We are suggesting radio link for one Bank. but customer is saying Wireless is not secured. hacking is possible. so can you describe what type of security we are using when we are doing point to point link with router boards. any wiki ??? so we can give to customer. Thanks in advance.
Ok I have p2p link , 2 units lets say 2xSXT in bridge There are mounted on the roof, no encryption
How can anyone hack in my network?
Use wpa2\aes or wpa\aes. Use strong passwords. Use management frame protection and no one will be able to hack your network.
p.s. Banks must have PCI DSS standard implemented in there network.
If you are using WPA2 encryption for the link, the only way to hack is a dictionary attack or bruteforcing the password.
Against both, if you have a good PSK, its pretty much impossible. Make sure its atleast 12 characters, containing capital letters, normal letters, numbers and special characters, and is not based on any words.
As mentioned before, use management protection to avoid de-auth attacks.
Use an extra layer of strong encryption.
Run WPA2 or NV2 encrytion on the wifi, and then run IPSEC over that
Nick.
So noon has answered my question
I have 2xSXT in bridge p2p that run nv2
tomaskir How on earth can u do dictionary attack or bruteforcing from ur PC that run Linux or Windows
and even if u find password what next how can u Hack in to a bank network - first u mast be connected to one SXT to have access to bank network
Assuming its a WPA2 secured network, using Linux, its simple:
You use a deauth attack on one end. Then capture the re-auth of the client using airodump-ng. You then use aircrack-ng to bruteforce the aepol auth process.
Of course, if its a secure password, its gonna take a long time. But if you use a dictionary attack, and the password is word-based, its not that hard to crack.
create an EOIP Tunnel or implement MPLS on your wireless link as most bank lease line go with MPLS…
Agreed.
That is quite easy. SXT don’t have very tight beamwidth or much shielding. All anyone needs is a decent antenna and near line of sight.
encrypt the datastream with IPSEC VPN , no need for wpa2 or anything …
Good security is layered. Using both WPA2 and IPsec is more secure than IPsec alone.
In addition to the above, I think that if you can get on to a frequency which is non standard, you will make it more difficult for other devices to detect your radio link. If you want to use MT, then a 6Ghz link can be a strong argument while you’re negotiating terms of service with somebody who is security conscious. 6Ghz hardware is more expensive, therefore less popular, and it lets you hide from devices that are using other frequencies.
EDIT: access list, connect list, max station count, proprietary wireless protocol like nv2 are additional security options.
Thanks for all reply. now i can do this project very cool… we are installing 10 radio link for one banking client.
If your going to add ipsec dont do it with a pre shared key but use a certificate.
Ms chap is compromised
http://msmvps.com/blogs/harrywaldron/archive/2012/07/31/ms-chapv2-protocol-used-by-pptp-vpns-compromised-with-100-success.aspx