radio system, go to licensed microwave. At least you're not going to get clobbered by the local coffee shop hot spot or municpal mesh mess.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.