Infinet Wireless: Technical Documentation
Page tree

Versions Compared

Old Version 36

changes.mady.by.user Tatyana Drazhnikova

Saved on

compared with

New Version Current

changes.mady.by.user Tatyana Drazhnikova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titleSecurity measures implementation in device management configuration
Expand
titleList of measures
Center

Security measures for device management

MeasuresInfiLINK 2x2 and InfiMAN 2x2InfiLINK Evolution and InfiMAN EvolutionInfiLINK XG and InfiLINK XG 1000Quanta 5 and Quanta 6Quanta 70

WebCLIWebCLIWebCLIWebWeb
Change account settingsSystem SettingsGeneral Purpose Command SetSystem Settings⁣General Purpose Command SetGeneral settingsGeneral Purpose Command SetSecurity settings⁣⁣⁣Security settings
Create a guest account-General Purpose Command Set-General Purpose Command SetGeneral settingsGeneral Purpose Command Set--
Authentication via RADIUS Server-

General Purpose Command Set

RADIUS authentication for admin users

-

General Purpose Command Set

RADIUS authentication for admin users

-General Purpose Command SetSecurity settings⁣⁣⁣Security settings
Management protocol configurationMaintenance menu

td command (Telnet daemon)

General Purpose Command Set

Maintenance menu⁣

td command (Telnet daemon)

General Purpose Command Set

General settings

td command (Telnet daemon)

General Purpose Command Set

Security settings⁣⁣⁣Security settings
Adding a management IPNetwork SettingsIfconfig command (interfaces configuration)Network Settings⁣⁣Ifconfig command (interfaces configuration)Network AccessIfconfig command (interfaces configuration)Network settings⁣⁣⁣⁣Network settings⁣
Device access limitationIP Firewall

General Purpose Command Set

ipfw command (IP Firewall)

IP Firewall menu⁣

General Purpose Command Set

ipfw command (IP Firewall)

--Security settings⁣⁣⁣Security settings
Device access recovery
Emergency Repair ConsoleGeneral Purpose Command SetEmergence Repair ConsoleGeneral Purpose Command SetEmergency Repair Console

Troubleshooting⁣⁣⁣⁣⁣⁣Troubleshooting⁣⁣⁣

Anchor
data_transmit
data_transmit
Data transmission

...

Let's look at the example of an attack using DHCP (Figure 10): a link is established between the Master and Slave, a DHCP client is activated on the Slave's device radio interface and the DHCP server is installed on the corporate network. In this example the attacker managed to connect to the network device on which the DHCP server is configured within the corporate network. After the Master-Slave link has been established, the Slave device sends a broadcast request to the network to receive the network settings from the DHCP server. The DHCP servers located on the network respond to the request from Slave. If the response from the attacker server is received first, the Slave device will assign to the network interface the proposed address and network settings that are transmitted in this request. Thus, an attacker can set his device as the default router and gain access to the traffic transmitted by the Slave device.

Center

Image RemovedImage Added

Figure 10 - An example of attack using DHCP

An attacker’s device can also act as a DHCP client (Figure 11): the DHCP server is implemented on the Infinet device, while an attacker’s device is connected to the network. In a situation where the DHCP server configuration protocol does not provide security measures, the attacker will generate a request and the server will provide the device with the network details. Thus, an attacker will gain access to data transmitted over the network.

Center

Image RemovedImage Added

Figure 11 - An example of attack using DHCP

...

Tip
titleSecurity measures implementation for data transfer
Expand
titleMeasures list
Center

Implementation of the security measures for data transfer 

MeasuresInfiLINK 2x2 and InfiMAN 2x2InfiLINK Evolution and InfiMAN EvolutionInfiLINK XG and InfiLINK XG 1000Quanta 5 and Quanta 6Quanta 70

WebCLIWebCLIWeb
Software Update
CLIWebWeb
Software UpdateMaintenanceGeneral Purpose Command SetMaintenance menu⁣General Purpose Command SetMaintenanceGeneral Purpose Command SetMaintenance⁣⁣⁣⁣⁣⁣⁣Maintenance⁣
Delayed restartApply, Try and Preview buttons for the configurationGeneral Purpose Command SetBasic SettingsGeneral Purpose Command SetApply and Try buttonsCommands for modem configuration--
Traffic filtering

