overview

STRONG SECURITY ON ECLIPSE PACKET NODE

KEY FEATURES
• Support for Secure Management over
Even though microwave communications have some built-in
unsecured networks through use
security-like features such as scrambling, narrow beamwidth, of secure protocols (e.g., SNMP v3,
proprietary airframe, coding and other factors, it is not very SSL, TLS v1.2) based on FIPS-140-2
validated algorithms
hard for them to be broken by those with the proper expertise.
• Payload Encryption (e.g., AES-128,
Some vendors even openly offer commercial microwave AES-256, 3DES, DES) of
interception systems for “legitimate” monitoring. This and the communications and OAM traffic
compliant with FIPS-197
growing sophistication and willingness of those attempting to
break into wireless networks makes a high level of security for • RADIUS capability and centralized
AAA domain support for User
microwave more important than ever. Authentication to track all authorized
and unauthorized user activity and
points of entry

• Six categories of access privileges to

introduction create any type of highly customized
Strong Security on the Eclipse Packet Node platform is designed to provide user profiles that are most appropriate
for your network
peace of mind for those operators who need that extra level of security. Strong
Security supports Secure Management over unsecured networks with support • Capability to disable all unsecured
physical ports for each radio link to
for standardized protocols based on FIPS-140-2 requirements. Payload prevent unauthorized connections and
Encryption is supported by a module designed to be compliant with FIPS-197. system break-ins
Integrated RADIUS and centralized AAA domain capability are supported by
Strong Security for remote authentication, authorization and accounting for an
additional level of security for wireless networks.

SECURE MANAGEMENT
Management of the Eclipse Packet Node platform can be secured over
unsecured networks. Strong Security supports secure management interfaces
based on secure management protocols that have been validated against
FIPS-140-2 requirements.

Secure Management is very flexible and provides the security customers need
for microwave transmission management. Using a craft interface tool for
configuration and maintenance, the Eclipse Packet Node radio can be securely
managed via TLS v1.2 tunneling. For centralized monitoring from a network
operations center (NOC), Eclipse Packet Node can be securely accessed by way
of any network management system (NMS) that supports SNMP v3 (Figure 1).
overview
strong securit y on eclipse packet node

PAYLOAD ENCRYPTION If communications to the RADIUS server are interrupted

To provide Strong Security, data and management for any reason, Strong Security supports a fallback
payloads on Eclipse Packet Node radios can be encrypted. position. RADIUS credentials can be cached for a user-
Payload Encryption through Strong Security prevents defined period. When the RADIUS server is unavailable,
wireless communications from being eavesdropped on the cached credentials may be used to log in. For extended
(Figure 2). Any eavesdropping equipment, or sniffers, periods where the RADIUS server cannot be reached, the
along the transmission path between links or in user-based security model allows logging in with the local
the transmitter’s vicinity will only receive a garbled SNMP user database.
transmission.

With AES encryption and 128-, 192- or 256-bit symmetric Secure Management Traffic Secure Management Traffic

keys, a randomly generated encryption combination

protects each Eclipse Packet Node wireless link pair.
These combinations are created and negotiated between
links using the industry-standard Diffie-Hellman Key
agreement method, which supports groups with modulo of
at least 2048 bits. Given this level of support, no particular Secure Access via Secure Access via
TLS / SNMPv3 TLS / SNMPv3

encryption combination will be repeated within 4000

years. Therefore, Payload Encryption is fully compatible Unsecured Network Unsecured Network
(WAN, LAN, etc.) (WAN, LAN, etc.)
with the AES encryption standard and complies with
FIPS-197, which provides the definition for AES encryption.

INTEGRATED RADIUS CAPABILITY NMS Terminal or

Craft Interface Tool OEM Equipment

For an even higher level of protection, Strong Security

Figure 1. Strong Security on the Eclipse Packet Node platform supports
on Eclipse Packet Node configures RADIUS capability Secure Management via TLS v1.2 tunneling with a craft interface tool or
into existing customer IT infrastructure. With integrated SNMP v3 through a compatible NMS terminal.

RADIUS capability, access control based on more

sophisticated permission attributes can be provided.
Eclipse Packet Node RADIUS capability enables Payload Traffic
Management Traffic
authentication, authorization and accounting of remote
NO
user accounts, and integration also allows customers to SNIFFING

manage user accounts within existing IT infrastructure

from a central location—the same way PC user accounts
are managed. With integrated RADIUS capability and the
Security Event Logger feature on Eclipse Packet Node, Secure

all management activity attempts on Eclipse are tracked, Unencrypted

including actions that affect traffic, logins and logouts,

any changes to user accounts and other security events. It
does this by recording user logins and IP addresses.

Unencrypted Unsecured Unencrypted Unsecured

Payload Management Payload Management
Traffic Traffic Traffic Traffic

Figure 2. With Payload Encryption on Eclipse Packet Node, both payload

and management traffic are encrypted to a high level of security against
eavesdropping (i.e. sniffing).

www.aviatnetworks.com
Aviat, Aviat Networks, and the Aviat logo are trademarks or registered trademarks of Aviat Networks, Inc. 


© Aviat Networks, Inc. (2010) All Rights Reserved.

Data subject to change without notice.
_o_StrongSecurity_EcliPktNd_UNIV_11Nov10