...
This document describes the information security methods used in networks comprised of Infinet Wireless devices. Each wireless device family has its own capabilities of application security tools, so at the end of a documentsdocument's section you will find links to the technical documentation of each described tool.
...
- Information - knowledge about the world and the processes in it, perceived by a person or a special device.
- Information Security (IS) - the security of the information and of the infrastructure components against influences that may harm the subjects of information relations.
- Technical company policy - a set of technical solutions necessary to use in be used by the company's technical systems. Technical The technical policy includes requirements for installation, operation and configuration of the devices. It is necessary to carry out periodical updates of the document and check its proper implementation.
- Threat - potential violation of the information security.
- Attack - attempt to realize a threat. An attack can be either malicious or not.
- Attacker - a person or group of people making an attack.
- Echelon - a subject for attack preventingprevention, implemented as a part of an information security policy.
- Risk - the likelihood of a specific threat.
- Responsibility area - a network segment which has a certain subject responsible for its effective operation. A subject can be either a specific person or an organization.
- internal Internal network segment - a network segment that is in the responsibility area of our organization.
- External network segment - a network segment that is under the responsibility of a third-party organization or client. Since the external network segment is managed by a third-party organization, the crossing of the internal and the external network segments is a source of threats.
...
Information security measures should be applied in accordance with the company's IS policy. IS The IS policy should take into account the following information characteristics:
- Accessibility - the ability to access information in an acceptable time.
- Integrity - relevance and consistency of the information.
- Confidentiality - the impossibility of obtaining unauthorized access to information.
An information security policy should include measures to ensure each of the basic information characteristics. If the described information characteristics aren't respected, it may lead to financial, reputational reputation and other loses. Remember that the IS policy realization implementation is an endless process that requires periodic review of the measures and of their implementation check.
The IS organization should be multilevel and not only realized with technical solutions. In addition to technical measures, legislative, administrative and procedural measures should be provided.
Scenarios for Infinet equipment
Measures The measures to ensure the IS are determined not only by the Infinet devices device family, but also by the scenario of their use (Figure 1a-d). Let's look at several scenarios in which wireless devices connect network segments belonging to different responsibility areas, each area is being characterized by a certain set of threats:
- joining of internal network segments;
- connection of internal and external network segments;
- internal network segments connection connected with the Internet.
The security measures should correspond to existing risks, the IS architecture should not be redundant. For example, filtering of external connections should be performed at the interface on border with a third-party telecom operator, not on all the intermediate nodes in networksof the network.
The requirements for physical safety and security in the radio link are the same for all the scenarios beyond below and are detaily described in detail in the relevant sections. To In order to configure the devices, let's specify the following general requirements for information security:
- external device management the management of the external devices should be limited by whitelists;
- service network protocols should not leave the internal network segment;
- at the border of responsibility areas, an internal segment should be protected from malicious traffic.
Joining of the internal network segments
The simplest scenario is joining two network segments located in the same responsibility zone (Figure 1a). Devices The devices are used as a bridge , using a simple connector in the LAN structure, therefore, the main information security tools are located at the boundaries of the left and right segments.
...
Anchor | ||||
---|---|---|---|---|
|
In the scenario of connection connecting two networks located in different responsibility areas, the information security tools measures are realized implemented on a radio device located at the border of the two segments. A special example of the external network segment is the client’s network, which is provided with a data transmission service. In such scenarios, both inbound and outbound traffic should be filtered.
Center |
---|
Figure 1b - Radio link connecting internal and external network segments Figure 1c - Radio link connecting internal and external network segments |
Internal network segments
...
connected with the Internet
The scenario where a wireless device is located at the border of the internal segment and the Internet is a special case of the previous scenario's external network. The difference is in a low security on the device from the side of the Internet connection, that cause causes a large number of risks.
Center |
---|
Figure 1d - Radio link connecting internal network segments and the Internet |
Information security
...
measures in various scenarios
...
The IS realization is achieved by the implementation of the measures described in the sections and in the subsections of the IS:
Center | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...