IP Firewall

MAC Switch

IP Firewall

PCAP-filters

Switch command

IP Firewall menu⁣

MAC Switch⁣

IP Firewall

PCAP-filters

Switch command

Switch

VLAN Switching

Commands for switch configurationSwitch Settings⁣⁣⁣Switch Settings
STP configurationMAC SwitchSwitch commandMAC Switch⁣Switch command----
Router mode enabling-

Static routes

arip command

OSPF command

ARDA (Aqua Router DAemon)

-

Static routes

arip command

OSPF command

ARDA (Aqua Router DAemon)

----
DHCP client configurationNetwork SettingsDHCP ClientNetwork Settings⁣⁣DHCP ClientNetwork AccessDHCP ClientNetwork settings⁣⁣⁣⁣Network settings⁣
DHCP server configuration-DHCP Server-DHCP Server----
DHCP relay configuration-DHCP relay-DHCP relay----
ARP configuration-

ARP protocol

Addresses mapping

-

ARP protocol

Addresses mapping

-ARP protocol--
LLDP configuration-lldp command-lldp command-lldp command--
SNMP configurationSNMP menuSNMP daemonSNMP menu⁣SNMP daemonSNMP sectionSNMP daemonSNMP settings⁣⁣⁣⁣⁣⁣SNMP settings
MINT configurationLink Settings

mint command (MINT version)

mint command (TDMA version)

Link Settings⁣mint command (TDMA version)----

Anchor
infrastructure
infrastructure
Infrastructure

...

  • Polling: the monitoring system sends SNMP requests to the devices, demanding specific parameters. The device generates an SNMP response for the monitoring system, where it indicates the values of the requested parameters. The device parameter polling is carried out with a set periodicity, which guarantees that each device will be interrogated in a given interval.
  • Traps: the device sends a special SNMP Trap message to the monitoring server in case of an incident from the specified list. The SNMP Trap sending is initiated by the device itself and occurs instantly, regardless of the polling cycle, however, this will require additional device configuration.
Center

Image RemovedImage Added

Figure 16 - Data exchange between devices and a monitoring system

...

A Syslog server is allocated on the network for these purposes. All log entries are sent to the Syslog server simultaneously with writing to the system log (Figure 17). This allows to centrally store the message history of all the network devices, without the risk of losing all syslog data in case of device reboot or unauthorized access.

Center

Image RemovedImage Added

Figure 17 - Data exchange with the Syslog server

...

Tip
titleInfrastructure security measures implementation for devices families
Expand
titleMeasures list
Center

Infrastructure security measures

MeasuresInfiLINK 2x2
and
/ InfiMAN 2x2InfiLINK Evolution / InfiMAN EvolutionInfiLINK XG
and
/ InfiLINK XG 1000Quanta 5 / Quanta 6Quanta 70

WebCLIWebCLIWebCLIWebWeb
InfiMONITOR monitoring systemInfiMONITOR - Technical User Manual
SNMP configurationSNMP menuSNMP daemonSNMP menu⁣SNMP daemonSNMP sectionSNMP daemonSNMP settings⁣⁣⁣SNMP settings
Traps configurationSNMP menuSNMP trapsSNMP menu⁣SNMP trapsSNMP sectionSNMP traps-
Syslog displayDevice Status menuGeneral Purpose Command SetDevice StatusGeneral Purpose Command SetMaintenanceGeneral Purpose Command SetMaintenance⁣⁣⁣⁣Maintenance⁣
Incident history sending to a syslog server-General Purpose Command Set-General Purpose Command Set-General Purpose Command SetGeneral settings-
Text configuration management

Maintenance menu

Command Line menu

General Purpose Command Set

Maintenance menu⁣

Command Line menu⁣

General Purpose Command SetMaintenanceGeneral Purpose Command SetMaintenance⁣⁣⁣⁣⁣⁣⁣Maintenance⁣

Additional materials

Online courses

  1. InfiLINK 2x2 / InfiMAN 2x2: Initial Link Configuration and Installation.
  2. InfiLINK XG Family Product.
  3. Quanta 5 / Quanta 6: Installation and Configuration.
  4. Wireless Networking Fundamentals.
  5. InfiLINK 2x2 and InfiMAN 2x2: Switching.

...