An unauthorized person gaining access to a central network control center, and therefore control of the network, is a much bigger risk than that person accessing individual sites or devices. An IP network, without the proper security mechanisms, provides a means of gaining control of the control center and therefore the network; a single purpose serial network does not.

Using a GE MDS radio with the latest security features will safeguard your data and network. Here are some of the features that set the MDS iNET and entraNET solutions apart:

MDS iNET 900 and entraNET 900 are standards based but not standards compliant:

• The readily available tools on the Web designed to hack into standards-based networks do not work on GE MDS solutions.
• Most standards-based WLAN devices use direct sequence spread spectrum (DSSS) communications. Based upon that assumption, an attacker using a standards-based WLAN card attacking a standards-based WLAN device can tune to the same spreading sequence and access data.
• The MDS iNET and entraNET use Frequency Hopping Spread Spectrum (FHSS), which was originally designed to provide transmission security for military applications. The carrier frequency changes several times per second, and in order to listen to the data, another radio-with knowledge of and set to the exact same pattern-must exist. The standards-based devices cannot access the MDS iNET or entraNET. FHSS is more secure than DSSS.

Confidentiality of data is assured in the MDS iNET and entraNET through the use of 128-bit encryption and dynamic key rotation:

• Encryption masks your data using a secret code so it is unintelligible to unauthorized parties. GE MDS uses the RC4 symmetric key algorithm from RSA Security.
• Dynamic Key Rotation is a function of the GE MDS encryption scheme. The set of keys shared between radios is periodically modified to further enhance security. Keys are updated and distributed throughout the system using privileged information. This information may include a pseudo-random seed value and a key identifier to indicate which secret key to modify.

It is virtually impossible to add a "rogue" wireless device to an iNET or entraNET network. Because of its two-way authentication and provisioning lists it:

• Prevents unauthenticated access.
• Prevents MAC/IP spoofing.
• Prevents Network topology discovery-an unauthorized user cannot discover the topology if they are unable to authenticate.
• Ensures that an AP and its remotes are legitimate parties in a network. A network administrator can restrict connectivity between an AP and its remotes by ensuring the remote radios are on the AP's "list" of acceptable devices with which to communicate. The AP knows to accept communications only from remotes on its list. The same holds true for a remote radio, which knows to only communicate with an AP that is specified on its provision list.

Network-level security features include:

• Password protection of the MDS iNET's and entraNET's configuration tools - embedded Web server, Telnet menu, local serial menu and SNMP community strings.
• Intrusion detection schemes - traps on remotes/endpoints.
• Ethernet rate-limiting.

To request more information about the secure wireless solutions, contact us.