Guys, is the DES encryption on Canopy TRIPLE DES or just standard?
I have a client saying that standard DES is not secure.
From my understanding it is just single DES.
DES is easily crackable and was done back in the 90’s. Triple-DES uses 3 keys to perform the encryption.
What kind of customer is this? Government, Muni, Healthcare, Private sector?
Keep in mind that if you are providing internet service with the radios, over-the-air encryption has no bearing on security.
The Internet is not a secure medium by nature, securing your first hop is not going to do anything to increase your security overall.
If this is an internet connection, and the client is concerned about security, they MUST encrypt before the sensitive data leaves the network.
Forgot to mention: If they are looking at a private link, check into the AES level encryption available in the canopy line.
The problem with AES is that if you deploy AES APs then ALL your SMs must be AES… that shoots your costs up a bit.
Yes, if you deploy AP’s with AES encryption ‘ON’, then your SM’s must run AES. You can use AES FPGA AP’s with AES ‘OFF’ and talk to non-AES FPGA radios.
That’d be rather pointless though…
That’s why I was mentioning it for a private link. I’d certainly not want to run an AES level network to deploy Internet service to the masses. eek.
if the goal is to provide service to a customer who needs end to end security install a firewall in office and create an end to end VPN with rotating key pairs that will run over your network. you should however point out that not just any piece of hardware will pull up this signal. IT would also be hard to intercept the data packets in your network where is secured with your des keys and using prizm for antenna authentication. Sure packets could be picked up but who’s packets? But if they are willing to vent in a managed security system you could provide a firewall on there end and create the rotating vpn keypair which would auto generate every 15 min a new keypair, run with des, aes, sha-1 and about 4 or 5 others all stacked. Put in that rotation and your talking in excess of military grade security. For a small price of oah lets say 35 a month with the experienced personnel you could draw additional funds from the security solution with firewall and av at the network level for them.
Our policy is security is the customers responsibility. They need to encrypt before it enters the SM.