Re: microwave radio data networks

From: Ralph Forsythe (rforsythe@5280tech.com)
Date: Thu Jul 06 2006 - 14:19:53 EDT


Given that radio is never completely un-interceptable no matter how
directional the antenna, I would make the assessment assume that someone
IS listening to the transmission. So instead of focusing on the secrecy
of the link itself (which is nonexistent), look at the contents of the
data. What protocol is used? Is the data encrypted? What algorithm(s)
is/are used, and are those strong or weak in that implementation? Do
applications or the transmitting hardware perform the encryption of what
is sent? (I.e. if they rely on TLS for email communication over the link,
that's application layer - what happens if a cleartext app uses it?)

Also something to consider - could someone inject their own signal into
the path as a man-in-the-middle attack, or even just accessing the network
by themselves? Do the endpoints do any authentication, or could a
properly formatted packet slip through and make it's way into the network?
This isn't something you're likely to be able to test without having
access to the right hardware, and risking service interruption for your
client, so you may just want to really dig into the system's design and
configuration and make some educated guesses.

I've seen a lot of companies use these wireless data links without paying
much thought to these things. Chances are, you will find a way to
intercept, alter, or input data on that link unless they really thought
things through.

- Ralph

On Thu, 6 Jul 2006, Michael Puchol wrote:

> Hi,
>
> The directional antennas that are used for these types of links have lobes
> that emanate part of the RF away from the LOS path. It is feasible to setup a
> receiving antenna below or to the side of the LOS path, and catch these
> lobes. This has been done by intelligence agencies to monitor communications
> without physically tapping anything.
>
> Regards,
>
> Mike
>
>
> gat0r wrote:
>> Most Microwave links I have seen have ATM switches on either in, so I would
>> start there. Interception is always a possibility but you would have to
>> get
>> in the Line Of Sight of the signal.
>>
>> G
>>
>>
>> On 7/5/06 6:55 PM, "k7 fantr" <k7.fantr@gmail.com> wrote:
>>
>>> I have been asked for advise in auditing / testing the security of a
>>> microwave data link between two sites. I have never worked with this
>>> and an having some trouble finding any good information on doing so.
>>>
>>> Does anyone have any experience, links, tools, etc that would help out on
>>> this?
>>>
>>> Thanks in advance.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This List Sponsored by: Cenzic
>>>
>>> Concerned about Web Application Security?
>>> Why not go with the #1 solution - Cenzic, the only one to win the
>>> Analyst's
>>> Choice Award from eWeek. As attacks through web applications continue to
>>> rise,
>>> you need to proactively protect your applications from hackers. Cenzic has
>>> the
>>> most comprehensive solutions to meet your application security penetration
>>> testing and vulnerability management needs. You have an option to go with
>>> a
>>> managed service (Cenzic ClickToSecure) or an enterprise software
>>> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
>>> help you: http://www.cenzic.com/news_events/wpappsec.php
>>> And, now for a limited time we can do a FREE audit for you to confirm your
>>> results from other product. Contact us at request@cenzic.com for details.
>>>
>>> ------------------------------------------------------------------------------
>>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This List Sponsored by: Cenzic
>>
>> Concerned about Web Application Security? Why not go with the #1 solution -
>> Cenzic, the only one to win the Analyst's Choice Award from eWeek. As
>> attacks through web applications continue to rise, you need to proactively
>> protect your applications from hackers. Cenzic has the most comprehensive
>> solutions to meet your application security penetration testing and
>> vulnerability management needs. You have an option to go with a managed
>> service (Cenzic ClickToSecure) or an enterprise software (Cenzic
>> Hailstorm). Download FREE whitepaper on how a managed service can help you:
>> http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time
>> we can do a FREE audit for you to confirm your results from other product.
>> Contact us at request@cenzic.com for details.
>>
>> ------------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? Why not go with the #1 solution -
> Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks
> through web applications continue to rise, you need to proactively protect
> your applications from hackers. Cenzic has the most comprehensive solutions
> to meet your application security penetration testing and vulnerability
> management needs. You have an option to go with a managed service (Cenzic
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE
> whitepaper on how a managed service can help you:
> http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we
> can do a FREE audit for you to confirm your results from other product.
> Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:13 EDT