Re: microwave radio data networks

[Ralph Forsythe <rforsythe () 5280tech com>]

Given that radio is never completely un-interceptable no matter how 
directional the antenna, I would make the assessment assume that someone 
IS listening to the transmission.  So instead of focusing on the secrecy 
of the link itself (which is nonexistent), look at the contents of the 
data.  What protocol is used?  Is the data encrypted?  What algorithm(s) 
is/are used, and are those strong or weak in that implementation?  Do 
applications or the transmitting hardware perform the encryption of what 
is sent?  (I.e. if they rely on TLS for email communication over the link, 
that's application layer - what happens if a cleartext app uses it?)

Also something to consider - could someone inject their own signal into 
the path as a man-in-the-middle attack, or even just accessing the network 
by themselves?  Do the endpoints do any authentication, or could a 
properly formatted packet slip through and make it's way into the network? 
This isn't something you're likely to be able to test without having 
access to the right hardware, and risking service interruption for your 
client, so you may just want to really dig into the system's design and 
configuration and make some educated guesses.

I've seen a lot of companies use these wireless data links without paying 
much thought to these things.  Chances are, you will find a way to 
intercept, alter, or input data on that link unless they really thought 
things through.

- Ralph


On Thu, 6 Jul 2006, Michael Puchol wrote:

> Hi,
>
> The directional antennas that are used for these types of links have lobes 
> that emanate part of the RF away from the LOS path. It is feasible to setup a 
> receiving antenna below or to the side of the LOS path, and catch these 
> lobes. This has been done by intelligence agencies to monitor communications 
> without physically tapping anything.
>
> Regards,
>
> Mike
>
>
> gat0r wrote:
> > Most Microwave links I have seen have ATM switches on either in, so I would
> > start there.  Interception is always a possibility but you would have to 
> > get
> > in the Line Of Sight of the signal.
> >
> > G
> >
> >
> > On 7/5/06 6:55 PM, "k7 fantr" <k7.fantr () gmail com> wrote:
> >
> > > I have been asked for advise in auditing / testing the security of a
> > > microwave data link between two sites. I have never worked with this
> > > and an having some trouble finding any good information on doing so.
> > >
> > > Does anyone have any experience, links, tools, etc that would help out on
> > > this?
> > >
> > > Thanks in advance.
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > Why not go with the #1 solution - Cenzic, the only one to win the 
> > > Analyst's
> > > Choice Award from eWeek. As attacks through web applications continue to 
> > > rise,
> > > you need to proactively protect your applications from hackers. Cenzic has 
> > > the
> > > most comprehensive solutions to meet your application security penetration
> > > testing and vulnerability management needs. You have an option to go with 
> > > a
> > > managed service (Cenzic ClickToSecure) or an enterprise software
> > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > > help you: http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you to confirm your
> > > results from other product. Contact us at request () cenzic com for details.
> > >
> > > ------------------------------------------------------------------------------
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security? Why not go with the #1 solution - 
> > Cenzic, the only one to win the Analyst's Choice Award from eWeek. As 
> > attacks through web applications continue to rise, you need to proactively 
> > protect your applications from hackers. Cenzic has the most comprehensive 
> > solutions to meet your application security penetration testing and 
> > vulnerability management needs. You have an option to go with a managed 
> > service (Cenzic ClickToSecure) or an enterprise software (Cenzic 
> > Hailstorm). Download FREE whitepaper on how a managed service can help you: 
> > http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time 
> > we can do a FREE audit for you to confirm your results from other product. 
> > Contact us at request () cenzic com for details.
> >
> > ------------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? Why not go with the #1 solution - 
> Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks 
> through web applications continue to rise, you need to proactively protect 
> your applications from hackers. Cenzic has the most comprehensive solutions 
> to meet your application security penetration testing and vulnerability 
> management needs. You have an option to go with a managed service (Cenzic 
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE 
> whitepaper on how a managed service can help you: 
> http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we 
> can do a FREE audit for you to confirm your results from other product. 
> Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------