Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Encryption

Published byEzra O’Connor’ Modified over 5 years ago

Similar presentations

Presentation on theme: "Security and Encryption"— Presentation transcript:

1 Security and Encryption
Dmitry Moiseev

2 Agenda – How to build up layered security
Physical Security Detect physical tampering Prevent unauthorized software Encrypt sensitive configuration data Defend against network attacks Management Security Prevent unauthorized access. Audit trail of who changed what and when Prepare for disaster Data Security Encryption of over-the-air data Prevent decoding of network transmissions Process Security Build security into the product upfront Gain validation from 3rd parties Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

3 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Physical Security Detect physical tampering Tamper-evident serial numbered seals placed on unit seams prior to leaving factory Opaque enclosure prevents seeing inside box without breaking tamper-evident seal. Prevent unauthorized software Software images digitally signed and won’t load if modified Encrypt sensitive parameters Secure storage and erasure of critical security parameters (passwords, encryption keys, etc.) No hardcoded passwords in the unit. No default security certificates No user payload data stored on unit Defense against Network Attacks Denial of Service logic protecting management interface Un-used ports and protocols locked down Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

4 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Management Security Secure Access to Management Interface Secure protocols (HTTPS and SNMPv3) No default passwords or security certificates Password rules and aging No manufacturer “back-doors” Supports user-installable X.509 certificates for authentication Out of Band Management Options (OOBM) Security banners Detect and Audit System Activity Identity based user accounts (3 roles/10 users) Multiple access levels Centralized storage of event logs (syslog) Centralized user authentication (RADIUS) Authenticated ntp (time server) Disaster Preparedness / Recovery ‘save and restore’ allows units to be quickly restored to approved settings Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

5 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Wireless encryption Stream-based wireless encryption 128-bit and 256-bit AES encryption (validated to FIPS-197) Protects users data Prevents traffic analysis Efficient hardware-based crypto Optional over the air rekeying (OTAR) AES license Secure device authentication ODU will not connect to any unauthorized remote unit Factory-installed or user-supplied device certificates PSK, Whitelist, Blacklist authorization Encryption standards Wireless encryption based on standard approved algorithms and protocols: AES, SHA-256, SHA-384, RSA, TLS Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

6 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.
Process Security ISO 9000 Software Development Process Structured code reviews Build integrity / Version control Vulnerability Scanning Each software release tested against set of latest known attacks with industry-standard tools Industry Validation Optional FIPS Level 2 validated by NIST on PTP 700 AES encryption algorithms validated against FIPS197 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

Download ppt "Security and Encryption"

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Real Security InterSwyft Technical information's.

Real Security InterSwyft Technical information's.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Similar presentations

Ads by Google