Community discussions

 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

encrypted nstream2

Tue Sep 04, 2007 11:41 pm

is it possible to encrypt nstream2 link?
don't seems so, just to be sure.

Regards
Ros
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: encrypted nstream2

Wed Sep 05, 2007 10:12 am

no encryption is not possible
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: encrypted nstream2

Wed Sep 05, 2007 10:15 am

when it will be?

Regards
Ros
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: encrypted nstream2

Wed Sep 05, 2007 10:20 am

as far as i know - encryption is not planned for nstream2
instead you can run tunnel over this link (pptp tunnel will be fine)
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: encrypted nstream2

Wed Sep 05, 2007 1:58 pm

Why do you need encryption for non standard wireless protocol at te first place? And in Nstreme2 in one band you can get only half duplex of the traffic - so IMHO it is safe.
 
User avatar
stephenpatrick
Forum Veteran
Forum Veteran
Posts: 703
Joined: Fri Aug 20, 2004 12:26 pm
Location: UK
Contact:

Re: encrypted nstream2

Wed Sep 05, 2007 2:36 pm

... because a half-decent hacker with a couple of routerboards and antennas, or for that matter, a hostile organisation with enough motivation and budget would be through it and onto the network in not-very-long time. Corporates and Government users want to see multi-layered security - no one layer is enough. Sure a non-standard airside is a good sales point, but alone, it's not enough for many users.

I agree with the point above - use a solution with enough CPU power and run an encrypted tunnel over the link.

Regards
 
mstead
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Mar 04, 2006 2:41 am

Re: encrypted nstream2

Thu Sep 06, 2007 4:22 pm

I dont understand why people would use NStreme 2 anyhow? It halves the link reliability as far as I can see - i.e. there is no failover if one leg dies.

I would be tempted to run two NStreme 1 links in parallel and asymmetrically route over them. That way at least you can double the link reliability.

That is my theory anyhow - I would be interested in seeing what others think about it.

Malcolm
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: encrypted nstream2

Thu Sep 06, 2007 4:24 pm

there is no failover, but it is a full duplex radio which means that you will not run into big latency problems ;)
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: encrypted nstream2

Thu Sep 06, 2007 4:28 pm

right Uldis!
but encryption could be a must these days!!!!!!!

Reagrds
Rosario
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: encrypted nstream2

Thu Sep 06, 2007 4:37 pm

we will think about adding that encryption support for NS2.
 
User avatar
stephenpatrick
Forum Veteran
Forum Veteran
Posts: 703
Joined: Fri Aug 20, 2004 12:26 pm
Location: UK
Contact:

Re: encrypted nstream2

Thu Sep 06, 2007 4:45 pm

And DFS - so it can be legally used in EU -

And potentially DFS2 or whatever the FCC now require for the 5GHz bands in USA -

Regards
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: encrypted nstream2

Thu Sep 06, 2007 4:50 pm

agree!
encryption + dfs2 could be a MUST on Nstream2.
:)
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: encrypted nstream2

Thu Sep 06, 2007 5:02 pm

dfs will not be so easy to implement on nstreme2.
 
User avatar
BrianHiggins
Long time Member
Long time Member
Posts: 598
Joined: Mon Jan 16, 2006 6:07 am
Location: Norwalk, CT
Contact:

Re: encrypted nstream2

Fri Sep 07, 2007 12:51 am

I have not tried NStream2 in v3, but what about enableing WPA2 on the radio link?
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: encrypted nstream2

Fri Sep 07, 2007 9:02 am

the radio is a slave so any configuration there is not taken
 
User avatar
warwick09
Member Candidate
Member Candidate
Posts: 190
Joined: Mon Aug 07, 2006 1:34 pm
Location: The Bahamas / Florida

Re: encrypted nstream2

Sat Sep 08, 2007 7:44 am

rpinger I must admit your request seems a bit impractical to me .. :? Encrypting a prop. protocol; that in itself if a great security feature. Not to sound like a troll but if layer 18 security is your concern for a wireless link, forget about it; in the world of networking there is an axiom which says anything wireless CAN be hacked by an avid and pissed off enough hacker.

Enuff with the negative talk tho, what id suggest to make it extremely hard for the would be snooper would be (as others mentioned) is to place encrypted tunnels within the nstreme link.
 
rpingar
Long time Member
Long time Member
Topic Author
Posts: 539
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: encrypted nstream2

Sat Sep 08, 2007 9:27 am

I am scary about my compeptitor able to spoof mac address using a common mikrotik hardware and so capable of dismiss the link.

I think Mikrotik is not going to be a "propetary", it seems to me a standrd now.

regards
 
bushy
Member Candidate
Member Candidate
Posts: 140
Joined: Thu Oct 20, 2005 11:56 pm
Location: Ireland

Re: encrypted nstream2

Fri Sep 14, 2007 11:52 pm

I dont understand why people would use NStreme 2 anyhow? It halves the link reliability as far as I can see - i.e. there is no failover if one leg dies.

Malcolm
Its easy to implement failover :lol:
 
Znuff
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Re: encrypted nstream2

Sun Sep 16, 2007 3:19 am

A government agency would just run fiber and not wireless, they have the resources. Also, any kind of encryption will add protocol overhead and will slow down the link considerably.
 
User avatar
stephenpatrick
Forum Veteran
Forum Veteran
Posts: 703
Joined: Fri Aug 20, 2004 12:26 pm
Location: UK
Contact:

Re: encrypted nstream2

Mon Sep 17, 2007 10:20 am

Err ... we've supplied countless government agencies with secure wireless links over the years.
Granted, mostly not RF ones, but even so, they actually preferred wireless instead/as well as fibre for various reasons.

Protocol overhead? for a decent encryption? a "key exchange" every few minutes or seconds? less then 1% of the traffic overhead I would assume. The traffic itself is generally scrambled, not increased..

Processing overhead - yes expect a large CPU loading, every bit of traffic needs to be processed (often recursively) for a decent encryption.

Regards
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: encrypted nstream2

Tue Sep 18, 2007 11:18 am

:) IMHO this all sounds paranoiac!

If you need more security run encrypted PPP tunnel over the nstreme2 link - you can even set MTU to 1500 and avoid changing MSS

And if somebody is determine enough to actually hack your nstreme2 link - you are in big troubles with or without any encryption!
 
User avatar
BrianHiggins
Long time Member
Long time Member
Posts: 598
Joined: Mon Jan 16, 2006 6:07 am
Location: Norwalk, CT
Contact:

Re: encrypted nstream2

Tue Sep 18, 2007 5:12 pm

I have not tried NStream2 in v3, but what about enableing WPA2 on the radio link?
again, why not just turn on WPA?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: encrypted nstream2

Tue Sep 18, 2007 5:37 pm

I have not tried NStream2 in v3, but what about enableing WPA2 on the radio link?
again, why not just turn on WPA?
The Nstreme2 doesn't have the WPA support.

Who is online

Users browsing this forum: No registered users and 87 guests