If it is a high value target (government, banking, etc) you should deploy a layer 3 security solution such as IPsec between the end points. If the solution is based on a proprietary bridge radio where the only method of snooping is to have a development version of the radio ... well ... you'll likely have no trouble intrusion wise. Intrusion is much less of a concern than interference, both intentional and accidental. I've deployed 802.11b from Cisco & Orinoco, Alavarion frequency hoppers, Western MUX Tsunami, Aperto, Adtran Tracer, and Proxin Quickbridge. The biggest hazards in an urban environment are, in descending order, unintentional interference, intentional interference, sleazy behavior from Proxim Quickbridge tech support, and intrusion running a distant fourth. These days I'm using Soekris 4511 single board computers with hardware crypto accelerators for point to point links. We started using OpenBSD and we're converting them to MikroTik for advanced routing features. We've got some multipoint access cells and there I'm holding my nose and running WPA because it is what the clients and tech support folks can handle. Sorry no links, as microwave suffering is only chronicled in my head, but willing to answer emails if it helps you ... MARLON BORBA wrote:
Fellow NANOGers,
Please, do you know any documents and/or links about securing data microwave links? I am writing a project for MAN interconnection of several buildings with MW radios and concerned about possible security threats.
TIA,
Marlon Borba, CISSP.