User's Manual Part 1
18 Mercury Reference Manual 05-4446A01, Rev. D
The transceiver is capable of dealing with many common security
issues.
Table 1-2 profiles security risks and how the transceiver pro-
vides a solution for minimizing vulnerability.
Table 1-2. Security Risk Management
Security Vulnerability GE MDS Cyber Security Solution
Unauthorized access to the backbone
network through a foreign remote radio
• IEEE 802.1x device authentication
• Approved Remotes List (local)
Only those remotes included in the
AP list will associate
“Rogue” AP, where a foreign AP takes
control of some or all remote radios and
thus remote devices
• IEEE 802.1x device authentication
• Approved AP List
A remote will only associate to those
APs included in its local authorized
list of APs
Dictionary attacks, where a hacker runs a
program that sequentially tries to break a
password.
• Failed-login lockdown
After five tries, the transceiver
ignores login requests for 5 minutes.
Critical event reports (traps) are
generated as well.
Denial of service, where Remote radios
could be reconfigured with bad
parameters, bringing the network down.
• Remote login with SSH or HTTPS
• Local console login
• Disabled HTTP and Telnet to allow
only local management services
Airsnort and other war-driving hackers in
parking lots, etc.
• Operation is not interoperable with
standard 802.11 wireless cards
• The transceiver cannot be put in a
promiscuous mode
• Proprietary data framing
Eavesdropping, intercepting messages
• AES-128 encryption
Unprotected access to configuration via
SNMPv1
• Implement SNMPv3 secure
operation
Intrusion detection
• Provides early warning via SNMP
through critical event reports
(unauthorized, logging attempts,
etc.)
• Unauthorized AP MAC address
detected at Remote
• Unauthorized Remote MAC
address detected at AP
• Login attempt limit exceeded
(Accessed via: Telnet, HTTP, or
local)
• Successful login/logout
(Accessed via: Telnet, HTTP, or
local)