Archived from groups: (
More info?)
On 15 Aug 2005 11:09:33 -0700, paul_silverman@mail.com wrote:
>My client is currently operating
>microwave point-to-point broadcast between 2 buildings, and he asked me
>to assess what are the risks that his data be intercepted by a
>non-authorized user.
OK. He's running a wireless bridge. No clue on equipment, antennas,
distance, topology, location, or altitude. I can't offer any
specifics or opinions on the relative security of such an unspecified
installation.
Incidentally, he's not doing a "broadcast". I think the term
"wireless link" or "wireless bridge" might be more appropriate.
Broadcasting is one way.
>Very little has been written on the subject (as
>opposed to Wi-Fi vulnerabilities) and googling security sites with
>"microwave" returns the usual stuff on Wi-Fi.
Reading between the lines, I seem to smell that this system is NOT a
wi-fi link but some other proprietary or non-standard wireless link.
Quite a bit has been written on the standard methods of encryption for
wireless, that are used by various vendors. If I had some clue as to
what you're working with, I could offer some hints.
>Therefore it is actually
>hard to find out what the "real" risks are for microwave point-to-point
>broadcast.
Actually, it's quite simple. *ALL* microwave signals can be
intercepted given the proper equipment and antennas. Most modulation
methods and protocols can be captured and decoded. Therefore, you're
only real protection is the level of encryption present on the
wireless link. To the best of my knowledge, all current vendors of
point to point wireless system offer some level of encryption in their
radios.
>Therefore a microwave point-to-point isn't totally secure (if such a
>concept exist).
Totally secure to a small business is quite different from totally
secure for the NSA, CIA, FBI, etc. Security really depends upon how
much effort one is willing to expend on decryption. If I have a room
full of state-o-de-art dedicated computers simultaneously working on
one problem, then I'm highly likely to crack anything you throw at it.
>Taking your scenario, anyone without a radius of 88
>feet could intercept data if a rogue dish is pointed toward the
>transmitting antenna.
No. Not a radius. 88ft is the diameter of the 5 degree wide "beam"
at 1000ft for a parabolic dish with a gain of 24dBi at 2.4Ghz. Think
of it like a flashlight. It's the width of the spot of light on the
wall. Anyone inside the spot will see the light. Those outside,
won't see as much. Other gains, antenna types, and frequencies will
have different beamwidths.
>How easy it is then to extract information from
>that data depends on encryption used.
I have no idea. You define the type and level of encryption and I'll
pass judgment on the technology. Otherwise, I'm just guessing.
Drivel: I still do some computer work for one large corporation.
They once asked me to assess the security of their system. They
rented a nearby building and had a 5.7GHz wireless bridge between
buildings. Everyone thought I was going to attack the wireless link
with sniffers and decryption software. Instead, I social engineered
the lock on the phone closet in a likely hallway, found the CAT5 going
to the 5.7Ghz radios, peeled the insulation, and tapped the data pairs
with my handy dandy home made ethernet tap[1]. I was on their inside
network in about 5 minutes. I also identified about 15 other exposed
points where I could tap into the network. I captured some data from
the bridge and reassembled a few interesting email messages.
[1] Type 110 punchdown to RJ45 adapter block ($3) plus a heavily
modified ethernet hub.
--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
AE6KS 831-336-2558