cnPilot security: How is the AP itself secured?

Securing Configuration and Firmware

The Access Points store sensitive information such as configuration files containing passwords, shared RADIUS secrets etc. All of this information is encrypted in the configuration file of the access point. This ensures that anyone viewing the configuration (say over the shoulder of the administrator) or getting temporary access to a console of the system to retrieve its configuration will not be able to view these sensitive parameters.

The Access Point firmware is signed using a Cambium certificate and when the firmware on the device is to be updated, the signature of the new image is validated. This prevents the loading of malicious firmware on the Access Point.

The configuration interfaces of the AP (CLI and GUI) have been hardened, with careful scrutiny and sanitization of all inputs to prevent malicious attacks.

Securing Administrative Interfaces


cnPilot Access Points support secure interfaces for configuration and monitoring including HTTPS for the GUI, SSH for the CLI and V3 for SNMP. In addition to authenticating the users who try to access the device these methods also provide encryption ensuring privacy of the connection.

Use of a strong administrator password is recommended (mixing alphabets, numbers and special characters).

While more traditional interfaces such as Telnet and SNMP v1 are available for an operator to use if they wish, these can be disabled and the device can be setup to be managed only over secure connections that provide data privacy and confidentiality.